[Owasp-board] BugCroud

Jim Manico jim.manico at owasp.org
Tue Dec 23 19:46:36 UTC 2014


I agree, it completely changes the face of conferences to more of a 
populist conference as opposed to an expert-driven conference.

And this might be a *really good thing* and I like the idea overall. I 
think we should experiment with caution here for a regional or small 
conference where the conference staff is willing.

It's always a good idea to be careful when your core income is on the 
line. :)

Aloha,
Jim


On 12/23/14 9:42 AM, Martin Knobloch wrote:
> ‎Fabio,
>
> We do have a voting system. There is an international Programm 
> Committee voting in the trainings and presentations.
>
> To have, as Jim suggested, the registered attendees voting is a 
> different game!
>
> Cheers,
> -martin
>
>
> *Van: *Fabio Cerullo
> *Verzonden: *dinsdag 23 december 2014 20:34
> *Aan: *Jim Manico
> *Cc: *OWASP Board List
> *Onderwerp: *Re: [Owasp-board] BugCroud
>
>
> I like it... HITB, Infiltrate, BSides allow the attendees to select 
> the talks through a voting system.
>
> Do we go for a spin with an OWASP conference?
>
> Regards
> Fabio
>
> On Tue, Dec 23, 2014 at 1:07 AM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Thanks for pointing this out, Tom. There is a trend here. The
>     Hack-In-The-Box series is experimenting with the same thing.
>
>     1) Speakers submit talks as normal
>     2) Attendees are tasked to register early
>     3) Paid attendees use voting system to pick talks
>     4) Conference becomes 100% attendee driven
>
>     This changes focus on security conferences dramatically. The
>     number of "toasters getting hacked" talks drops off, and frankly
>     the number of "elite only" talks drops off. The conference becomes
>     more educational in nature; and more community driven.
>
>     I would love to experiment with this at OWASP.
>
>     - Jim
>
>
>     On 12/22/14 5:01 PM, Tom Brennan wrote:
>
>         Related more to CFP but this is cool let the attendees pick
>         the agenda
>
>         https://www.syscan.org/index.php/sg/cfp/vote/
>
>         Now that's transparency
>
>         Tom Brennan
>         973-202-0122
>
>             On Dec 22, 2014, at 6:25 PM, Eoin Keary
>             <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
>
>             +1
>
>             Sent from my iPhone
>
>                 On 20 Dec 2014, at 02:07, Michael Coates
>                 <michael.coates at owasp.org
>                 <mailto:michael.coates at owasp.org>> wrote:
>
>                 Hey Jim
>
>                 As someone who go is planning appsecusa 2015 here are
>                 my thoughts.
>
>                 1. Open call for activities. So bugcrowd and anyone
>                 else can submit a proposal for activity x.
>
>                 2. Making it clear that this is an add on activity
>                 coordinated by vendor x (e.g along the lines you
>                 mentioned if specifically vendor not Owasp)
>
>                 And don't get me wrong, these companies are all great.
>                 But it's about clearly delineating Owasp vs vendor
>                 items and making an open playing field for all to submit.
>
>
>
>                     On Dec 19, 2014, at 4:56 PM, Jim Manico
>                     <jim.manico at owasp.org
>                     <mailto:jim.manico at owasp.org>> wrote:
>
>                     Board,
>
>                     BugCroud has been setting up events at OWASP
>                     conferences that concearn me. They are doing
>                     "bugbashes" which are CTF's that use the BugCroud
>                     closed-source commercial platform. These CTF's go
>                     after public websites that have open bug bounties,
>                     but still, it uses the BugCroud platform to track
>                     these efforts. Since this is a commercial
>                     platform, this falls under a vendor sponsorship
>                     program as opposed to an event they can host at
>                     our conference "for free".
>
>                     So I suggest we charge for vendor sponsorship fees
>                     and move the BugBash program to the vendor area so
>                     it's clear this is not an official OWASP program.
>
>                     If OWASP wants to do a "public conference" CTF in
>                     a more premium area of the conference, I'd like to
>                     see us using a platform that is open source like
>                     the OWASP CTF project. If a vendor wants to use
>                     their commercial platform to do a CTF at an
>                     official OWASP conference, that sounds like a
>                     vendor sponsorship event/opportunity.
>
>                     Aloha,
>                     Jim
>
>                     _______________________________________________
>                     Owasp-board mailing list
>                     Owasp-board at lists.owasp.org
>                     <mailto:Owasp-board at lists.owasp.org>
>                     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>                 _______________________________________________
>                 Owasp-board mailing list
>                 Owasp-board at lists.owasp.org
>                 <mailto:Owasp-board at lists.owasp.org>
>                 https://lists.owasp.org/mailman/listinfo/owasp-board
>
>             _______________________________________________
>             Owasp-board mailing list
>             Owasp-board at lists.owasp.org
>             <mailto:Owasp-board at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-board
>
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141223/9abc0322/attachment.html>


More information about the Owasp-board mailing list