[Owasp-board] Send Craig to PyCon w/OOTM?

Jeff Williams jeff.williams at owasp.org
Tue Oct 27 15:07:38 UTC 2009


We did that actually.  We missed the CFP by a few days and they didn’t want to break the process for us although they really liked the topic.  So I agree with Seba that if it’s just the lightning talk it’s probably not worth it.  But we can also do a “security open-space” and possibly some other activities.  Craig is a bit quiet, but if we charge him up with a particular mission he’s very good.

 

--Jeff

 

From: Dinis Cruz [mailto:dinis.cruz at owasp.org] 
Sent: Tuesday, October 27, 2009 5:21 AM
To: Seba
Cc: jeff.williams at owasp.org; OWASP Foundation Board List
Subject: Re: [Owasp-board] Send Craig to PyCon w/OOTM?

 

I'm fine with it, since he will be a walking talking OWASP promotion machine at that conference

 

What we could maybe do is to try to contact the organizers directly and see if they can give him a bigger slot

Dinis Cruz


On 27 Oct 2009, at 07:04, Seba <seba at owasp.org> wrote:

$ 1200 for a 5 min lightning talk seems a lot to me.

Isn't there somebody who is already going that can do this?

 

Seba

On Tue, Oct 27, 2009 at 3:28 AM, Jeff Williams <jeff.williams at owasp.org> wrote:

I propose we send Craig to PyCon with the mission of doing as much as possible to promote OWASP to the Python community.  I think the cost would be about $1200.  Craig single-handedly implemented ESAPI in Python over the summer for us.

 

Agree?

 

--Jeff

 

 

From: Craig Younkins [mailto:craig.younkins at owasp.org] 
Sent: Monday, October 26, 2009 10:07 PM
To: Jeff Williams
Subject: Re: What I've Been Doing

 

Jeff,
 

"Have you been accepted to do a lightning talk at PyCon?"


So lightning talks are scheduled at the conference, and there is no approval process. I just have to sign up while there. The PyCon site has this to say: "Sign up on time, because the five-minute slots fill up quickly! If all slots are full, consider creating or joining an Open <http://us.pycon.org/2010/conference/openspace/>  Space session for your topic instead." PyCon in Feb will aim to have 50 five-minute talks over 5 hours. While there is no guarantee that I could get a slot, I think there is a decent chance. Obviously, signing up would be the first thing I'd do when there.

Another option is to start an "Open Space" about web security using Python. (http://us.pycon.org/2010/openspace/) These are informal discussions about a particular topic. Bringing a pre-made presentation is discouraged, but it would certainly give me a chance to pitch ESAPI to web developers. 

And there's always the hallway track. In any case, I would surely be able to connect with web developers to get ESAPI out there in the Python community.


The conference is Friday February 19 through Sunday February 21, so 3 days.

Thanks,

--

Craig Younkins
Mobile: (301) 520-0463
Website/Blog <http://cyounkins.blogspot.com/> 

 

On Mon, Oct 26, 2009 at 1:25 PM, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

Craig,

 

Have you been accepted to do a lightning talk at PyCon?  If so I think the OWASP Foundation would fund the trip to get you in front of the Python community.  How long is the conference so we can get an idea of the cost.

 

Thanks,

 

--Jeff

 

 

From: Craig Younkins [mailto:craig.younkins at owasp.org] 
Sent: Monday, October 26, 2009 12:40 PM
To: Jeff Williams
Subject: Re: What I've Been Doing

 

Jeff,

Sorry it's taken me so long to respond to this email. The craziness of the past week is finally dying down. I've been brainstorming a few ways to reach out to the Python community to get people interested and some eyes on the code for improvements. First I want to wrap up a few things in ESAPI and push out v1, but after that I'll be contacting the devs and users of the various frameworks to try and gather some interest.

I am eager to speak at a lightning talk at PyCon. Admission to the conference is $300 or $350 (yowza). Staying at the hotel is $159/night, and a flight would cost ~$250 round trip. Who should I contact to find out if this is feasible?

I'll be sending you and Andi an update on what I've been doing and the plan moving forward sometime this evening after my next exam.

Best,

--

Craig Younkins
Mobile: (301) 520-0463
Website/Blog <http://cyounkins.blogspot.com/> 

 

On Mon, Oct 12, 2009 at 3:43 PM, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

Hi Craig,

 

That’s surprising. There were a lot of tweets and retweets about the launch.  I figured there would be more downloaders.  But don’t give up – there was very little activity on the Java version for a long time too.  Can you think of some other ways to reach out to the Python community?  Are there Python developer conferences where you could go speak about it </resume builder alert>?   I asked about PyCon and they just closed their application period – but perhaps we could do an open space or lightning talk?  OWASP may be able to help with the travel cost.

 

--Jeff

 

 

From: Craig Younkins [mailto:craig.younkins at owasp.org] 
Sent: Sunday, October 11, 2009 9:44 PM
To: Jeff Williams; Andi McDowell
Subject: What I've Been Doing

 

Hello,

Well, the beta of ESAPI on Python was met without much fanfare. To date we have had 9 downloads, and I haven't gotten any emails about it. Hopefully once I can call it 1.0 I can start pushing framework devs to integrate some or all of it.

What I've been doing this week:

* Increasing code coverage in many places.
* Changed the way code coverage is computed such that interfaces no longer count against us. At the release of the beta, code coverage with the new metric was about 80%. Today it is 87%.
* Changed the settings file (which was already python code) to remove any time unit ambiguities.

You can also look at the commit log if you want: http://code.google.com/p/owasp-esapi-python/source/list

What's next:

* Continue work upping the code coverage to ~95%
* Improve documentation in a few areas
* Push out v1
* Connect with framework devs to encourage them to integrate some or all of ESAPI

Best,

--

Craig Younkins
Mobile: (301) 520-0463
Website/Blog <http://cyounkins.blogspot.com/> 

 

 

 


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

 

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091027/1b04c6ad/attachment-0002.html>


More information about the Owasp-board mailing list