[Owasp-board] We need to begin to direct appropriately

dinis cruz dinis.cruz at owasp.org
Sun Jan 23 19:57:25 UTC 2011


Jeff on the topic of using Google Docs to capture the Working Sessions that
is the plan :)

FYI we will have a separate Internet (ADSL) connection that will be
dedicated to the Summit Team and the Working session Chairs which should
provide the reliability that we need (i.e. we will not be using the main
hotel's internet network :)  )

In terms of what documents and its exact workflow, we need to put some more
thinking on it (Sarah Cruz has also started thinking about how to display
that on the walls).Maybe when you finish reviewing (and adding content) to
the current working session, you could spend some cycles on that :)

Dinis Cruz

On 23 January 2011 19:40, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:

> Jeff,
>
>
>
> I and Sandra are currently updating the wiki by filling in the
> deliverables. Could you please give us more details on the templates you are
> requesting?
>
>
>
> Thanks,
>
> - Paulo
>
>
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra>
>
>
>
> *From:* Jeff Williams [mailto:jeff.williams at owasp.org]
> *Sent:* domingo, 23 de Janeiro de 2011 05:16
> *To:* 'Paulo Coimbra'; Kate Hartmann; 'Sandra Paiva'; 'sarah cruz'; 'Deb
> Brewer'; 'Linda Potjes'; 'Sarah Baso'
> *Cc:* 'OWASP Foundation Board List'; owasp-summit-2011 at lists.owasp.org
> *Subject:* RE: [Owasp-board] We need to begin to direct appropriately
>
>
>
> Hi,
>
> Could someone put these into the wiki for me?   The lack of responsiveness
> is making it difficult for me to complete the task.
>
> Every working group is going to have to have a **scribe** who will get the
> appropriate template (We need to get these drafted up quickly) and fill it
> out as the working group works.  I suggest we make these easily available on
> Google Docs and pray that the damn network works well.
>
> * OWASP 2011 Committee Plan Template
>
> * OWASP White Paper Template
>
> * OWASP Standard Template
>
> * OWASP Project Business Plan Template
>
> --Jeff
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/1/18/T._metrics.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
> *
> Category: Summit 2011 Metrics Track<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session055&action=edit>
>
> *Risk Metrics<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>
> *
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Colin Watson <colin.watson at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session056&action=edit>
>
> *Tools Interoperability (Data Instrumentation)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>
> *
>
> DELIVERABLE: A standard schema for describing application security risks of
> all types, with a place for all relevant information – whether derived
> statically, dynamically, manually, or architecturally.
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session057&action=edit>
>
> *Metrics and Labelling<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>
> *
>
> DELIVERABLE: White paper sketching out a standard for a software security
> label and a plan to finalize the standard.
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Colin Watson <colin.watson at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session058&action=edit>
>
> *Counting and scoring application security defects<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>
> *
>
> DELIVERABLE: White paper sketching out a standard for rating risks that
> accomodates individual minor defects all the way through architectural flaws
> (that may represent many individual defects)
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session059&action=edit>
>
> *Measuring SDLC process performance<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>
> *
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Justin Clarke <justin at gdssecurity.com>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Colin Watson
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session085>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session085&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session086&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037&action=edit>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/d/dc/T._browser_security.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
> *
> Category: Summit 2011 Browser Security Track<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session001&action=edit>
>
> *Browser Security Working Group<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>
> *
>
>    1. Work on and discuss how to enhance enduser security in web
>    applications,
>    2. Work on and discuss browser-based countermeasures against XSS, CSRF,
>    man-in-the-middle, man-in-the-browser and full remote access exploits
>
> DELIVERABLE: White paper describing specific recommendations for browser
> vendors.
>
> John Wilander <john.wilander at owasp.org>
>
> Email John Wilander if you are unable to edit the Wiki and would like to
> sign up! <john.wilander at owasp.org>
>
> Michael Coates
>
> Colin Watson
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session002&action=edit>
>
> *Sandboxing<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session003&action=edit>
>
> *Securing Plugins<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>
> *
>
> DELIVERABLE: A whitepaper with concrete recommendations for:
>
> -         Developers to build secure plugins
>
> -         Users to select, install, and use plugins securely
>
> -         Browser makers to defend against malicious plugins
>
> -         Recommendations for shared security controls that plugins can
> share
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session004&action=edit>
>
> *Enduser Warnings<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>
> *
>
> DELIVERABLE: White paper capturing specific recommendations to browser
> makers about making effective warnings.
>
>
>
> DELIVERABLE: Awareness materials (such as posters, logos, banners, etc…) to
> help raise awareness about the meaning and consequences of the different
> enduser warnings
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session005&action=edit>
>
> *Blacklisting<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session006&action=edit>
>
> *OS Integration<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session007&action=edit>
>
> *JavaScript<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session008>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session008&action=edit>
>
> *New HTTP Headers<http://www.owasp.org/index.php/Working_Sessions_Browser_Working_Group_New_HTTP_Headers>
> *
>
> DELIVERABLE White paper (standard?) describing (for each new header): what
> the problem is, why a new header will help, and recommendations for
> implementation of the new header on both browser and server-side.
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session046>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session046&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session087>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session087&action=edit>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/e/e6/T._cross_site.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
> *
> Category: Summit 2011 XSS Eradication Track<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session009&action=edit>
>
> *XSS and the Frameworks<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>
> *
>
>    1. Work on how OWASP can engage with the major web frameworks to move
>    towards a "secure by default" stance
>    2. Work on OWASP resources to provide patches/design approaches in
>    conjunction with the frameworks
>
> DELIVERABLE: White paper or standard for what we want the web frameworks to
> provide in terms of XSS defenses.  Turning the XSS Prevention Cheat Sheet
> into a standard/metric for frameworks would be great.
>
> DELIVERABLE: OWASP Standard defining an appraisal methodology for a
> framework’s XSS prevention capability based on the other deliverable.
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session010>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session010&action=edit>
>
> *XSS - Awareness, Resources, and Partnerships<http://www.owasp.org/index.php/Working_Sessions_XSS_AwarnessResourcesPartnerships>
> *
>
>    1. Work on what partners we can reach, and what resources they can
>    provide us access to
>    2. Work on who we can work with to reach a maximum amount of developers
>    writing web applications
>    3. Plan engagement with identified organizations
>    4. Plan a call to action for OWASP chapters for identified XSS
>    resources
>
> DELIVERABLE: A concrete, specific business plan for investing OWASP Funds
> in a campaign designed to ensure that every developer knows about XSS and
> what to do to prevent it.  The plan should have specific goals, measures,
> and targets over time so we know if it is on track.
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session043&action=edit>
>
> *WAF Mitigations for XSS<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>
> *
>
>    1. Improve XSS Attack Payload Detection Techniques
>    2. Identifying Improper Output Handling Flaws in Web Apps
>    3. Feasibility of Profile Page Scripts/Iframes
>    4. Testing Injection of JS Sandbox Code in Responses
>
> DELIVERABLE: White paper describing “Next Generation WAF Capabilities” such
> as the ones described above.  Include areas requiring additional research
> and funding.
>
> Ryan Barnett <ryan.barnett at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session044>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session044&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session045>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session045&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session049>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session049&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session038>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session038&action=edit>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/5/53/T._mitigation.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
> *
> Category: Summit 2011 Mitigation Track<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session091&action=edit>
>
> *Virtual Patching Best Practices<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>
> *
>
>    1. Identify which attacks/vulnerabilities are best suited for virtual
>    patching
>    2. Identify which tools are best suited for virtual patching (appliance
>    vs. embedded, WAFs vs IPS, etc...)
>    3. Identify who should be responsible for virtual patching
>    4. How to develop/test virtual patches
>
> DELIVERABLE: White paper on “Effective Virtual Patching” that discusses the
> scenarios above.
>
> Ryan Barnett <ryan.barnett at owasp.org>
>
> Colin Watson
>
> Achim Hoffmann <achim at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session092&action=edit>
>
> *Scaling Web Application Security Testing<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>
> *
>
> DELIVERABLE: A white paper describing strategies for scaling application
> security verification programs beyond a single application at a time.
> Should address achieving coverage of expected controls, depth of assurance,
> both automated and manual approaches, custom rules, rule management, rule
> deployment.
>
> Arian Evans
> Dinis Cruz
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session093&action=edit>
>
> *How to report known security vulnerabilities (for websites)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>
> *
>
>    1. Discuss the OWASP strategy and policy on responsible disclosure of
>    known vulnerabilities in public web applications.
>    2. Should OWASP provide an OT10-Leaks platform in a country with legal
>    protection for anonymous sources?
>
> DELIVERABLE: A white paper evaluating the various options for handing
> discovered vulnerabilities.  Possible standards and recommendations
> associated with the options.
>
> Dinis Cruz / Seba
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session094>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session094&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session095>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session095&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session096>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session096&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session097>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session097&action=edit>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/e/ef/T._university.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Training_Track>
> *
> Category: Summit 2011 University Education Training Track<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Training_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session012&action=edit>
>
> *University Outreach<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>
> *
>
>    1. Estimation of Security prorams currently exist in university
>    settings around the world
>    2. How can OWASP participate and influence the curricula of these
>    educational programs?
>    3. How can we foster relationships between OWASP and universities?
>    4. How can the relationship between OWASP and universities be
>    standardized?
>    5. What can OWASP offer universities and what can they, in turn, expect
>    from each other?
>
> DELIVERABLE: A study with facts, numbers, and other metrics about
> application secuirity in academia.  The  OWASP Academic State of the World.
>
> DELIVERABLE: A white paper with strategies for infiltrating academia with
> our priorities.
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>
>
> Heiko Richler <heiko.richler at ohm-hochschule.de>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session024&action=edit>
>
> *Computer Crime Laws<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>
> *
>
>    1. Understand the current laws/frameworks in place in relation to
>    computer crime and prevention
>    2. Discuss ways these laws are currently failing consumers in
>    protecting assets
>    3. Discuss possible amendments to the laws/frameworks to better protect
>    the public
>
> DELIVERABLE: A study evaluating the existing computer crime laws and how
> they might be applied to the current set of application security attacks.
> Recommendations for a new legal framework.
>
> Daniel Cuthbert <Daniel.Cuthbert at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session040&action=edit>
>
> *OWASP Academies<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>
> *
>
>    1. Identification of goals;
>    2. Definition of methodology;
>    3. Analysis of legal aspects and relationship with Universities, other
>    Academic institutions and Governmental initiatives;
>    4. Identification of Trainers and their involvement;
>    5. Certification of Contents and materials.
>
> DELIVERABLE: Deliver the above as a fundable business plan complete with
> financial and resource requirements, timelines, metrics, etc…
>
> Sandra Paiva <sandra.paiva at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Paulo Coimbra <paulo.coimbra at owasp.org>
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Heiko Richler <heiko.richler at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session041&action=edit>
>
> *OWASP Training<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>
> *
>
>    1. Consolidation of the OWASP Training Model (Paid and Non Paid):
>    2. Methodolgies;
>    3. Contents and materials;
>    4. Trainers Database;
>    5. Training Kit
>
> DELIVERABLE: Deliver the above as a fundable business plan complete with
> financial and resource requirements, timelines, metrics, etc…
>
> Sandra Paiva <sandra.paiva at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Paulo Coimbra <paulo.coimbra at owasp.org>
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Heiko Richler <heiko.richler at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Colin Watson
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Achim Hoffmann <achim at owasp.org>
>
> Mark Bristow <mark.bristow at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session042&action=edit>
>
> *Developer's Security Training Package<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>
> *
>
>    1. To create an organized package that can be used by companies for the
>    purposes of educating developers on securely coding web applications and web
>    services
>
> DELIVERABLE: A curriculum for the above based on OWASP materials and a plan
> to build it out.
>
> Brad Causey <bradcausey at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session069&action=edit>
>
> *OWASP TOP 10 online training in Hacking-Lab<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>
> *
>
>    1. To learn more about the OWASP TOP 10 cases in Hacking-Lab -
>    Vulnerable Apps in HL
>    2. Experience the users's view of a training - lab descriptions,
>    exercises, send-solution, ranking, global ranking, my profile
>    3. Experience the teacher's view of a training - solution movies,
>    accpet or reject solutions from users, solution movie
>    4. Experience the Hacking-Lab LiveCD (accessing the lab), teaming,
>    levels in HL, avatar, rankings
>    5. Talk about a potential collaboration between OWASP and Hacking-Lab
>    for the future. Free OWASP TOP 10 training.
>
> DELIVERABLE: A plan to create free awesome OWASP T10 awareness training
> using HL and others.  Integrate the various environments and create a
> prototype if possible.
>
> Ivan Buetler <ivan.buetler at csnc.ch>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Achim Hoffmann <achim at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session088&action=edit>
>
> *How to present worldwide David Rice's Pollution keynote<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>
> *
>
> DELIVERABLE: A plan for a marketing/awareness campaign that starts to
> promote the top and bottom-line business advantages of application
> security.  Prototype awareness concepts if possible.
>
> Dinis Cruz
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session089&action=edit>
>
> *OWASP Exams<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>
> *
>
>    1. Establish model for CC-licensed exams creation
>    2. Establish model for CC-licensed exams distribution and usage
>    3. Establish a first CC-licensed exam to test the concept (an alpha
>    will be brought to the working session)
>    4. Try OWASP training and exam end-to-end to experience and improve
>    training and exam usage scenarios
>
> DELIVERABLE: A business plan for evaluation by the community at large. What
> is the investment, schedule, metrics, benefit…
>
> Jason Taylor <jason.taylor at owasp.org>
>
> Dinis Cruz
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session039&action=edit>
>
> *OWASP Certification<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>
> *
>
>    1. Determine whether certification would have value for OWASP's
>    Community
>    2. Determine a model by which certification based on OWASP materials
>    could succeed
>    3. Determine a model for creation and distribution of a CC-licensed
>    certification exam based on OWASP materials
>    4. (if agreed) Determine a model for supporting the administration of
>    certification based on OWASP Materials
>
> DELIVERABLE: A business plan for evaluation by the community at large.
>
> Dinis Cruz
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/5/54/T._secure_coding.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track>
> *
> Category: Summit 2011 OWASP Secure Coding Workshop Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session025&action=edit>
>
> *Applying ESAPI Input Validation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>
> *
>
>    1. Serial Decomp: Decode, canonicalize, filter
>    2. Structured data (SSN, CC, etc.)
>    3. Unstructured data (comments, blogs, etc.)
>    4. Other input exaples (ws-, database, etc.)
>
> DELIVERABLE: A clear and concise user guide for getting ESAPI input
> validation up and running.
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Colin Watson
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session026&action=edit>
>
> *Defining AppSensor Detection Points<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>
> *
>
>    1. Understand AppSensor Fundamentals
>    2. Define AppSensor Detection Points applicable to most applications
>    3. Implement detection points into code
>
> DELIVERABLE:
>
> Michael Coates <michael.coates at owasp.org>
>
> Ryan Barnett <Ryan.Barnett at owasp.org>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session027&action=edit>
>
> *Contextual Output Encoding<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>
> *
>
>    1. Provide real-world examples of the ESAPI encoder class stopping
>    injection attacks.
>
> DELIVERABLE: A clear and concise user guide for getting ESAPI encoding up
> and running.
>
> DELIVERABLE: An XSS-Proofing Guideline for UI framework developers on how
> to ensure proper contextual context encoding for browsers.  The goal should
> be XSS is IMPOSSIBLE in their application.
>
> DELIVERABLE: An open letter and offer of support to framework developers to
> think about their security and consider what is available in ESAPI.
>
> Jim Manico <jim.manico at owasp.org>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session028&action=edit>
>
> *Protecting Information Stored Client-Side<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>
> *
>
> DELIVERABLE: A practical guideline (cookbook?) for safely storing
> information in a client program, particularly browsers.  Suggest tying
> recommendations to a threat model.
>
> John Steven <John.Steven at owasp.org>
>
> Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session029&action=edit>
>
> *Protecting Against CSRF<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>
> *
>
>
>
> DELIVERABLE: A practical guideline for protecting against CSRF in the real
> world.
>
>
>
> DELIVERABLE: A concise, clear standard for determining whether an
> application is vulnerable to CSRF.
>
> Eric Sheridan
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Ryan Barnett <Ryan.Barnett at owasp.org>
>
> Colin Watson
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session030&action=edit>
>
> *Providing Access to Persisted Data<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>
> *
>
>    1. Create design and code examples for protecting access to database
>    tables by role
>    2. Create design and code examples for protecting access to data when
>    'auto-wiring' and marshalling
>    3. Create design and code examples for protecting sensitive data at
>    rest
>    4. Create design and code examples for providing SQL-like querying
>    capabilities in a safe manner
>
> DELIVERABLE:  A short reference architecture/coding examples type of
> guideline that clearly explains positive and negative examples of accessing
> persisted data.
>
> Dan Cornell <dan at denimgroup.com>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> Dan Cornell <dan at denimgroup.com>
>
> John Steven <john.steven at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session031&action=edit>
>
> *The Future of the OWASP Secure Coding Workshop<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>
> *
>
>    1. Determine how to scale the idea
>    2. Determine how to get funding for it
>    3. Schedule at least two following OWASP Secure Coding Workshop days in
>    2011
>
> DELIVERABLE: A business plan for OSCW to be evaluated by the community at
> large. What is the investment, schedule, metrics, benefit…
>
> John Steven <john.steven at owasp.org>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Colin Watson
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session032>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session032&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session033>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session033&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session034>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session034&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session047>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session047&action=edit>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/0/04/T._individual_projects.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projects_Track>
> *
> Category: Summit 2011 Individual OWASP Projects Track<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projects_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session062&action=edit>
>
> *ESAPI - Output Validation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>
> *
>
> Jeff Williams <jeff.williams at owasp.org>
> Chris Schmidt <chris.schmidt at owasp.org>
> Jim Manico <jim.manico at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session063&action=edit>
>
> *O2 Platform<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>
> *
>
> DELIVERABLE: ?? Maybe a simple user’s guide that shows how to install,
> configure, and use O2 to do a few simple common things.  Alternatively, how
> about detailed workflows for the more complex features?
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session065&action=edit>
>
> *Mobile Security<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>
> *
>
>    1. *Primary: Create core knowledge base on project wiki site*
>    2. Recruit volunteers to contribute to project
>    3. Establish relationships with key players (i.e. Apple/Google/etc)
>
> DELIVERABLE: A project home page, roadmap, and action plan. Look at the
> OWASP Ecosystem concept to see what all you should have in place.
>
> Mike Zusman <mike.zusman at intrepidusgroup.com>
> David Campbell <dcampbell at owasp.org>
>
> Colin Watson
>
> Tom Neaves <tom.neaves at verizonbusiness.com>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session066&action=edit>
>
> *Development Guide<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>
> *
>
>    1. Discussion of major enhancements to the next version of the
>    development guide.
>
> DELIVERABLE: An updated outline for the development guide that is tied into
> the OWASP common numbering scheme
>
> DELIVERABLE: A short white paper with ideas for revisions to the
> Development Guide for evaluation and discussion by the community at large.
>
> DELIVERABLE: A committed project manager who can reach out to experts to
> get the document completed.
>
> Vishal Garg <vishalgrg at gmail.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session067&action=edit>
>
> *ASVS Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>
> *
>
> DELIVERABLE: A short white paper with ideas for revisions to the ASVS,
> ready for evaluation by the community at large.  Actual suggested revisions
> to the document are helpful, but not required if time does not allow.
>
> Matthias Rohr <mail at matthiasrohr.de>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> Wojciech Dworakowski <wojciech.dworakowski at securing.pl>
>
> Jim Manico <jim.manico at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session068&action=edit>
>
> *Enterprise Web Defense Roundtable<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
> *
>
>    1. What techniques are effective for scaling web security within a
>    large company?
>    2. Strategies for developer education that work?
>    3. Automated defenses - what techniques are currently in use?
>    4. Benefits/considerations for using security bounty programs and
>    public hacking initiatives.
>    5. What can OWASP build or develop to assist with enterprise wide
>    application security?
>
> DELIVERABLE: A white paper detailing specific recommendations for
> Enterprise Web Security.
>
> DELIVERABLE: A plan for building an ecosystem specifically targeting
> enterprise web security. What does it take to scientifically advance the
> state of the art?
>
> Michael Coates <michael.coates at owasp.org>
> Chris Lyon <clyon at mozilla.com>
>
> Colin Watson
>
> Dinis Cruz
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session052&action=edit>
>
> *OWASP Testing Guide<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>
> *
>
> DELIVERABLE: An updated outline for the testing guide that is tied into the
> OWASP common numbering scheme
>
> DELIVERABLE: A short white paper with ideas for revisions to the Testing
> Guide for evaluation and discussion by the community at large.
>
> DELIVERABLE: A committed project manager who can reach out to experts to
> get the document completed.
>
> Matteo Meucci <matteo.meucci at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Colin Watson
>
> Achim Hoffmann <achim at owasp.org>
>
> Tom Neaves <tom.neaves at verizonbusiness.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session053&action=edit>
>
> *OWASP Java Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>
> *
>
>    1. Restart the Java project
>    2. Find new leadership
>    3. Recruit volunteers
>    4. Build a new Roadmap for the project
>
> DELIVERABLE: An updated outline for the Java project that is tied into the
> OWASP common numbering scheme
>
> DELIVERABLE: A committed project manager who can reach out to experts to
> get the project documents completed.
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session048&action=edit>
>
> *OWASP Portuguese Language Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>
> *
>
>    1. Kickstart the project
>    2. Define leadership and roles
>    3. Prioritize documents
>    4. List all Portuguese materials available
>
> DELIVERABLE: A prioritized action plan for getting OWASP materials created
> in Portuguese
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session099&action=edit>
>
> *Threat Modeling<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>
> *
>
>    1. Discuss on various components of threat modeling
>    2. Various threat modeling methodologies and their challenges
>    3. If you have an idea to discuss, please email Anurag Agarwal at
>    anurag at myappsecurity.com
>
> DELIVERABLE: An OWASP standard defining what a threat model is.
>
> DELIVERABLE: A white paper providing recommendations on how organizations
> can use threat modeling to achieve better security earlier in the process.
> Including a business-case rationale for threat modeling would be excellent.
>
> Anurag Agarwal <anurag at myappsecurity.com>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Colin Watson <colin.watson at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Jim Manico <jim.manico at owasp.org>
>
> Neil Matatall <neil at owasp.org>
>
> Christian Martorella <laramies at gmail.com>
>
> Steven van der Baan <steven.van.der.Baan at owasp.org>
>
> Nishi Kumar <nishi787 at hotmail.com>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/c/c6/T._global_committees.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
> *
> Category: Summit 2011 OWASP Governance Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session013&action=edit>
>
> *OWASP Board/Committee Governance<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>
> *
>
>    1. Universal Committee Governance Document/Policies
>    2. Review Board Governance and By-Laws (Including Board
>    composition/elections)
>    3. Committee alignment to OWASP Goals/Mission including Authorities,
>    Individual Missions and Areas of Responsibility (AoR).
>    4. Providing budgets to committees for direct oversight and spending in
>    their AoR
>    5. Additional transparency in OWASP accounting (Expenditures, Expense
>    Reports for Officers/Committee Members.....)
>
> DELIVERABLE: The OWASP 2011 Governance Plan - describing all aspects of the
> OWASP Governance Model, providing commentary on each part of the model, and
> recommending specific changes to the model with a rationale for the
> recommended change.
>
> Mark Bristow <mark.bristow at owasp.org>
> Jason Li <jason.li at owasp.org>
> Tom Brennan <tomb at owasp.org>
>
> Jim Manico <jim at manico.net>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Joe Bernik
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session014&action=edit>
>
> *Projects<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>
> *
>
>    1. Assessment Criteria & Orphaned Projects<http://www.owasp.org/index.php/Working_Sessions_Projects_Assessment_Criteria_and_Orphaned_Projects>
>    2. Funding, Marking & Commercial Services<http://www.owasp.org/index.php/Working_Sessions_Projects_Funding_Marketing_and_Commerical_Services>
>
> DELIVERABLE: The OWASP 2011 Project Plan - describing the state of OWASP
> Projects and making recommendations about how the project model should be
> improved.
>
> DELIVERABLE: A white paper suggesting an approach for how OWASP should
> recognize commercial services that are based on OWASP materials.
>
> Brad Causey <bradcausey at owasp.org>
> Jason Li <jason.li at owasp.org>
>
> Seba <seba at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session015&action=edit>
>
> *Industry<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>
> *
>
> DELIVERABLE: The OWASP 2011 Industry Plan which will describe the plan for
> working with groups like ISC^2, FS-ISAC, and IETF.  The plan should contain
> specific activities, commitments, dates, and expected outcomes.
>
> Yiannis Pavlosoglou <yiannis at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> David Campbell
>
> Eoin Keary
>
> Matt Tesauro
>
> Joe Bernik
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Tobias Gondrom
>
> Vehbi Tasar
>
> Colin Watson
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session016&action=edit>
>
> *Membership<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>
> *
>
>    1. Develop a plan for reaching out to other organizations in order to
>    expand OWASP's exposure to the larger security and developer communities.
>    2. Create a budget and funding plan for the Membership Committee
>    3. Be ready to conduct a survey of new and existing OWASP Members and
>    Supporters. Develop survey questions and specifics for the implementation.
>
> DELIVERABLE: The OWASP 2011 Membership Plan – describing the membership
> program and recommendations, marketing plans. The plan should contain
> specific membership targets for all membership classes and detailed
> strategies for achieving the goals.
>
> Dan Cornell <dan at denimgroup.com>
>
> Michael Coates <michael.coates at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> Dan Cornell <dan at denimgroup.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session017&action=edit>
>
> *Connections<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>
> *
>
> DELIVERABLE: The OWASP 2011 Connection Plan – describing the current
> connections program and detailing the specifics for what will happen in
> 2011.  The plan should contain specific goals and strategies for achieving
> the goals.
>
> Jim Manico <jim.manico at owasp.org>
> Justin Clarke <justin.clarke at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session018&action=edit>
>
> *Chapters<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>
> *
>
>    1. Challenges and solutions to run a successful OWASP chapter
>
> DELIVERABLE: The OWASP 2011 Chapter Plan – describing the current state of
> OWASP chapters worldwide and identifying what will happen in 2011 to grow
> the number of chapters and improve their quality.
>
> Seba <seba at owasp.org>
>
> Mandeep Khera
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session019&action=edit>
>
> *Education<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>
> *
>
>    1. Estimate how the past achievements do support the current
>    educational developments
>    2. Evaluate how we can get the projects involved in developing (or at
>    least reviewing) training material
>    3. Define new goals for the upcoming period
>    4. Define success factors for the upcoming period
>
> DELIVERABLE: The OWASP 2011 Education Plan – describing the specific plans
> for education in 2011 with schedule, targets, action plans, etc…
>
> Martin Knobloch <martin.knobloch at owasp.org>
> Seba <seba at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session020&action=edit>
>
> *Conferences - Improving Conference Planner Support<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>
> *
>
>    1. Discuss the GCC's current 2011 Plan<http://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan>of action and new initiatives
>    2. Review comments provided in the Conference Planner Survey
>    3. Discuss mechanisms to improve Planner/Operational Support
>    4. Discuss mechanisms to improve event marketing/sponsorships
>    5. Discuss Global Conference Sponsorship Plan
>
> DELIVERABLE: The OWASP 2011 Conference Plan – describing the plan for
> continuing to make our conferences even better, specifically defining the
> various tiers of conferences, naming, partnering with other entities, and
> other challenges.
>
> Mark Bristow <mark.bristow at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Ralph Durkee <Ralph.Durkee at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session071&action=edit>
>
> *Tracking OWASP Participation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>
> *
>
>    1. Identify the specific needs for a participation tracking system
>    2. Develop a working framework that provides an open, distributed and
>    accountable mechanism to track participation
>    3. Discuss initial "points system" detail and point values
>    4. Discuss normalization of system points
>
> DELIVERABLE: A white paper recommending an approach for tracking/measuring
> OWASP participation to be used for prioritizing support whenever needed.
>
> Mark Bristow <mark.bristow at owasp.org>
>
> Jason Li <jason.li at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session076>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session076&action=edit>
>
> *Professionalize OWASP<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session076>
> *
>
>    1. Having annual OWASP Foundation Bord Member election? During annual
>    OWASP Summit's?
>    2. Professionalize OWASP PR, hiring more OWASP employees, at least one
>    for PR?
>    3. Hiring more OWASP professionals?
>    4. Paying for OWASP Board Members and OWASP Leaders?
>    5. Creating an European OWASP entity?
>
> DELIVERABLE: A white paper recommending an approach for professionalizing
> OWASP without upsetting the progress we are making in the existing
> structure. Specifically consider the budget requirements for the plan and
> the effect that this would have on existing budgets.
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> Colin Watson
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session035&action=edit>
>
> *Building the OWASP Brazilian Leaders Group<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>
> *
>
>    1. Define the members of the group
>    2. Define the rules of engagement for the group
>    3. Discuss how to fund Brazilian chapters
>    4. Discuss the translation of OWASP materials to Portuguse
>    5. Define the rules for hosting AppSec Brazil
>
> DELIVERABLE: A white paper describing how OWASP can build and expand a
> bridge with Brazil specifically considering how it can serve as a model for
> working with other governments around the world.
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session054>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session054&action=edit>
>
>
>
> *[image: Description: Description: Description:
> http://www.owasp.org/images/4/47/T._owasp.jpg]*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
> *
> Category: Summit 2011 OWASP Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session021&action=edit>
>
> *OWASP Around the World<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>
> *
>
>    1. Internationalization
>    2. Global Job Board
>    3. New OWASP chapters in parts of the world where we have not spread
>    much yet
>
> DELIVERABLE: A white paper with specific recommendations on how we can
> ensure the greatest amount of access and involvement with OWASP for all
> people everywhere.
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session022&action=edit>
>
> *What is an OWASP Leader?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>
> *
>
>    1. Define what it means to be an OWASP Leader
>
> DELIVERABLE: A standard defining exactly what characterizes an OWASP
> Leader, for use in providing benefits and prioritizing support.
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session023>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session023&action=edit>
>
> *Overhauling the OWASP Website<http://www.owasp.org/index.php/Working_Sessions_OWASP_Website>
> *
>
>    1. Revisit goals from previous working session<http://www.owasp.org/index.php/OWASP_Working_Session_-_OWASP_Website>
>    2. Identify available Google Apps (e.g. Code Review, Moderator, Short
>    Links, Project Hosting, Groups, etc) that we can leverage to support OWASP
>    Website Infrastructure.
>    3. Review Website Overhaul Proposal<http://www.owasp.org/index.php?title=Website_Overhaul_Proposal&action=edit&redlink=1>for consideration
>    4. Decide what elements should be outsourced/contracted to expedite
>    implementation
>    5. Resolve on schedule for achieving goals
>
> DELIVERABLE: A project plan describing the future of web support for the
> OWASP ecosystem (think social) that covers all the various constituents,
> stakeholders, users, leaders, etc…. The plan will define all the steps
> necessary to get there and provide a rough estimate of the effort to get
> there.  To the maximum extent possible, the plan will be designed to be
> parallelizable so that parts can be worked independently.
>
> Jason Li <jason.li at owasp.org>
>
> Larry Casey
>
> Achim Hoffmann <achim at owasp.org>
>
> Michael Coates
>
> Colin Watson
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Dinis Cruz
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session070&action=edit>
>
> *Managing the OWASP Brand<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>
> *
>
> DELIVERABLE: A white paper describing the OWASP brand and the challenges of
> getting people to use the brand without abusing it. The paper will update
> the OWASP Brand Guidelines and make recommendations about other ways to
> promote and protect the brand.
>
> Jason Li <jason.li at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session072&action=edit>
>
> *Developer Outreach<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>
> *
>
> DELIVERABLE: A white paper describing strategies for reaching developers
> with OWASP philosophy, materials, tools, etc…
>
> Mark Bristow <mark.bristow at owasp.org>
> Jason Li <jason.li at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session073&action=edit>
>
> *Privacy - Personal Data/PII, Legislation and OWASP<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>
> *
>
>    1. Discuss whether OWASP needs to be more proactive about privacy
>    2. Define how we build privacy matters into existing tools and
>    resources
>    3. Identify gaps
>
> DELIVERABLE: A white paper discussing how the privacy ecosystem overlaps
> with the OWASP ecosystem and whether there should be more bridges built
> between them.
>
> Colin Watson <colin.watson(at)owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session074&action=edit>
>
> *Replicating Samy's EU Tour across OWASP<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>
> *
>
> DELIVERABLE: A white paper describing the outcomes from Samy’s EU tour and
> whether it is something that we can or should replicate.
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session075&action=edit>
>
> *S is for Safety (as well as Security)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>
> *
>
>    1. Define how OWASP can take the lead in *application security for
>    safety*
>
> DELIVERABLE: A white paper describing how the safety ecosystem overlaps
> with the OWASP ecosystem and whether there should be more bridges built
> between them.
>
> Colin Watson <colin.watson(at)owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session060&action=edit>
>
> *OWASP Quotes<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>
> *
>
>    1. Open letter to governments
>    2. Open letter to insurance companies
>    3. Tools inoperability
>    4. Tools customization by security consultants
>    5. Wiki leaks & WebAppSec
>
> DELIVERABLE: A white paper on how OWASP can use “quotes” effectively to
> drive awareness and action.  The paper will suggest specific strategies for
> obtaining, vetting, and promoting quotes to achieve our aims.
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session061&action=edit>
>
> *Did OWASP Failed to achieve its full potential? (and lessons learned)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>
> *
>
> DELIVERABLE: A white paper capturing possible missed opportunities during
> the 2000’s and suggesting strategies for doing better in the 2010’s.
>
> Dinis Cruz
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session077&action=edit>
>
> *Should OWASP hire a Chief Executive Officer (CEO)?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>
> *
>
> DELIVERABLE: A white paper analyzing the governance structure of OWASP and
> recommending whether or not the investment in a CEO would be cost-effective.
>
> TBD
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Dinis Cruz
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session078&action=edit>
>
> *Less preaching to the choir, engage more with the outsiders<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>
> *
>
> TBD
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session079&action=edit>
>
> *Investment justification for Web Application Security<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>
> *
>
> TBD
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session080&action=edit>
>
> *Should OWASP work directly with PCI-DSS?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>
> *
>
> TBD
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session081&action=edit>
>
> *How can OWASP reach/talk/engage with developers<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>
> *
>
> TBD
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session082&action=edit>
>
> *How can OWASP reach/talk/engage with auditors<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>
> *
>
>    1. Educate security professionals and developers on, and dispel the
>    myths about, audit and control
>    2. Educate auditors on OWASP, software development and web &
>    application security
>    3. Discuss ways OWASP can help security pros, developers and auditors
>    work together for mutual benefit and world domination
>
> DELIVERABLE: A white paper describing  specific strategies for interacting
> with auditors as described above.
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session083&action=edit>
>
> *OWASP and Facebook, Lessons Learned<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>
> *
>
> Jim Manico <jim at manico.net>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session084&action=edit>
>
> *Creating an Application Security Career - For the Average IT/Network
> Security Practitioner<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>
> *
>
> TBD
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session090>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session090&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session098>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session098&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session100>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session100&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session101>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session101&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session102>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session102&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session103>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session103&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session104>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session104&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session105>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session105&action=edit>
>
> *Subcategories*
>
> This category has the following 10 subcategories, out of 10 total.
>
>
>
>
>
>
>
>
>
>
>
> --Jeff
>
>
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Paulo Coimbra
> *Sent:* Thursday, January 20, 2011 10:39 AM
> *To:* 'Kate Hartmann'; 'Sandra Paiva'; 'sarah cruz'; 'Deb Brewer'; 'Linda
> Potjes'; 'Sarah Baso'
> *Cc:* 'OWASP Foundation Board List'; owasp-summit-2011 at lists.owasp.org
> *Subject:* Re: [Owasp-board] We need to begin to direct appropriately
>
>
>
> All,
>
>
>
> As you know we had recently asked our community to work a bit more on the
> working sessions by adding more content and detailing as much possible
> overview, objectives, outcomes and participants. We are meanwhile diving
> into the content already available to try and find out a way to increase its
> coherence so as to create the conditions for us to have a productive
> meeting. We are also thinking about a new template - simpler to work with
> and abler to capture the entire range of questions implicit in each WS. We
> will inform you if we manage to build anything new and, for us, better than
> the template currently in use.
>
>
>
> We have also been told that Jeff Williams will work on this issue and we
> will be ready to seek convergence with his initiative as soon as his path
> allows us to engage. While this is being done we will make sure that
> requests to create or change the current WS are timely answered.
>
>
>
>
>
> Thanks,
>
> - Paulo
>
>
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra>
>
>
>
> *From:* Kate Hartmann [mailto:kate.hartmann at owasp.org]
> *Sent:* quinta-feira, 20 de Janeiro de 2011 03:43
> *To:* paulo.coimbra at owasp.org; Sandra Paiva; sarah cruz; Deb Brewer; Linda
> Potjes; Sarah Baso
> *Cc:* dinis.cruz at owasp.org
> *Subject:* We need to begin to direct appropriately
>
>
>
> All, following up on my email from yesterday, I have posted roles here:
> http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_.28Who_do_I_ask.3F.29
>
>
>
> Paulo and Sandra, when will you be arriving so we can include your
> information.
>
>
>
> I also need some contact information for Marta.
>
>
>
> We have about 19 days left:  http://countdown.onlineclock.net/  I don’t
> know how to get this onto the wiki, but it would be cool.
>
>
>
> Anyway, I highly recommend that we begin to really settle into our roles.
> Paulo and Sandra, you will probably be more and more busy with the working
> sessions as we get closer to February 8, 2011, so please let the group know
> how we should help!  You two are the wiki masters!
>
>
>
> I hope to fill out these roles in the upcoming days with more specific
> tasks, but for now I’m fairly confident we all have plenty to keep us busy.
>
>
>
>
> If you have any questions/concerns, please don’t hesitate to raise your
> voice.
>
>
>
> Thank you!
>
>
>
>
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/95454d7a/attachment-0002.html>


More information about the Owasp-board mailing list