[Owasp-board] OWASP Chapter and other activities

Dinis Cruz dinis at ddplus.net
Fri Mar 30 20:02:05 UTC 2007

Hi Leo

I'm very sorry for this delay, I actually started writing a reply to one of
your previous email which I never completed.

(comments inline)

On 3/30/07, Leo Cavallari <leocavallari at hotmail.com> wrote:
> Hello Mr. Dinis,
> Good afternoon.
> I've been trying to talk to you with other email address and it's seems
> that
> my messages are not reaching you, or you are really busy with Spoc and
> professional activities that cannot answer my emails.

Sorry about that, but you did the right thing, just keep emailing me until I
reply :)

Anyway, I really want some attention to present my desire to get deep
> involved with Owasp. The following text is a little bit longer, but I need
> some answers regard the "way of work" and the leader obligations.

No problems, btw, I am Portuguese

> I've been talking to Matteo Meucci and Wagner Elias about the translation
> activities for the Brazilian Chapter and maintenance and improvement of
> existent documents.


However, as Wagner said, he seems to not have proper time to develop the
> activities for the Brazilian chapter and that could even be validated by
> the
> absence of answers to my e-mails.
> It's been more than a month since my first email about chapter and
> translation activities and he told that he would call me to we define the
> first steps. Up to now, no call received.

Wagner is from the Brazilian chapter, right?

The last seem effort on Brazilian Chapter was a first try to translate the
> TOP10 2004, and that initiative took place on an outside wiki
> http://owasp.securenet.com.br/index.php/Main_Page . I don't know if it's
> okay to host an OWASP chapter outside the official page, and this is my
> first doubt.

Those materials should be hosted at the owasp.org wiki. Because that will be
in a different language you might want to have a separate WIKI for example
www.owasp.org/brazil or www.owasp.org/pt or pt.owasp.org

As coordinator of a security research center located in the University of
> Sao Paulo (USP), me and my team are very enthusiastic to actively
> participate in OWASP project, maintaining and proposing new ideas, once
> what
> we develop at our center is really close to OWASP. When we're recycling
> our
> Web application and infrastructure security methodology, I started talking
> to Matteo Meucci to see what could be possible to cooperate. We already
> have
> a methodology in Portuguese based on OWASP and other resources and once
> this
> cooperation starts we could delivery an official translation soon.

That should great, and your should also publish those materials too, if some
of your stuff is better that what already exists at OWASP.org then it should
be OWASP that is doing the translation :)

All that said, I'm contacting you to get clarified about all this. Our
> research center is really interested on developing those activities and
> move
> forward the Brazilian chapter, not only with the translation activities,
> but
> with security events and presentations in order to disseminate even more
> the
> OWASP project in our country.

Well then go for it :)

So, here are my doubts:
> a)      How could it be started, since it's been quite hard to getting in
> touch
> with Wagner? Should I start a new chapter?

If the current chapter leadership is not organizing events or responding to
queries, then they should be replaced. So talk to Sebastien (CCed) and he
will explain you better how that process works

b)      Is it possible/legal/viable to host an outside wiki for our chapter,
> as
> the old one found on http://owasp.securenet.com.br/index.php/Main_Page? If
> so, we could host a web server in OWASP model to facilitate people access,
> and since we are located in a University, we have all the infra-structure
> necessary and high speedy links, as well.

It could but we would prefer to have it under an owasp.org domain. I can
actually see the reasoning to have that website hosted at your facilities
since most accesses would be from Brazil (maybe some from Portugal) and
hosting it in the US will be slower

c)      Once I will be involving part of the research center staff on this,
> is it
> possible to formalize this participation?

The current 'formal' participation titles, that we have are: Project Leader,
Chapter Leader, Active Owasp contributor and member

Which one are you?

As I told to Wagner, I'm really sadden about the lack of resources on OWASP
> Brazil and I believe we have expertise and knowledge to build up the
> chapter
> pretty soon.

Well, the past is gone already, so lets look at the future and since you
guys are interested and have the energy, go for it. The Brazil and owasp top
10 translation (don't do the 2004 edition, do the new one) are all yours :)

After all, my team is proposing to work on Attacks and Vulnerabilities
> projects of Spoc.

Have you posted it here?

Hope hear from you soon, and sorry about the my email length.

No worries, and I am the one that has to apology for the delay in responding

Dinis Cruz
Chief OWASP Evangelist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070330/d68eb6b3/attachment-0002.html>

More information about the Owasp-board mailing list