[Owasp-board] [Owasp-leaders] Fwd: Project Summit countdown

Josh Sokol josh.sokol at owasp.org
Mon Feb 9 02:41:06 UTC 2015


Johanna,

Just to be clear, I believe the Board tentatively approved your request for
the $10k, but requested that you provided a more detailed budget showing
what you intended to use the money for.  I don't remember you asking if you
could solicit sponsors through OWASP, but I, personally, don't see any
reason why we couldn't help with that part of the fundraising.

~josh

On Sun, Feb 8, 2015 at 5:06 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Collin
>
> Indeed my mistake, we didn't set a deadline yet,however by first week of
> March we will close the participation opportunity. We have publish an
> invitation for participation through the OWASP connector
>
> My answers below
>
> 1. The comment about "launch and or promote" in that email confused me
> because I thought summits were to generate outputs. Is it more like a
> project showcase? If so, are OWASP projects not a part of the main
> conference program?
>
> *A summit is not a showcase but an opportunity to have all leaders
> together to discuss and generate output, guidelines, give direction , take
> decision regarding the direction of projects in general. But I think we
> might turn towards Showcases instead of Summits*
>
> 2. The AppsecEU website doesn't mention this summit. What will be done to
> promote it?
> *Correct. We are looking to first determine how many leaders want to
> assist, apply for a budget and sponsoring in order to publish this
> together *
>
> 3. Who is getting paid/what?
>
> *We are looking for sponsors to at least pay for accommodation and
> tickets. The Boards has not answer my question if there is available budget
> for this and if I can send invitation through OWASP to get sponsors. I have
> proposed to ask for sponsors that could help us cover the expenses. This
> summit should have the leaders of the Flagship projects, LABS and the best
> out of the incubators. An invitation was sent to the Flagships and, only a
> couple of them reacted that they could assist*
>
> 4 . The date and that there are two rooms appear to be new information
> today. What else can be shared please?
>
> *We are looking for budget but important to determine is, how many leaders
> are willing to assist in order to create a final budget
> covering accommodation/tickets and food for them. No leaders, no summit.*
>
> 5. What else will the summit be competing with on the same day?
> *The conference sessions on that day*
>
>
> Hope this has clarified your questions.
>
> regards
>
> Johanna
>
> On Sun, Feb 8, 2015 at 3:56 PM, colin.watson at owasp.org <
> colin.watson at owasp.org> wrote:
>
>> Joanna
>>
>> The Amsterdam "project summit " invitation I saw was sent on 21st January:
>>
>> http://lists.owasp.org/pipermail/owasp-leaders/2015-January/013715.html
>>
>> What is the deadline please?
>>
>> Could you provide any more detrimental than appear in the firm's
>> questions?
>>
>> 1. The comment about "launch and or promote" in that email confused me
>> because I thought summits were to generate outputs. Is it more like a
>> project showcase? If so, are OWASP projects not a part of the main
>> conference program?
>>
>> 2. The AppsecEU website doesn't mention this summit. What will be done to
>> promote it?
>>
>> 3. Who is getting paid/what?
>>
>> 4 . The date and that there are two rooms appear to be new information
>> today. What else can be shared please?
>>
>> 5. What else will the summit be competing with on the same day?
>>
>> I am sure other projects will want to participate.
>>
>> Regards Colin
>>
>> ----- Reply message -----
>> From: "johanna curiel curiel" <johanna.curiel at owasp.org>
>> To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>> Subject: [Owasp-leaders] Fwd: Project Summit countdown
>> Date: Sun, Feb 8, 2015 18:29
>>
>>
>>
>> >Back to the Project Summit, the interesting question is: *should OWASP
>> invest 50k or 100k on its projects? *
>>
>> Well that is the golden question. I have the impression that key decision
>> makers are reluctant for this part, since it is not clear what will be the
>> output from this. This has being mentioned to me in the past.
>>
>> The question is, how effective is to invest 50 or 100k in a summit and
>> what do we get out of it?
>>
>> I think OWASP should at least invest and help promote those flagship
>> projects and LABS/Incubators doing an excellent work . That is how Project
>> leaders can promote and spread the word out about their projects with OWASP
>> support. But, what about new blood and innovative thinking? I'm seeing many
>> vulnerabilities that are not being handle with new projects or fresh
>> approaches.
>>
>> The key factor is, there is low participation and motivation within the
>> Project leaders. There is not really new blood of ideas coming in and some
>> leaders have decided to start their projects outside OWASP.
>>
>> This is what we need to change and reach, more participation, community
>> bonding and innovative projects.
>>
>> *An idea*
>> All major flagship/LABS and the best incubators projects should be
>> present at Defcon/OWASP conference  for the "OWASP Hackaton Contest"
>>
>> Budget: 50,000K
>> Goals:
>>
>>    - Build new features for OWASP projects,
>>    - Promote OWASP projects and Chapters
>>    - Help actual projects to move fwd with development
>>    - Get new volunteers to work on projects
>>    - Start new innovative projects
>>
>> OWASP Hackaton Activities:
>>
>>    - Help build new features,
>>    - Start a new innovative project
>>    - Become an owaps member/volunteer/start a chapter
>>    - Write documentation,
>>    - Motivation for participation: get recognition and a price(plenty
>>    small prices can be given away such as : Drinks/Food vouchers , T-Shirts
>>    etc).
>>
>> This hackaton should be fun, and help people connect and participate
>>
>> regards
>>
>> Johanna
>>
>> On Sun, Feb 8, 2015 at 1:08 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>
>>> Hi Johanna, as you are seeing, it's really hard to create an OWASP
>>> Project Summit with the current model (with little funding, with no
>>> dedicated team, attached to a conference, etc..)
>>>
>>> The formula that worked in the past was to start with a set budget (lets
>>> say 50k to 100k) and :
>>>
>>>    - use those funds to make sure the key players (in this case project
>>>    leaders and 'new players') are going to attend (by offering to cover all
>>>    travel and accommodation expenses (while asking them if they can get their
>>>    employee to pay instead))
>>>    - hire a dedicated summit team (for that period)
>>>    - secure dedicated venue and summit resources
>>>    - generate a huge amount of energy about the summit sessions
>>>    (starting by inventing all sorts of sessions, until the real sessions
>>>    become solid)
>>>    - cast a very wide net of 'invitations to attend the summit' (with
>>>    the vision that* 'the summit is THE place to be, where all the key
>>>    players will be in the same location, and  where REAL work can be done'*
>>>    )
>>>
>>> The hard part is making people 'believe' in the Summit. The objective is
>>> for our leaders (and attendees) to create the sessions that THEY want to
>>> attend (on top of the infrastructure provided by the Summit). By definition
>>> those sessions will be interested to others, and eventually a virtuous
>>> cycle will start to occur.
>>>
>>> Back to the Project Summit, the interesting question is: *should OWASP
>>> invest 50k or 100k on its projects? *
>>>
>>> I think the answer is *YES *since Owasp's projects are critical part of
>>> OWASP (which deserves solid investment)
>>>
>>> Here are some of my blog posts about my views on OWASP Summits and OWASP
>>> Projects
>>>
>>>    - Summits must be part of OWASP's DNA
>>>    <http://blog.diniscruz.com/2012/04/summits-must-be-part-of-owasps-dna.html>
>>>
>>>    - Great description of why OWASP Summits are special
>>>    <http://blog.diniscruz.com/2012/04/great-description-of-why-owasp-summits.html>
>>>
>>>    - OWASP Revenue Splits and the "Non-profits have a charter to be
>>>    innovators"
>>>    <http://blog.diniscruz.com/2012/12/owasp-revenue-splits-and-non-profits.html>
>>>
>>>    - I want to vote for a Summit Team+Vision , NOT for a venue
>>>    <http://blog.diniscruz.com/2012/04/i-want-to-vote-for-summit-teamvision.html>
>>>
>>>    - Some proposed Visions for next OWASP Summit
>>>    <http://blog.diniscruz.com/2012/04/some-proposed-visions-for-next-owasp.html>
>>>
>>>    - Why large OWASP projects start to stale (and who should pay for
>>>    the work)
>>>    <http://blog.diniscruz.com/2012/04/why-large-owasp-projects-start-to-stale.html>
>>>
>>>    - OWASP: Proposed change for SoC: Use budget to pay for project
>>>    related expenses
>>>    <http://blog.diniscruz.com/2009/06/owasp-proposed-change-for-soc-use.html>
>>>
>>>    - Sometimes the best response is just say 'YES'
>>>    <http://blog.diniscruz.com/2012/10/sometimes-best-response-is-just-say-yes.html>
>>>
>>>    - I wish that OWASP in 2014 ....
>>>    <http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html>
>>>    - OWASP Principles based on NHS?
>>>    <http://blog.diniscruz.com/2013/01/owasp-principles-based-on-nhs.html>
>>>
>>>    - On how to get paid to work on OWASP projects
>>>    <http://blog.diniscruz.com/2013/01/on-how-to-get-paid-to-work-on-owasp.html>
>>>
>>>    - ROI on OWASP investment on Projects (ie paying leaders)
>>>    <http://blog.diniscruz.com/2012/04/roi-on-owasp-investment-on-projects-ie.html>
>>>
>>>    - Improved Wikipedia funding page, why OWASP needs something
>>>    similar, and who buys OWASP Corporate Memberships
>>>    <http://blog.diniscruz.com/2012/11/improved-wikipedia-funding-page-why.html>
>>>
>>>
>>> Thanks
>>>
>>> Dinis
>>>
>>> On 7 February 2015 at 19:47, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Board and Project Leaders
>>>>
>>>> After a first call to get people to assist and participate into the
>>>> Project Summit NL, only 2 major projects(Flagship) have reacted and would
>>>> like to participate.
>>>>
>>>>    - OWASP ZAP
>>>>    - OWTF
>>>>
>>>> Right now we have 2 rooms available for this day-20th May (Martin
>>>> please confirm if this is still the case)
>>>>
>>>> For the rest I think we definitely need to breed in new life into
>>>> projects participation. It can be that for projects with leaders located in
>>>> USA, it will be more convenient to have a small summit there specially for
>>>> them or, we can try to promote participation to projects (looking for
>>>> volunteers, starting a project etc).
>>>>
>>>> So far , I don't think we can call this a Project Summit , and it might
>>>> get down to ZAP/OWTF summit
>>>>
>>>> In that case is essential to know:
>>>>
>>>>    - Identify how many people will be assisting to the ZAP and OWTF
>>>>    session
>>>>    - IF Traveling tickets and accommodation could be paid for ZAP/OWTF
>>>>    leaders
>>>>    - Coffee break sponsorship for the attendees of this summit
>>>>
>>>> That will basically resume the costs. based on this low attendance I
>>>> don't think I'll be present in Amsterdam.
>>>>
>>>> I think we need to think of another strategy to promote Owasp projects
>>>> through summits if we want to continue with this. What do we want to
>>>> achieve indeed?
>>>>
>>>> My impression is that no new innovative projects are being started at
>>>> OWASP.
>>>> We definitely need new 'blood' and innovative thinkers
>>>>
>>>>
>>>> Regards
>>>>
>>>> Johanna
>>>>
>>>>  --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP Projects Task Force" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to projects-task-force+unsubscribe at owasp.org.
>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com
>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>>
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150208/7a543480/attachment-0001.html>


More information about the Owasp-board mailing list