[Owasp-board] Financial Support for OWASP Project Leaders to speak at OWASP conferences??

dinis cruz dinis.cruz at owasp.org
Wed Sep 22 13:31:30 UTC 2010


Sure, but lets take this oportunity to define some ground rules.

And yes we need to be proactive in getting our leaders to the conferences,
since we can see what happens if we don't (the number of OWASP related
presentations is very small (if existent at all)). We also need to encourage
the Conferences to have OWASP presentations, but the issue of speakers
travel costs is one we need to address at board level (my view is that we
should not  'force' the conferences to account directly for those leader
expenses (at end-of-the-day it doesn't really matter since we using
conference's profits to pay for those expenses)

Any comments on the variations/rule-of-thumb that I proposed in my previous
email.

If you are Ok with it, I will put them on the Wiki and drop a quick email to
the leaders about it.

Dinis Cruz

On 22 September 2010 14:21, Dave Wichers <dave.wichers at owasp.org> wrote:

>  Given that Eoin has graciously offered to pay for Fabio’s expenses to
> attend the conference I think we should accept.
>
>
>
> I also agree that I think we should do this on a case by case basis, unless
> we truly want to do some kind of marketing to encourage more project leaders
> to present their projects at our OWASP conferences.
>
>
>
> For example, I noticed that in OWASP Sweden I might have been the only
> speaker talking about an OWASP conference at the entire event, which seems
> sad to me.
>
>
>
> I think we might want to encourage the conference organizers to
> specifically target and invite speakers that are actively working on
> projects right now, rather than sending out broad requests to all of OWASP.
> We might want to set a specific target goal of like 20% of the talks to be
> about OWASP stuff. Not a requirement, but a goal.
>
>
>
> -Dave
>
>
>
> *From:* eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] *On Behalf Of *
> Eoin
> *Sent:* Wednesday, September 22, 2010 9:03 AM
> *To:* Dave Wichers
> *Cc:* OWASP Foundation Board List
> *Subject:* Re: [Owasp-board] Financial Support for OWASP Project Leaders
> to speak at OWASP conferences??
>
>
>
> I am happy to support  payment of  Fab's expenses out of Ireland Chapter
> funds.
>
>
>
> Going forward I think it should be on a case by case basis. - the quality
> needs to be there in terms of the delivery and presentation content.
>
> Just because a leader requests this does not necessarily mean the
> presentation is any good. (What is the value of delivering the presentation,
> is it worth the investment?).
>
>
>
> Eoin
>
>
>
>
>
>
>
>
>
>
>
> On 22 September 2010 13:22, Dave Wichers <dave.wichers at owasp.org> wrote:
>
> Fabio has asked for financial help to go to OWASP DC in Nov and present his
> work on the OWASP ESAPI Swingset. His request seems very reasonable and I
> think we should try to support this, but we just don’t have any precedent
> for it.
>
>
>
> So here is my question:
>
>
>
> 1)      Do we want to simply support it out of Boardmember discretionary
> funds?
>
> 2)      Do we want to require our conferences to provide some amount of
> budget to help OWASP project leaders present?
>
> a.      Maybe at some ratio of the total # of speakers, like 1 for every
> 10 or something?
>
> b.      Such funds to be used only upon request??
>
> 3)      Do we want to set up a separate fund to support OWASP project
> leaders presenting at OWASP conferences
>
>
>
> In the past, the leaders employers have been paying for this, which
> obviously saves OWASP money, and I’d think that we’d like to continue that
> behavior when the employers are willing.
>
>
>
> So, if we do any of these things I don’t think we want to make a big deal
> out of it. Alternatively, we could make a big deal out of it in order to
> encourage more OWASP project leaders to present their projects. I think we
> should require such projects to be fairly active, but I doubt that would be
> much of a problem.
>
>
>
> Thoughts?
>
>
>
> -Dave
>
>
>
> *From:* Dave Wichers [mailto:dave.wichers at owasp.org]
> *Sent:* Wednesday, September 22, 2010 8:16 AM
> *To:* 'fabio.e.cerullo at aib.ie'
> *Cc:* 'eoin.keary at owasp.org'
> *Subject:* RE: RE: Swingset @ AppSecDC 2010
>
>
>
> I agree with you in principle. OWASP just hasn’t done this in the past, so
> we simply don’t have any precedent for this, and therefore we don’t have any
> budget specifically set aside to support these kinds of activities.
>
>
>
> I’ll talk to the board to see what we can do. I agree these are valuable to
> the OWASP community and we should support/encourage OWASP contributors to
> speak at our conferences about their projects.
>
>
>
> Thanks, Dave
>
>
>
> p.s. Has the work you’ve done been finalized and posted to Google or OWASP?
> I wanted to let NSA know that your Swingset app was done and available for
> them to play with.
>
>
>
> *From:* fabio.e.cerullo at aib.ie [mailto:fabio.e.cerullo at aib.ie]
> *Sent:* Wednesday, September 22, 2010 6:53 AM
> *To:* Dave Wichers
> *Cc:* eoin.keary at owasp.org
> *Subject:* RE: RE: Swingset @ AppSecDC 2010
>
>
>
>
> Hi Dave,
>
> I understand OWASP not covering expenses for everyone to attend conferences
> as this will obviously be expensive, even prohibitive.
>
> However, I think special consideration should be taken for leaders who are
> promoting OWASP across the globe on a voluntary basis.
>
> In my particular case, I've asked for resources at AIB (my employer) to
> build a customized version of the Swingset application and then donate it to
> OWASP.
> I think that is supportive enough from my employer, and asking for funds to
> travel to the US in order to present the tool at AppSec DC wouldn't be
> appropiate.
> I am not planning on going to DC to mingle with potential clients/etc, but
> rather to promote OWASP and some of its tools in that particular conference.
>
> The OWASP Ireland chapter (which I'm currently leading) is lucky enough to
> have funds available thanks to hard work during the year and a tremendous
> effort by Eoin and the rest of the team to put up a successful conference
> last week. However, I think saying we need to use those funds to cover
> travel expenses is not fair to the chapter or its members who paid their
> annual membership and are expecting those funds to be used in their local
> community.
>
> OWASP Ireland obviously is not benefiting from me presenting SwingSet at DC
> and if I have to stick to the rule, I shouldn't go to the AppSecDC
> conference for that particular reason. However, if we look at our mission of
> 'making application security visible' OWASP central should cover at least
> part of these costs because the final beneficiary of this project in the end
> is... our global community.
>
> Please let me know how would you like to proceed on this.
>
> Thank you,
>
> Fabio Cerullo
> Divisional Information Security
> Bankcentre D1,
> Ballsbridge,
> Dublin 4,
> Ireland.
>
> Tel: +353 1 772 6309
> Email: fabio.e.cerullo at aib.ie
>
> *"Dave Wichers" <dave.wichers at owasp.org>*
>
> 21/09/2010 23:23
>
>
>         To:        <fabio.e.cerullo at aib.ie>
>         cc:
>         Subject:        RE: RE: Swingset @ AppSecDC 2010
>
>
>
>
>
> Fabio,
>
> In general, presenters employers pay them to attend/present as it looks
> good that their employer is supporting this kind of work, and you get to
> mingle with potential clients, etc.
>
> In this case, is AIB supportive of your efforts and willing to pay your
> expenses, or are you in the situation where you would have to pay most or
> all of your own expenses?
>
> -Dave
>
>
>
> ******************************************************
>
> This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.
>
>
>
> This email has been scanned by an external email security system.
>
>
>
> Allied Irish Banks
>
>
>
> AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173
>
>
>
> Please consider the environment before printing this e-mail.
>
> ******************************************************
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100922/5f664c58/attachment-0002.html>


More information about the Owasp-board mailing list