[Owasp-board] Project Summit countdown

johanna curiel curiel johanna.curiel at owasp.org
Sun Feb 8 18:17:11 UTC 2015

>Back to the Project Summit, the interesting question is: *should OWASP
invest 50k or 100k on its projects? *

Well that is the golden question. I have the impression that key decision
makers are reluctant for this part, since it is not clear what will be the
output from this. This has being mentioned to me in the past.

The question is, how effective is to invest 50 or 100k in a summit and what
do we get out of it?

I think OWASP should at least invest and help promote those flagship
projects and LABS/Incubators doing an excellent work . That is how Project
leaders can promote and spread the word out about their projects with OWASP
support. But, what about new blood and innovative thinking? I'm seeing many
vulnerabilities that are not being handle with new projects or fresh

The key factor is, there is low participation and motivation within the
Project leaders. There is not really new blood of ideas coming in and some
leaders have decided to start their projects outside OWASP.

This is what we need to change and reach, more participation, community
bonding and innovative projects.

*An idea*
All major flagship/LABS and the best incubators projects should be present
at Defcon/OWASP conference  for the "OWASP Hackaton Contest"

Budget: 50,000K

   - Build new features for OWASP projects,
   - Promote OWASP projects and Chapters
   - Help actual projects to move fwd with development
   - Get new volunteers to work on projects
   - Start new innovative projects

OWASP Hackaton Activities:

   - Help build new features,
   - Start a new innovative project
   - Become an owaps member/volunteer/start a chapter
   - Write documentation,
   - Motivation for participation: get recognition and a price(plenty small
   prices can be given away such as : Drinks/Food vouchers , T-Shirts etc).

This hackaton should be fun, and help people connect and participate



On Sun, Feb 8, 2015 at 1:08 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Hi Johanna, as you are seeing, it's really hard to create an OWASP Project
> Summit with the current model (with little funding, with no dedicated
> team, attached to a conference, etc..)
> The formula that worked in the past was to start with a set budget (lets
> say 50k to 100k) and :
>    - use those funds to make sure the key players (in this case project
>    leaders and 'new players') are going to attend (by offering to cover all
>    travel and accommodation expenses (while asking them if they can get their
>    employee to pay instead))
>    - hire a dedicated summit team (for that period)
>    - secure dedicated venue and summit resources
>    - generate a huge amount of energy about the summit sessions (starting
>    by inventing all sorts of sessions, until the real sessions become solid)
>    - cast a very wide net of 'invitations to attend the summit' (with the
>    vision that* 'the summit is THE place to be, where all the key players
>    will be in the same location, and  where REAL work can be done'*)
> The hard part is making people 'believe' in the Summit. The objective is
> for our leaders (and attendees) to create the sessions that THEY want to
> attend (on top of the infrastructure provided by the Summit). By definition
> those sessions will be interested to others, and eventually a virtuous
> cycle will start to occur.
> Back to the Project Summit, the interesting question is: *should OWASP
> invest 50k or 100k on its projects? *
> I think the answer is *YES *since Owasp's projects are critical part of
> OWASP (which deserves solid investment)
> Here are some of my blog posts about my views on OWASP Summits and OWASP
> Projects
>    - Summits must be part of OWASP's DNA
>    <http://blog.diniscruz.com/2012/04/summits-must-be-part-of-owasps-dna.html>
>    - Great description of why OWASP Summits are special
>    <http://blog.diniscruz.com/2012/04/great-description-of-why-owasp-summits.html>
>    - OWASP Revenue Splits and the "Non-profits have a charter to be
>    innovators"
>    <http://blog.diniscruz.com/2012/12/owasp-revenue-splits-and-non-profits.html>
>    - I want to vote for a Summit Team+Vision , NOT for a venue
>    <http://blog.diniscruz.com/2012/04/i-want-to-vote-for-summit-teamvision.html>
>    - Some proposed Visions for next OWASP Summit
>    <http://blog.diniscruz.com/2012/04/some-proposed-visions-for-next-owasp.html>
>    - Why large OWASP projects start to stale (and who should pay for the
>    work)
>    <http://blog.diniscruz.com/2012/04/why-large-owasp-projects-start-to-stale.html>
>    - OWASP: Proposed change for SoC: Use budget to pay for project
>    related expenses
>    <http://blog.diniscruz.com/2009/06/owasp-proposed-change-for-soc-use.html>
>    - Sometimes the best response is just say 'YES'
>    <http://blog.diniscruz.com/2012/10/sometimes-best-response-is-just-say-yes.html>
>    - I wish that OWASP in 2014 ....
>    <http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html>
>    - OWASP Principles based on NHS?
>    <http://blog.diniscruz.com/2013/01/owasp-principles-based-on-nhs.html>
>    - On how to get paid to work on OWASP projects
>    <http://blog.diniscruz.com/2013/01/on-how-to-get-paid-to-work-on-owasp.html>
>    - ROI on OWASP investment on Projects (ie paying leaders)
>    <http://blog.diniscruz.com/2012/04/roi-on-owasp-investment-on-projects-ie.html>
>    - Improved Wikipedia funding page, why OWASP needs something similar,
>    and who buys OWASP Corporate Memberships
>    <http://blog.diniscruz.com/2012/11/improved-wikipedia-funding-page-why.html>
> Thanks
> Dinis
> On 7 February 2015 at 19:47, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Board and Project Leaders
>> After a first call to get people to assist and participate into the
>> Project Summit NL, only 2 major projects(Flagship) have reacted and would
>> like to participate.
>>    - OWASP ZAP
>>    - OWTF
>> Right now we have 2 rooms available for this day-20th May (Martin please
>> confirm if this is still the case)
>> For the rest I think we definitely need to breed in new life into
>> projects participation. It can be that for projects with leaders located in
>> USA, it will be more convenient to have a small summit there specially for
>> them or, we can try to promote participation to projects (looking for
>> volunteers, starting a project etc).
>> So far , I don't think we can call this a Project Summit , and it might
>> get down to ZAP/OWTF summit
>> In that case is essential to know:
>>    - Identify how many people will be assisting to the ZAP and OWTF
>>    session
>>    - IF Traveling tickets and accommodation could be paid for ZAP/OWTF
>>    leaders
>>    - Coffee break sponsorship for the attendees of this summit
>> That will basically resume the costs. based on this low attendance I
>> don't think I'll be present in Amsterdam.
>> I think we need to think of another strategy to promote Owasp projects
>> through summits if we want to continue with this. What do we want to
>> achieve indeed?
>> My impression is that no new innovative projects are being started at
>> We definitely need new 'blood' and innovative thinkers
>> Regards
>> Johanna
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150208/91926456/attachment.html>

More information about the Owasp-board mailing list