[Owasp-board] Final notes for OWASP Day and action items for chapter leaders

Dinis Cruz dinis at ddplus.net
Mon Sep 3 10:00:50 UTC 2007

Dear Ofer (Israel), Ivan (London), Tom (New York & New Jersey), Sebastien
(Belgium), Mike  and Andre (Washington DC), Dan (San Antonio), Mike and
Scott (Seattle), Brian (San Jose),  Dharmesh (Mumbai), Mike and Sherif
(Ottawa), Adam (Phoenix), Andrzej (Poland), Jim (Boston), Bunyamin and
Ferruh (Turkey), Matteo (Italy), Ralf (Rochester), David (Houston), Ken

Thanks for participating in the first OWASP Day!! , which should be called
OWASP Week :)  https://www.owasp.org/index.php/OWASP_Day

We are almost there and I would like you ask you a couple things:

1) Jeff Williams is just about to create 5m video about OWASP which we would
like you all to play at the beginning of your chapter meeting. This 5m
presentation will cover topics like: what is OWASP, how it is organized,
what are OWASP vales, what are the most successful OWASP projects, what do
you need to do if you want to contribute, etc.. (btw, Jeff is still looking
for topics for this presentation so if you have more ideas, fell free to
contact him directly). Note that to play this you will have to organize
audio capabilities on your event (which depending on the size of the venue,
might be easy or not)

2) During the event, please take several photos and take note of how many
participants you had (if possible by category: business, government, vendor,
other  ), so that once it is completed you can add them to this page
https://www.owasp.org/index.php/OWASP_Week_September_2007 where I would also
like you to post some words about your event (what went well, feedback from
attendees, what should be done next time, etc....)

3) As suggested several times before (Tom, Matteo, me) we would like all
events to ask the following questions during a panel:

   a) What is the current state of Privacy on Web Application Security? Does
it really matter? Is privacy what will drive radical changes in web
application's security (ala PCI)?
   b) Application side: what the data owner should be doing to protect the
user's privacy? Should there be a law that states how to protect this
information? What can we do to improve it?
   c) Client side: what is the client's perception of privacy? How can a
user trust a site about his own data treatment? Is the client nowadays
safeguarded about a possible loss of privacy?
   d) What should OWASP be focusing on?
   e) What would OWASP spend it's grant money? (note that new OWASP members
can allocate some or all of their membership fees to specific projects)
   f) Should OWASP organize such 'OWASP Weeks' every quarter?

   Each chapter should have 1 paragraph (or small comment) about each of
these 6 questions which should then be posted on

Good luck, and let's make this a great success :)

Dinis Cruz
Chief OWASP Evangelist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070903/2fbc1349/attachment-0002.html>

More information about the Owasp-board mailing list