[Owasp-board] Financial Support for OWASP Project Leaders to speak at OWASP conferences??

Dave Wichers dave.wichers at owasp.org
Wed Sep 22 12:22:48 UTC 2010

Fabio has asked for financial help to go to OWASP DC in Nov and present his
work on the OWASP ESAPI Swingset. His request seems very reasonable and I
think we should try to support this, but we just don't have any precedent
for it.


So here is my question:


1)      Do we want to simply support it out of Boardmember discretionary

2)      Do we want to require our conferences to provide some amount of
budget to help OWASP project leaders present?

a.      Maybe at some ratio of the total # of speakers, like 1 for every 10
or something?

b.      Such funds to be used only upon request??

3)      Do we want to set up a separate fund to support OWASP project
leaders presenting at OWASP conferences 


In the past, the leaders employers have been paying for this, which
obviously saves OWASP money, and I'd think that we'd like to continue that
behavior when the employers are willing.


So, if we do any of these things I don't think we want to make a big deal
out of it. Alternatively, we could make a big deal out of it in order to
encourage more OWASP project leaders to present their projects. I think we
should require such projects to be fairly active, but I doubt that would be
much of a problem.






From: Dave Wichers [mailto:dave.wichers at owasp.org] 
Sent: Wednesday, September 22, 2010 8:16 AM
To: 'fabio.e.cerullo at aib.ie'
Cc: 'eoin.keary at owasp.org'
Subject: RE: RE: Swingset @ AppSecDC 2010


I agree with you in principle. OWASP just hasn't done this in the past, so
we simply don't have any precedent for this, and therefore we don't have any
budget specifically set aside to support these kinds of activities.


I'll talk to the board to see what we can do. I agree these are valuable to
the OWASP community and we should support/encourage OWASP contributors to
speak at our conferences about their projects.


Thanks, Dave


p.s. Has the work you've done been finalized and posted to Google or OWASP?
I wanted to let NSA know that your Swingset app was done and available for
them to play with.


From: fabio.e.cerullo at aib.ie [mailto:fabio.e.cerullo at aib.ie] 
Sent: Wednesday, September 22, 2010 6:53 AM
To: Dave Wichers
Cc: eoin.keary at owasp.org
Subject: RE: RE: Swingset @ AppSecDC 2010


Hi Dave, 

I understand OWASP not covering expenses for everyone to attend conferences
as this will obviously be expensive, even prohibitive. 

However, I think special consideration should be taken for leaders who are
promoting OWASP across the globe on a voluntary basis. 

In my particular case, I've asked for resources at AIB (my employer) to
build a customized version of the Swingset application and then donate it to
I think that is supportive enough from my employer, and asking for funds to
travel to the US in order to present the tool at AppSec DC wouldn't be
I am not planning on going to DC to mingle with potential clients/etc, but
rather to promote OWASP and some of its tools in that particular conference.

The OWASP Ireland chapter (which I'm currently leading) is lucky enough to
have funds available thanks to hard work during the year and a tremendous
effort by Eoin and the rest of the team to put up a successful conference
last week. However, I think saying we need to use those funds to cover
travel expenses is not fair to the chapter or its members who paid their
annual membership and are expecting those funds to be used in their local

OWASP Ireland obviously is not benefiting from me presenting SwingSet at DC
and if I have to stick to the rule, I shouldn't go to the AppSecDC
conference for that particular reason. However, if we look at our mission of
'making application security visible' OWASP central should cover at least
part of these costs because the final beneficiary of this project in the end
is... our global community. 

Please let me know how would you like to proceed on this. 

Thank you, 

Fabio Cerullo
Divisional Information Security 
Bankcentre D1, 
Dublin 4,

Tel: +353 1 772 6309
Email: fabio.e.cerullo at aib.ie

"Dave Wichers" <dave.wichers at owasp.org> 

21/09/2010 23:23 

        To:        <fabio.e.cerullo at aib.ie> 
        Subject:        RE: RE: Swingset @ AppSecDC 2010 


In general, presenters employers pay them to attend/present as it looks good
that their employer is supporting this kind of work, and you get to mingle
with potential clients, etc. 

In this case, is AIB supportive of your efforts and willing to pay your
expenses, or are you in the situation where you would have to pay most or
all of your own expenses? 


This document is strictly confidential and is intended for use by the
addressee unless otherwise indicated.
This email has been scanned by an external email security system.
Allied Irish Banks
AIB and AIB Group are registered business names of Allied Irish Banks p.l.c.
Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
Registered in Ireland: Registered No. 24173
Please consider the environment before printing this e-mail. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100922/1be3d6f0/attachment-0002.html>

More information about the Owasp-board mailing list