[Owasp-board] Financial Support for OWASP Project Leaders to speak at OWASP conferences??

Dave Wichers dave.wichers at owasp.org
Wed Sep 22 13:21:59 UTC 2010


Given that Eoin has graciously offered to pay for Fabio's expenses to attend
the conference I think we should accept.

 

I also agree that I think we should do this on a case by case basis, unless
we truly want to do some kind of marketing to encourage more project leaders
to present their projects at our OWASP conferences.

 

For example, I noticed that in OWASP Sweden I might have been the only
speaker talking about an OWASP conference at the entire event, which seems
sad to me.

 

I think we might want to encourage the conference organizers to specifically
target and invite speakers that are actively working on projects right now,
rather than sending out broad requests to all of OWASP. We might want to set
a specific target goal of like 20% of the talks to be about OWASP stuff. Not
a requirement, but a goal.

 

-Dave

 

From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
Sent: Wednesday, September 22, 2010 9:03 AM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Financial Support for OWASP Project Leaders to
speak at OWASP conferences??

 

I am happy to support  payment of  Fab's expenses out of Ireland Chapter
funds.

 

Going forward I think it should be on a case by case basis. - the quality
needs to be there in terms of the delivery and presentation content.

Just because a leader requests this does not necessarily mean the
presentation is any good. (What is the value of delivering the presentation,
is it worth the investment?).

 

Eoin

 

 

 



 

On 22 September 2010 13:22, Dave Wichers <dave.wichers at owasp.org> wrote:

Fabio has asked for financial help to go to OWASP DC in Nov and present his
work on the OWASP ESAPI Swingset. His request seems very reasonable and I
think we should try to support this, but we just don't have any precedent
for it.

 

So here is my question:

 

1)      Do we want to simply support it out of Boardmember discretionary
funds?

2)      Do we want to require our conferences to provide some amount of
budget to help OWASP project leaders present?

a.      Maybe at some ratio of the total # of speakers, like 1 for every 10
or something?

b.      Such funds to be used only upon request??

3)      Do we want to set up a separate fund to support OWASP project
leaders presenting at OWASP conferences 

 

In the past, the leaders employers have been paying for this, which
obviously saves OWASP money, and I'd think that we'd like to continue that
behavior when the employers are willing.

 

So, if we do any of these things I don't think we want to make a big deal
out of it. Alternatively, we could make a big deal out of it in order to
encourage more OWASP project leaders to present their projects. I think we
should require such projects to be fairly active, but I doubt that would be
much of a problem.

 

Thoughts?

 

-Dave

 

From: Dave Wichers [mailto:dave.wichers at owasp.org] 
Sent: Wednesday, September 22, 2010 8:16 AM
To: 'fabio.e.cerullo at aib.ie'
Cc: 'eoin.keary at owasp.org'
Subject: RE: RE: Swingset @ AppSecDC 2010

 

I agree with you in principle. OWASP just hasn't done this in the past, so
we simply don't have any precedent for this, and therefore we don't have any
budget specifically set aside to support these kinds of activities.

 

I'll talk to the board to see what we can do. I agree these are valuable to
the OWASP community and we should support/encourage OWASP contributors to
speak at our conferences about their projects.

 

Thanks, Dave

 

p.s. Has the work you've done been finalized and posted to Google or OWASP?
I wanted to let NSA know that your Swingset app was done and available for
them to play with.

 

From: fabio.e.cerullo at aib.ie [mailto:fabio.e.cerullo at aib.ie] 
Sent: Wednesday, September 22, 2010 6:53 AM
To: Dave Wichers
Cc: eoin.keary at owasp.org
Subject: RE: RE: Swingset @ AppSecDC 2010

 


Hi Dave, 

I understand OWASP not covering expenses for everyone to attend conferences
as this will obviously be expensive, even prohibitive. 

However, I think special consideration should be taken for leaders who are
promoting OWASP across the globe on a voluntary basis. 

In my particular case, I've asked for resources at AIB (my employer) to
build a customized version of the Swingset application and then donate it to
OWASP. 
I think that is supportive enough from my employer, and asking for funds to
travel to the US in order to present the tool at AppSec DC wouldn't be
appropiate. 
I am not planning on going to DC to mingle with potential clients/etc, but
rather to promote OWASP and some of its tools in that particular conference.


The OWASP Ireland chapter (which I'm currently leading) is lucky enough to
have funds available thanks to hard work during the year and a tremendous
effort by Eoin and the rest of the team to put up a successful conference
last week. However, I think saying we need to use those funds to cover
travel expenses is not fair to the chapter or its members who paid their
annual membership and are expecting those funds to be used in their local
community. 

OWASP Ireland obviously is not benefiting from me presenting SwingSet at DC
and if I have to stick to the rule, I shouldn't go to the AppSecDC
conference for that particular reason. However, if we look at our mission of
'making application security visible' OWASP central should cover at least
part of these costs because the final beneficiary of this project in the end
is... our global community. 

Please let me know how would you like to proceed on this. 

Thank you, 

Fabio Cerullo
Divisional Information Security 
Bankcentre D1, 
Ballsbridge,
Dublin 4,
Ireland.

Tel: +353 1 772 6309
Email: fabio.e.cerullo at aib.ie

	
"Dave Wichers" <dave.wichers at owasp.org> 

21/09/2010 23:23 

        
        To:        <fabio.e.cerullo at aib.ie> 
        cc:         
        Subject:        RE: RE: Swingset @ AppSecDC 2010 





Fabio, 

In general, presenters employers pay them to attend/present as it looks good
that their employer is supporting this kind of work, and you get to mingle
with potential clients, etc. 

In this case, is AIB supportive of your efforts and willing to pay your
expenses, or are you in the situation where you would have to pay most or
all of your own expenses? 

-Dave 

 
******************************************************
This document is strictly confidential and is intended for use by the
addressee unless otherwise indicated.
 
This email has been scanned by an external email security system.
 
Allied Irish Banks
 
AIB and AIB Group are registered business names of Allied Irish Banks p.l.c.
Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
Registered in Ireland: Registered No. 24173
 
Please consider the environment before printing this e-mail. 
******************************************************


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board




-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100922/a433c004/attachment-0002.html>


More information about the Owasp-board mailing list