[Owasp-board] Information about OWASP China & SecZone

Sarah Baso sarah.baso at owasp.org
Wed Nov 23 20:17:04 UTC 2011


Setting up a mirror or something like that is on China's "wish list" from
the chapters workshop. There is a lot of interest there to get more engaged
in OWASP projects and do translation but they just don't have access right
now to the info. So, after the upgrades I would support it moving to the
top of the list:)

Sarah

Sent from my iPhone

On Nov 23, 2011, at 1:38 PM, Matt Tesauro <mtesauro at gmail.com> wrote:

Sarah,

Actually, I had no idea that was the case.  I hadn't seen
www.owasp.org.cnuntil earlier today.  I also had no idea that the
great firewall of China
was blocking www.owasp.org

Perhaps after the infrastructure upgrades (e.g. move to Rackspace cloud
hosting + Akamai) the situation will be better for OWASP China.  If not we
can investigate providing China a way to mirror the www.owasp.org wiki.
 Something to consider.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Wed, Nov 23, 2011 at 1:17 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

> Matt -
> You may realize this already, but  http://www.owasp.org.cn/ is the local
> OWASP page for OWASP China because they are not able to access the wiki.
>
> Sarah
>
>
> On Wed, Nov 23, 2011 at 12:38 PM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>
>> Interesting that SecZone has a link on their page to
>> http://www.owasp.org.cn/
>>
>> and what Google Translate thinks of that site:
>>
>>
>> http://translate.google.com/translate?sl=zh-CN&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=www.owasp.org.cn&act=url
>>
>> --
>> -- Matt Tesauro
>> OWASP Board Member
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>>
>>
>>
>> On Wed, Nov 23, 2011 at 9:58 AM, Tom Brennan <tomb at owasp.org> wrote:
>>
>>> That would be http://www.seczone.org/
>>>
>>> 2011/11/23 Sarah Baso <sarah.baso at owasp.org>:
>>> > Kate -
>>> > Here is I have learned about OWASP China and its "parent organization"
>>> > SecZone.
>>> > In China, OWASP is not a stand-alone legal entity. Instead, a
>>> non-profit was
>>> > formed with the name Security Zone (SecZone) to handle the OWASP
>>> finances.
>>> > Additionally, Ivy Zhang is a full time employee of SecZone who, from my
>>> > understanding, is paid to handle all things OWASP-related (OWASP China
>>> > chapters, projects, and conference).  So, they have a full time
>>> employee
>>> > dedicated to OWASP. That being said, the organization of SecZone is
>>> not just
>>> > OWASP - it is also an organization that promotes and facilitates
>>> internet
>>> > security research.
>>> > Here is more information on the organization:
>>> > www.seczone.org.cn
>>> > >From Ivy, I have attached the registration certification, tax
>>> registration,
>>> > and Organization code certificate. Ivy has translated the registration
>>> > certification as follows and I have asked for a translation of the
>>> other 2
>>> > documents.
>>> >  Non-enterprise Unit Registration Certification
>>> > Issuing authority: Bureau of Civil Affairs in Shenzhen Municipal
>>> > Issuing Date: Dec 7th, 2010
>>> > Expiring Date: Dec 7th, 2014
>>> > Name: Shenzhen Open Source Internet Security Research Center(Translated
>>> > according to the Chinese
>>> > meaning. Its english name is Security Zone, shorted as Seczone.)
>>> > Address: Room 1912, CEC Information Building East,No.1 Xinwen Road,
>>> > Shenzhen,518034, PRC.
>>> > Legal representative: Zhenhua Wan(Rip Torn)
>>> > Registered capital: RMB 50,000
>>> > Unit in Charge:Shenzhen Science and Technology Association
>>> > Business Range: internet security research, implementing internet
>>> security
>>> > benchmark, making internet security standards in China.
>>> > About SecZone (English translation): Internet security research center
>>> > focused on cutting-edge Internet security technology research. Our
>>> mission
>>> > is to introduce, absorb, the purpose of innovation, constantly
>>> absorbing
>>> > domestic and foreign newest and most professional security technology,
>>> and
>>> > innovation applied to the various domestic industries, to promote
>>> domestic
>>> > Internet security technology.
>>> > Internet Security Research Centre for the industry's leading security
>>> > vendors and service providers to provide a neutral test security
>>> products
>>> > and solutions, businesses can securely over the Internet Research
>>> Center
>>> > analysis needs to choose their own products and solutions
>>> > From my perspective, if SecZone is a third party for handling money in
>>> > China, this isn't necessarily a problem... but I think we need to
>>> > investigate a bit more about the operation of things. Also, I think
>>> there
>>> > should be more transparency about how they are running things.  Ivy
>>> said at
>>> > the chapter leaders workshop that it is not possible for OWASP to
>>> become a
>>> > legal entity in China, and while I am not necessarily disagreeing, I
>>> would
>>> > like some insight into why this is.  Also, I think we should learn
>>> about
>>> > SecZone and where their funding comes from.
>>> > Ivy has told me that no membership fees have been collected by people
>>> > involved in OWASP China, but next year SecZone would like to start
>>> asking
>>> > for people who will pay for memberships (as we handle memberships
>>> here).
>>> >  However, they will need to process the memberships in China through
>>> SecZone
>>> > and keep the money there.  Also, they have questions about whether our
>>> > liability insurance (or to what extent our insurance) applies to them.
>>>  I
>>> > know for purposes of the conference, we explicitly signed a contract
>>> with
>>> > SecZone to handle finances:
>>> >
>>> https://docs.google.com/a/owasp.org/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNNmNlNmUyMzMtZmYzNC00NWU3LWIyNzgtNzRlMTdlZGMxMTBj&hl=en
>>> >
>>> > Also, here are the documents I put together from the events in China
>>> earlier
>>> > this month:
>>> > Report on AppSec Asia 2011 event:
>>> >
>>> https://docs.google.com/a/owasp.org/document/d/1JPRW33-rimragfGw9gF8wW5mabwQdQ5IShA0ZF_PB3k/edit?hl=en_US
>>> > Meeting minutes from Chapters
>>> > Workshop:
>>> https://docs.google.com/a/owasp.org/document/d/1z_3ehI9T_lIeMmkeUo9QL9mbjh8ygSKquVlBaJY7ed4/edit?hl=en_US
>>> >
>>> > I think we should consider some sort of legal agreement expressly
>>> stating
>>> > what we (OWASP Foundation - US) are agreeing to and authorizing
>>> SecZone to
>>> > handle on our behalf.  Additionally, if Ivy IS exclusively handling
>>> OWASP
>>> > things in China, maybe we can find a better way to integrate her with
>>> our
>>> > operations team?
>>> > Ivy, and the leaders of OWASP China also are considering how to
>>> structure
>>> > their OWASP Chapter(s) within China.  Right now they exist as one big
>>> > chapter consisting of mainland China (Hong Kong has its own chapter).
>>>  They
>>> > would like to break this up into possibly 5 different cities, but are
>>> unsure
>>> > on the best way to structure this... the two options seem to be:
>>> > 1. Instead of 1 OWASP China-Mainland Chapter, we would have 5 smaller
>>> > chapters such as OWASP Beijing Chapter, OWASP City 2 Chapter, etc.
>>>  These
>>> > chapters would all exist in the same flat structure as the other OWASP
>>> > Chapters throughout the world.
>>> > 2. OWASP China - Mainland continues to exist as a country-wide "board"
>>> that
>>> > oversees the smaller Chinese sub-chapters.  This is slightly
>>> > more hierarchical and apparently is the structure used in India (and
>>> Brazil
>>> > is also considering it).  The local chapters have leaders/boards and
>>> then a
>>> > national level board would resolve disputes and make other decisions.
>>> > Right now, option #2 is the preference of OWASP China - but they are
>>> open to
>>> > suggestion from us (or the Chapter Committee).
>>> > This is quite a bit of new information for me, and I expect for others
>>> as
>>> > well. I am not sure what our next steps are but at a minimum, I think
>>> there
>>> > is more information to be gathered to help us understand the full
>>> scope of
>>> > relationships and how we can better work together with them.
>>> > Regards,
>>> > Sarah
>>> > --
>>> > Administrator for
>>> > OWASP Global Conference Committee
>>> > OWASP Global Chapter Committee
>>> > Dir: 312-869-2779
>>> > skype: sarah.baso
>>> >
>>> >
>>> > _______________________________________________
>>> > Owasp-board mailing list
>>> > Owasp-board at lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >
>>> >
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>
>>
>
>
> --
> Administrator for
> OWASP Global Conference Committee
> OWASP Global Chapter Committee
>
> Dir: 312-869-2779
> skype: sarah.baso
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20111123/efd27679/attachment-0002.html>


More information about the Owasp-board mailing list