[Owasp-board] Information about OWASP China & SecZone

Sarah Baso sarah.baso at owasp.org
Wed Nov 23 19:17:30 UTC 2011


Matt -
You may realize this already, but  http://www.owasp.org.cn/ is the local
OWASP page for OWASP China because they are not able to access the wiki.

Sarah

On Wed, Nov 23, 2011 at 12:38 PM, Matt Tesauro <matt.tesauro at owasp.org>wrote:

> Interesting that SecZone has a link on their page to
> http://www.owasp.org.cn/
>
> and what Google Translate thinks of that site:
>
>
> http://translate.google.com/translate?sl=zh-CN&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=www.owasp.org.cn&act=url
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
>
> On Wed, Nov 23, 2011 at 9:58 AM, Tom Brennan <tomb at owasp.org> wrote:
>
>> That would be http://www.seczone.org/
>>
>> 2011/11/23 Sarah Baso <sarah.baso at owasp.org>:
>> > Kate -
>> > Here is I have learned about OWASP China and its "parent organization"
>> > SecZone.
>> > In China, OWASP is not a stand-alone legal entity. Instead, a
>> non-profit was
>> > formed with the name Security Zone (SecZone) to handle the OWASP
>> finances.
>> > Additionally, Ivy Zhang is a full time employee of SecZone who, from my
>> > understanding, is paid to handle all things OWASP-related (OWASP China
>> > chapters, projects, and conference).  So, they have a full time employee
>> > dedicated to OWASP. That being said, the organization of SecZone is not
>> just
>> > OWASP - it is also an organization that promotes and facilitates
>> internet
>> > security research.
>> > Here is more information on the organization:
>> > www.seczone.org.cn
>> > >From Ivy, I have attached the registration certification, tax
>> registration,
>> > and Organization code certificate. Ivy has translated the registration
>> > certification as follows and I have asked for a translation of the
>> other 2
>> > documents.
>> >  Non-enterprise Unit Registration Certification
>> > Issuing authority: Bureau of Civil Affairs in Shenzhen Municipal
>> > Issuing Date: Dec 7th, 2010
>> > Expiring Date: Dec 7th, 2014
>> > Name: Shenzhen Open Source Internet Security Research Center(Translated
>> > according to the Chinese
>> > meaning. Its english name is Security Zone, shorted as Seczone.)
>> > Address: Room 1912, CEC Information Building East,No.1 Xinwen Road,
>> > Shenzhen,518034, PRC.
>> > Legal representative: Zhenhua Wan(Rip Torn)
>> > Registered capital: RMB 50,000
>> > Unit in Charge:Shenzhen Science and Technology Association
>> > Business Range: internet security research, implementing internet
>> security
>> > benchmark, making internet security standards in China.
>> > About SecZone (English translation): Internet security research center
>> > focused on cutting-edge Internet security technology research. Our
>> mission
>> > is to introduce, absorb, the purpose of innovation, constantly absorbing
>> > domestic and foreign newest and most professional security technology,
>> and
>> > innovation applied to the various domestic industries, to promote
>> domestic
>> > Internet security technology.
>> > Internet Security Research Centre for the industry's leading security
>> > vendors and service providers to provide a neutral test security
>> products
>> > and solutions, businesses can securely over the Internet Research Center
>> > analysis needs to choose their own products and solutions
>> > From my perspective, if SecZone is a third party for handling money in
>> > China, this isn't necessarily a problem... but I think we need to
>> > investigate a bit more about the operation of things. Also, I think
>> there
>> > should be more transparency about how they are running things.  Ivy
>> said at
>> > the chapter leaders workshop that it is not possible for OWASP to
>> become a
>> > legal entity in China, and while I am not necessarily disagreeing, I
>> would
>> > like some insight into why this is.  Also, I think we should learn about
>> > SecZone and where their funding comes from.
>> > Ivy has told me that no membership fees have been collected by people
>> > involved in OWASP China, but next year SecZone would like to start
>> asking
>> > for people who will pay for memberships (as we handle memberships here).
>> >  However, they will need to process the memberships in China through
>> SecZone
>> > and keep the money there.  Also, they have questions about whether our
>> > liability insurance (or to what extent our insurance) applies to them.
>>  I
>> > know for purposes of the conference, we explicitly signed a contract
>> with
>> > SecZone to handle finances:
>> >
>> https://docs.google.com/a/owasp.org/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNNmNlNmUyMzMtZmYzNC00NWU3LWIyNzgtNzRlMTdlZGMxMTBj&hl=en
>> >
>> > Also, here are the documents I put together from the events in China
>> earlier
>> > this month:
>> > Report on AppSec Asia 2011 event:
>> >
>> https://docs.google.com/a/owasp.org/document/d/1JPRW33-rimragfGw9gF8wW5mabwQdQ5IShA0ZF_PB3k/edit?hl=en_US
>> > Meeting minutes from Chapters
>> > Workshop:
>> https://docs.google.com/a/owasp.org/document/d/1z_3ehI9T_lIeMmkeUo9QL9mbjh8ygSKquVlBaJY7ed4/edit?hl=en_US
>> >
>> > I think we should consider some sort of legal agreement expressly
>> stating
>> > what we (OWASP Foundation - US) are agreeing to and authorizing SecZone
>> to
>> > handle on our behalf.  Additionally, if Ivy IS exclusively handling
>> OWASP
>> > things in China, maybe we can find a better way to integrate her with
>> our
>> > operations team?
>> > Ivy, and the leaders of OWASP China also are considering how to
>> structure
>> > their OWASP Chapter(s) within China.  Right now they exist as one big
>> > chapter consisting of mainland China (Hong Kong has its own chapter).
>>  They
>> > would like to break this up into possibly 5 different cities, but are
>> unsure
>> > on the best way to structure this... the two options seem to be:
>> > 1. Instead of 1 OWASP China-Mainland Chapter, we would have 5 smaller
>> > chapters such as OWASP Beijing Chapter, OWASP City 2 Chapter, etc.
>>  These
>> > chapters would all exist in the same flat structure as the other OWASP
>> > Chapters throughout the world.
>> > 2. OWASP China - Mainland continues to exist as a country-wide "board"
>> that
>> > oversees the smaller Chinese sub-chapters.  This is slightly
>> > more hierarchical and apparently is the structure used in India (and
>> Brazil
>> > is also considering it).  The local chapters have leaders/boards and
>> then a
>> > national level board would resolve disputes and make other decisions.
>> > Right now, option #2 is the preference of OWASP China - but they are
>> open to
>> > suggestion from us (or the Chapter Committee).
>> > This is quite a bit of new information for me, and I expect for others
>> as
>> > well. I am not sure what our next steps are but at a minimum, I think
>> there
>> > is more information to be gathered to help us understand the full scope
>> of
>> > relationships and how we can better work together with them.
>> > Regards,
>> > Sarah
>> > --
>> > Administrator for
>> > OWASP Global Conference Committee
>> > OWASP Global Chapter Committee
>> > Dir: 312-869-2779
>> > skype: sarah.baso
>> >
>> >
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >
>> >
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>


-- 
Administrator for
OWASP Global Conference Committee
OWASP Global Chapter Committee

Dir: 312-869-2779
skype: sarah.baso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20111123/0f51dfcf/attachment-0002.html>


More information about the Owasp-board mailing list