[Owasp-board] BugCroud

Bev Corwin bev.corwin at owasp.org
Tue Dec 23 16:03:11 UTC 2014


+1 Also, if vendors want to submit to a call, include them and ask them to
follow guidelines, "no pitching" for example. Keep content educational,
sharing research, case studies, etc. Have all content reviewed. Have
someone who is not on the review / selection committee assigned to work
with vendors to help them prepare appropriate content. Any conversations
about sponsorships are prohibited in these discussions, and referred to
appropriate trained staff and/or volunteers for discussions. Vendors are
stakeholders in the larger "ecosystem" model and broaden the "end user" to
include everyone's perspectives. Just be sure to create appropriate global,
fair guidelines for everyone.

Bev


On Mon, Dec 22, 2014 at 11:07 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Thanks for pointing this out, Tom. There is a trend here. The
> Hack-In-The-Box series is experimenting with the same thing.
>
> 1) Speakers submit talks as normal
> 2) Attendees are tasked to register early
> 3) Paid attendees use voting system to pick talks
> 4) Conference becomes 100% attendee driven
>
> This changes focus on security conferences dramatically. The number of
> "toasters getting hacked" talks drops off, and frankly the number of "elite
> only" talks drops off. The conference becomes more educational in nature;
> and more community driven.
>
> I would love to experiment with this at OWASP.
>
> - Jim
>
>
> On 12/22/14 5:01 PM, Tom Brennan wrote:
>
>> Related more to CFP but this is cool let the attendees pick the agenda
>>
>> https://www.syscan.org/index.php/sg/cfp/vote/
>>
>> Now that's transparency
>>
>> Tom Brennan
>> 973-202-0122
>>
>>  On Dec 22, 2014, at 6:25 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>
>>> +1
>>>
>>> Sent from my iPhone
>>>
>>>  On 20 Dec 2014, at 02:07, Michael Coates <michael.coates at owasp.org>
>>>> wrote:
>>>>
>>>> Hey Jim
>>>>
>>>> As someone who go is planning appsecusa 2015 here are my thoughts.
>>>>
>>>> 1. Open call for activities. So bugcrowd and anyone else can submit a
>>>> proposal for activity x.
>>>>
>>>> 2. Making it clear that this is an add on activity coordinated by
>>>> vendor x (e.g along the lines you mentioned if specifically vendor not
>>>> Owasp)
>>>>
>>>> And don't get me wrong, these companies are all great. But it's about
>>>> clearly delineating Owasp vs vendor items and making an open playing field
>>>> for all to submit.
>>>>
>>>>
>>>>
>>>>  On Dec 19, 2014, at 4:56 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>
>>>>> Board,
>>>>>
>>>>> BugCroud has been setting up events at OWASP conferences that concearn
>>>>> me. They are doing "bugbashes" which are CTF's that use the BugCroud
>>>>> closed-source commercial platform. These CTF's go after public websites
>>>>> that have open bug bounties, but still, it uses the BugCroud platform to
>>>>> track these efforts. Since this is a commercial platform, this falls under
>>>>> a vendor sponsorship program as opposed to an event they can host at our
>>>>> conference "for free".
>>>>>
>>>>> So I suggest we charge for vendor sponsorship fees and move the
>>>>> BugBash program to the vendor area so it's clear this is not an official
>>>>> OWASP program.
>>>>>
>>>>> If OWASP wants to do a "public conference" CTF in a more premium area
>>>>> of the conference, I'd like to see us using a platform that is open source
>>>>> like the OWASP CTF project. If a vendor wants to use their commercial
>>>>> platform to do a CTF at an official OWASP conference, that sounds like a
>>>>> vendor sponsorship event/opportunity.
>>>>>
>>>>> Aloha,
>>>>> Jim
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141223/1b0d227a/attachment-0001.html>


More information about the Owasp-board mailing list