[Owasp-board] Information about OWASP China & SecZone

Sarah Baso sarah.baso at owasp.org
Wed Nov 23 15:05:13 UTC 2011


Sorry - the link for SecZone is www.seczone.org - however today it appears
to be taking a VERY long time to load...

2011/11/23 Sarah Baso <sarah.baso at owasp.org>

> Kate -
>
> Here is I have learned about OWASP China and its "parent organization"
> SecZone.
>
> In China, OWASP is not a stand-alone legal entity. Instead, a non-profit
> was formed with the name Security Zone (SecZone) to handle the OWASP
> finances. Additionally, Ivy Zhang is a full time employee of SecZone who,
> from my understanding, is paid to handle all things OWASP-related (OWASP
> China chapters, projects, and conference).  So, they have a full time
> employee dedicated to OWASP. That being said, the organization of SecZone
> is not just OWASP - it is also an organization that promotes and
> facilitates internet security research.
>
> Here is more information on the organization:
>
> www.seczone.org.cn
>
> From Ivy, I have attached the registration certification, tax
> registration, and Organization code certificate. Ivy has translated the
> registration certification as follows and I have asked for a translation of
> the other 2 documents.
>
> * Non-enterprise Unit Registration Certification
> Issuing authority: Bureau of Civil Affairs in Shenzhen Municipal
> Issuing Date: Dec 7th, 2010
> Expiring Date: Dec 7th, 2014
> Name: Shenzhen Open Source Internet Security Research Center(Translated
> according to the Chinese*
> *meaning. Its english name is Security Zone, shorted as Seczone.)
> Address: Room 1912, CEC Information Building East,No.1 Xinwen Road,
> Shenzhen,518034, PRC.
> Legal representative: Zhenhua Wan(Rip Torn)
> Registered capital: RMB 50,000
> Unit in Charge:Shenzhen Science and Technology Association
> Business Range: internet security research, implementing internet security
> benchmark, making internet security standards in China.*
>
> About SecZone (English translation): Internet security research center
> focused on cutting-edge Internet security technology research. Our mission
> is to introduce, absorb, the purpose of innovation, constantly absorbing
> domestic and foreign newest and most professional security technology, and
> innovation applied to the various domestic industries, to promote domestic
> Internet security technology.
> Internet Security Research Centre for the industry's leading security
> vendors and service providers to provide a neutral test security products
> and solutions, businesses can securely over the Internet Research Center
> analysis needs to choose their own products and solutions
>
> From my perspective, if SecZone is a third party for handling money in
> China, this isn't necessarily a problem... but I think we need to
> investigate a bit more about the operation of things. Also, I think there
> should be more transparency about how they are running things.  Ivy said at
> the chapter leaders workshop that it is not possible for OWASP to become a
> legal entity in China, and while I am not necessarily disagreeing, I would
> like some insight into why this is.  Also, I think we should learn about
> SecZone and where their funding comes from.
>
> Ivy has told me that no membership fees have been collected by people
> involved in OWASP China, but next year SecZone would like to start asking
> for people who will pay for memberships (as we handle memberships here).
>  However, they will need to process the memberships in China through
> SecZone and keep the money there.  Also, they have questions about whether
> our liability insurance (or to what extent our insurance) applies to them.
>  I know for purposes of the conference, we explicitly signed a contract
> with SecZone to handle finances:
>
> https://docs.google.com/a/owasp.org/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNNmNlNmUyMzMtZmYzNC00NWU3LWIyNzgtNzRlMTdlZGMxMTBj&hl=en
>
>
> Also, here are the documents I put together from the events in China
> earlier this month:
> Report on AppSec Asia 2011 event:
>
> https://docs.google.com/a/owasp.org/document/d/1JPRW33-rimragfGw9gF8wW5mabwQdQ5IShA0ZF_PB3k/edit?hl=en_US
>
> Meeting minutes from Chapters Workshop:
> https://docs.google.com/a/owasp.org/document/d/1z_3ehI9T_lIeMmkeUo9QL9mbjh8ygSKquVlBaJY7ed4/edit?hl=en_US
>
>
> I think we should consider some sort of legal agreement expressly stating
> what we (OWASP Foundation - US) are agreeing to and authorizing SecZone to
> handle on our behalf.  Additionally, if Ivy IS exclusively handling OWASP
> things in China, maybe we can find a better way to integrate her with our
> operations team?
>
> Ivy, and the leaders of OWASP China also are considering how to structure
> their OWASP Chapter(s) within China.  Right now they exist as one big
> chapter consisting of mainland China (Hong Kong has its own chapter).  They
> would like to break this up into possibly 5 different cities, but are
> unsure on the best way to structure this... the two options seem to be:
> 1. Instead of 1 OWASP China-Mainland Chapter, we would have 5 smaller
> chapters such as OWASP Beijing Chapter, OWASP City 2 Chapter, etc.  These
> chapters would all exist in the same flat structure as the other OWASP
> Chapters throughout the world.
> 2. OWASP China - Mainland continues to exist as a country-wide "board"
> that oversees the smaller Chinese sub-chapters.  This is slightly
> more hierarchical and apparently is the structure used in India (and Brazil
> is also considering it).  The local chapters have leaders/boards and then a
> national level board would resolve disputes and make other decisions.
>
> Right now, option #2 is the preference of OWASP China - but they are open
> to suggestion from us (or the Chapter Committee).
>
> This is quite a bit of new information for me, and I expect for others as
> well. I am not sure what our next steps are but at a minimum, I think there
> is more information to be gathered to help us understand the full scope of
> relationships and how we can better work together with them.
>
> Regards,
> Sarah
>
> --
> Administrator for
> OWASP Global Conference Committee
> OWASP Global Chapter Committee
>
> Dir: 312-869-2779
> skype: sarah.baso
>
>


-- 
Administrator for
OWASP Global Conference Committee
OWASP Global Chapter Committee

Dir: 312-869-2779
skype: sarah.baso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20111123/ab2bb5dc/attachment-0002.html>


More information about the Owasp-board mailing list