[Owasp-board] Send Craig to PyCon w/OOTM?

Jeff Williams jeff.williams at owasp.org
Tue Oct 27 02:28:05 UTC 2009


I propose we send Craig to PyCon with the mission of doing as much as
possible to promote OWASP to the Python community.  I think the cost would
be about $1200.  Craig single-handedly implemented ESAPI in Python over the
summer for us.

 

Agree?

 

--Jeff

 

 

From: Craig Younkins [mailto:craig.younkins at owasp.org] 
Sent: Monday, October 26, 2009 10:07 PM
To: Jeff Williams
Subject: Re: What I've Been Doing

 

Jeff,
 

"Have you been accepted to do a lightning talk at PyCon?"


So lightning talks are scheduled at the conference, and there is no approval
process. I just have to sign up while there. The PyCon site has this to say:
"Sign up on time, because the five-minute slots fill up quickly! If all
slots are full, consider creating or joining an Open Space
<http://us.pycon.org/2010/conference/openspace/>  session for your topic
instead." PyCon in Feb will aim to have 50 five-minute talks over 5 hours.
While there is no guarantee that I could get a slot, I think there is a
decent chance. Obviously, signing up would be the first thing I'd do when
there.

Another option is to start an "Open Space" about web security using Python.
(http://us.pycon.org/2010/openspace/) These are informal discussions about a
particular topic. Bringing a pre-made presentation is discouraged, but it
would certainly give me a chance to pitch ESAPI to web developers. 

And there's always the hallway track. In any case, I would surely be able to
connect with web developers to get ESAPI out there in the Python community.


The conference is Friday February 19 through Sunday February 21, so 3 days.

Thanks,

--

Craig Younkins
Mobile: (301) 520-0463
Website/Blog <http://cyounkins.blogspot.com/> 

 

On Mon, Oct 26, 2009 at 1:25 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:

Craig,

 

Have you been accepted to do a lightning talk at PyCon?  If so I think the
OWASP Foundation would fund the trip to get you in front of the Python
community.  How long is the conference so we can get an idea of the cost.

 

Thanks,

 

--Jeff

 

 

From: Craig Younkins [mailto:craig.younkins at owasp.org] 
Sent: Monday, October 26, 2009 12:40 PM
To: Jeff Williams
Subject: Re: What I've Been Doing

 

Jeff,

Sorry it's taken me so long to respond to this email. The craziness of the
past week is finally dying down. I've been brainstorming a few ways to reach
out to the Python community to get people interested and some eyes on the
code for improvements. First I want to wrap up a few things in ESAPI and
push out v1, but after that I'll be contacting the devs and users of the
various frameworks to try and gather some interest.

I am eager to speak at a lightning talk at PyCon. Admission to the
conference is $300 or $350 (yowza). Staying at the hotel is $159/night, and
a flight would cost ~$250 round trip. Who should I contact to find out if
this is feasible?

I'll be sending you and Andi an update on what I've been doing and the plan
moving forward sometime this evening after my next exam.

Best,

--

Craig Younkins
Mobile: (301) 520-0463
Website/Blog <http://cyounkins.blogspot.com/> 

 

On Mon, Oct 12, 2009 at 3:43 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:

Hi Craig,

 

That's surprising. There were a lot of tweets and retweets about the launch.
I figured there would be more downloaders.  But don't give up - there was
very little activity on the Java version for a long time too.  Can you think
of some other ways to reach out to the Python community?  Are there Python
developer conferences where you could go speak about it </resume builder
alert>?   I asked about PyCon and they just closed their application period
- but perhaps we could do an open space or lightning talk?  OWASP may be
able to help with the travel cost.

 

--Jeff

 

 

From: Craig Younkins [mailto:craig.younkins at owasp.org] 
Sent: Sunday, October 11, 2009 9:44 PM
To: Jeff Williams; Andi McDowell
Subject: What I've Been Doing

 

Hello,

Well, the beta of ESAPI on Python was met without much fanfare. To date we
have had 9 downloads, and I haven't gotten any emails about it. Hopefully
once I can call it 1.0 I can start pushing framework devs to integrate some
or all of it.

What I've been doing this week:

* Increasing code coverage in many places.
* Changed the way code coverage is computed such that interfaces no longer
count against us. At the release of the beta, code coverage with the new
metric was about 80%. Today it is 87%.
* Changed the settings file (which was already python code) to remove any
time unit ambiguities.

You can also look at the commit log if you want:
http://code.google.com/p/owasp-esapi-python/source/list

What's next:

* Continue work upping the code coverage to ~95%
* Improve documentation in a few areas
* Push out v1
* Connect with framework devs to encourage them to integrate some or all of
ESAPI

Best,

--

Craig Younkins
Mobile: (301) 520-0463
Website/Blog <http://cyounkins.blogspot.com/> 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091026/085efaaf/attachment-0002.html>


More information about the Owasp-board mailing list