[Owasp-board] Financial Support for OWASP Project Leaders to speak at OWASP conferences??

Seba seba at owasp.org
Wed Sep 22 12:32:04 UTC 2010


Dave,
I think this should come out of the conference budget?

--Seba

On Wed, Sep 22, 2010 at 2:22 PM, Dave Wichers <dave.wichers at owasp.org>wrote:

>  Fabio has asked for financial help to go to OWASP DC in Nov and present
> his work on the OWASP ESAPI Swingset. His request seems very reasonable and
> I think we should try to support this, but we just don’t have any precedent
> for it.
>
>
>
> So here is my question:
>
>
>
> 1)      Do we want to simply support it out of Boardmember discretionary
> funds?
>
> 2)      Do we want to require our conferences to provide some amount of
> budget to help OWASP project leaders present?
>
> a.      Maybe at some ratio of the total # of speakers, like 1 for every
> 10 or something?
>
> b.      Such funds to be used only upon request??
>
> 3)      Do we want to set up a separate fund to support OWASP project
> leaders presenting at OWASP conferences
>
>
>
> In the past, the leaders employers have been paying for this, which
> obviously saves OWASP money, and I’d think that we’d like to continue that
> behavior when the employers are willing.
>
>
>
> So, if we do any of these things I don’t think we want to make a big deal
> out of it. Alternatively, we could make a big deal out of it in order to
> encourage more OWASP project leaders to present their projects. I think we
> should require such projects to be fairly active, but I doubt that would be
> much of a problem.
>
>
>
> Thoughts?
>
>
>
> -Dave
>
>
>
> *From:* Dave Wichers [mailto:dave.wichers at owasp.org]
> *Sent:* Wednesday, September 22, 2010 8:16 AM
> *To:* 'fabio.e.cerullo at aib.ie'
> *Cc:* 'eoin.keary at owasp.org'
> *Subject:* RE: RE: Swingset @ AppSecDC 2010
>
>
>
> I agree with you in principle. OWASP just hasn’t done this in the past, so
> we simply don’t have any precedent for this, and therefore we don’t have any
> budget specifically set aside to support these kinds of activities.
>
>
>
> I’ll talk to the board to see what we can do. I agree these are valuable to
> the OWASP community and we should support/encourage OWASP contributors to
> speak at our conferences about their projects.
>
>
>
> Thanks, Dave
>
>
>
> p.s. Has the work you’ve done been finalized and posted to Google or OWASP?
> I wanted to let NSA know that your Swingset app was done and available for
> them to play with.
>
>
>
> *From:* fabio.e.cerullo at aib.ie [mailto:fabio.e.cerullo at aib.ie]
> *Sent:* Wednesday, September 22, 2010 6:53 AM
> *To:* Dave Wichers
> *Cc:* eoin.keary at owasp.org
> *Subject:* RE: RE: Swingset @ AppSecDC 2010
>
>
>
>
> Hi Dave,
>
> I understand OWASP not covering expenses for everyone to attend conferences
> as this will obviously be expensive, even prohibitive.
>
> However, I think special consideration should be taken for leaders who are
> promoting OWASP across the globe on a voluntary basis.
>
> In my particular case, I've asked for resources at AIB (my employer) to
> build a customized version of the Swingset application and then donate it to
> OWASP.
> I think that is supportive enough from my employer, and asking for funds to
> travel to the US in order to present the tool at AppSec DC wouldn't be
> appropiate.
> I am not planning on going to DC to mingle with potential clients/etc, but
> rather to promote OWASP and some of its tools in that particular conference.
>
> The OWASP Ireland chapter (which I'm currently leading) is lucky enough to
> have funds available thanks to hard work during the year and a tremendous
> effort by Eoin and the rest of the team to put up a successful conference
> last week. However, I think saying we need to use those funds to cover
> travel expenses is not fair to the chapter or its members who paid their
> annual membership and are expecting those funds to be used in their local
> community.
>
> OWASP Ireland obviously is not benefiting from me presenting SwingSet at DC
> and if I have to stick to the rule, I shouldn't go to the AppSecDC
> conference for that particular reason. However, if we look at our mission of
> 'making application security visible' OWASP central should cover at least
> part of these costs because the final beneficiary of this project in the end
> is... our global community.
>
> Please let me know how would you like to proceed on this.
>
> Thank you,
>
> Fabio Cerullo
> Divisional Information Security
> Bankcentre D1,
> Ballsbridge,
> Dublin 4,
> Ireland.
>
> Tel: +353 1 772 6309
> Email: fabio.e.cerullo at aib.ie
>
>    *"Dave Wichers" <dave.wichers at owasp.org>*
>
> 21/09/2010 23:23
>
>
>         To:        <fabio.e.cerullo at aib.ie>
>         cc:
>         Subject:        RE: RE: Swingset @ AppSecDC 2010
>
>
>
>
>
> Fabio,
>
> In general, presenters employers pay them to attend/present as it looks
> good that their employer is supporting this kind of work, and you get to
> mingle with potential clients, etc.
>
> In this case, is AIB supportive of your efforts and willing to pay your
> expenses, or are you in the situation where you would have to pay most or
> all of your own expenses?
>
> -Dave
>
>
>
> ******************************************************
>
> This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.
>
>
>
> This email has been scanned by an external email security system.
>
>
>
> Allied Irish Banks
>
>
>
> AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173
>
>
>
> Please consider the environment before printing this e-mail.
>
> ******************************************************
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100922/038148b7/attachment-0002.html>


More information about the Owasp-board mailing list