[Owasp-board] Two items that require Approval

Dave Wichers dave.wichers at owasp.org
Wed Aug 24 02:31:00 UTC 2011

OK. Thanks for the additional details. I approve.




From: mtesauro at gmail.com [mailto:mtesauro at gmail.com] On Behalf Of Matt
Sent: Tuesday, August 23, 2011 9:29 PM
To: Dave Wichers
Cc: Martin Knobloch; Kate Hartmann; OWASP Foundation Board List
Subject: Re: [Owasp-board] Two items that require Approval


The Hacking Lab is a hand-on lab environment which includes VPN access to a
real lab environment to conduct security training, tutorials,
demonstrations, etc.  It is very slick.  Consider it a service like we use
Google for our email, SalesForce for CRM, SimpleVoting for elections, ...
This is another service being offered to OWASP for zero cost.


About the NDA:  There are multiple role levels in this service.  As an
instructor, you can see not only the content related to your event but all
content is placed in a "knowledge base".  For example, there are
step-by-step instructions, screen captures and videos explaining various
labs - e.g. a video demonstrating using Wireshark to pull files out of a FTP
stream.  Ivan's one concern is that these instructors will have access to
all of this content - content he's created with his own time/money.  An
unscrupulous person could basically copy the knowledge base and rather
quickly setup shop as an online training company.  To hedge against this, he
wanted the two instructors to basically promise (via the NDA) not to steal
the existing content in the knowledge base.


On the whole, I think we have a great deal to gain - a ready build online
training environment for free, and not very much to loose - two OWASPers
under an NDA + Hacking Lab gains some OWASP material added to their
knowledge base - which, frankly, he could do right now without us
considering the licensing of OWASP materials.

-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site

On Tue, Aug 23, 2011 at 4:42 PM, Dave Wichers <dave.wichers at owasp.org>

I vote to approve the ISSA agreement.



The LOI from Hacking-Lab is a hard for me to understand. What does their
service provide exactly? If OWASP produces a training event using this
service/product, are the results free for use at live training sessions only
or can it be made free for use online to the OWASP community?



I'm also concerned about: OWASP responsibility


- OWASP will identify at least 2 members to become a Hacking-Lab teacher.
These teachers

will have access to the solution management application, including
step-by-step and video 

resources. These teachers need to sign a non disclosure agreement with


Why do they have to sign an NDA?


From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Martin Knobloch
Sent: Tuesday, August 23, 2011 5:10 PM
To: Kate Hartmann
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Two items that require Approval


#1 yea (has been voted in favor by the GEC by 4 yea and 1 nea)

#2 yea



On Tue, Aug 23, 2011 at 8:45 PM, Kate Hartmann <kate.hartmann at owasp.org>

There are two documents on the Board Vote page that require approval:


#1.  the LOI from Hacking-Lab 

#2  is the Blanket agreement document from the GConfC.


Please reply to this email with your yea or nea for each item.


Thank you.


Kate Hartmann

Operations Director


www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1


Owasp-board mailing list
Owasp-board at lists.owasp.org


Owasp-board mailing list
Owasp-board at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110823/cecec21e/attachment-0002.html>

More information about the Owasp-board mailing list