[Owasp-board] [Owasp-leaders] Fwd: Project Summit countdown

Andrew van der Stock vanderaj at owasp.org
Mon Feb 9 21:30:24 UTC 2015


+1000

On Tue, Feb 10, 2015 at 4:49 AM, Jim Manico <jim.manico at owasp.org> wrote:

> I personally feel that projects are heavily underfunded and would support
> a large investment if there is a clear path for how those funds will be
> used.
>
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Feb 9, 2015, at 6:13 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
> Hi Josh
>
> I think indeed that I need to create a break down for the actual projects
> leaders that have reacted and a projection for the expected ones by tomorrow
> With this info, then we can have a budget that you can vote for, including
> the main goals
>
> I'm also in favor of spending money wisely with a clear expected output,
> not just to hang around and have fun in Amsterdam ;-)
>
> My personal target is to review projects and communicate regarding the
> review process and how to improve this. Also to automate some of the
> process during the summit
>
> Regards
>
> Johanna
>
> On Mon, Feb 9, 2015 at 12:21 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> Johanna,
>>
>> I think that the majority of the Board is in favor of this and sees the
>> value in it.  The challenge is that you've come to us with it after money
>> was budgeted for 2015 so we would have to pillage from elsewhere in order
>> to make this happen.  More money = more pillaging so we have to be
>> conservative with the budget.  How much do we anticipate for "coffee
>> breaks" for the summit?  How much do we anticipate for tickets,
>> accommodation, and food?  How many people would we actually get off that
>> money?  What are the goals and deliverables that will come out of this
>> summit?  It becomes a question of ROI at this point and the Board has a
>> responsibility to maximize the reward for the Foundation.  If we're
>> spending $10k for four people to get together and drink coffee, that's
>> probably not money well spent, but if we're spending $50k for a code-a-thon
>> where 20 people get together and drastically improve upon our OWASP
>> toolset, then that's a huge reward.  For all of our conferences, we ask the
>> planners to put together a budget that shows anticipated revenue and
>> expenses as well as to provide conference deliverables.  My personal
>> opinion is that a summit is no different than a conference, just with a
>> different target audience, and that a similar plan should be drafted.  Can
>> you put something more formal together that the Board can vote on?  It's
>> all very nebulous at this point.
>>
>> ~josh
>>
>> On Mon, Feb 9, 2015 at 6:53 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Josh
>>>
>>> Tentatively? Lets be more specific ;-)
>>> Does the board agree yes or no?
>>>
>>> The money as I have mentioned, will be used to pay the tickets,
>>> accommodation and coffee breaks
>>> Depending how many leaders would like to assist then I create a
>>> breakdown of the cost per leaders (Ticket/Accommodation/Food) and Coffee
>>> breaks for in between the sessions. We have 2 rooms but if more projects
>>> wants to attend , then we need probably 2 or 3 rooms more
>>>
>>>
>>>    - Flagship leaders have highest prio
>>>    - Then LABS
>>>    - and then the best out of the incubators
>>>
>>>
>>> The selection is based on their activity level which we have being
>>> monitoring through the reviews.
>>>
>>> If everyone would like to come, I know 10K won't be enough. Probably it
>>> will be around 30 to 40K if everyone wants to have sessions but we can
>>> accommodate more than one session in one room as done during APPSEC 2013 US.
>>>
>>> Please let me know what we can expect from the board and if there is an
>>> agreement for the 10k at least, be aware, more leaders, then we have more
>>> costs but It will be great if we can have at least the top projects leaders
>>> together. ZAP and OWTF,ASVS and Dev Guide and  have said yes, but please,
>>> be clear if we can count on this budget
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>>
>>> On Sun, Feb 8, 2015 at 10:41 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>>
>>>> Johanna,
>>>>
>>>> Just to be clear, I believe the Board tentatively approved your request
>>>> for the $10k, but requested that you provided a more detailed budget
>>>> showing what you intended to use the money for.  I don't remember you
>>>> asking if you could solicit sponsors through OWASP, but I, personally,
>>>> don't see any reason why we couldn't help with that part of the fundraising.
>>>>
>>>> ~josh
>>>>
>>>> On Sun, Feb 8, 2015 at 5:06 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> Hi Collin
>>>>>
>>>>> Indeed my mistake, we didn't set a deadline yet,however by first week
>>>>> of March we will close the participation opportunity. We have publish an
>>>>> invitation for participation through the OWASP connector
>>>>>
>>>>> My answers below
>>>>>
>>>>> 1. The comment about "launch and or promote" in that email confused me
>>>>> because I thought summits were to generate outputs. Is it more like a
>>>>> project showcase? If so, are OWASP projects not a part of the main
>>>>> conference program?
>>>>>
>>>>> *A summit is not a showcase but an opportunity to have all leaders
>>>>> together to discuss and generate output, guidelines, give direction , take
>>>>> decision regarding the direction of projects in general. But I think we
>>>>> might turn towards Showcases instead of Summits*
>>>>>
>>>>> 2. The AppsecEU website doesn't mention this summit. What will be done
>>>>> to promote it?
>>>>> *Correct. We are looking to first determine how many leaders want to
>>>>> assist, apply for a budget and sponsoring in order to publish this
>>>>> together *
>>>>>
>>>>> 3. Who is getting paid/what?
>>>>>
>>>>> *We are looking for sponsors to at least pay for accommodation and
>>>>> tickets. The Boards has not answer my question if there is available budget
>>>>> for this and if I can send invitation through OWASP to get sponsors. I have
>>>>> proposed to ask for sponsors that could help us cover the expenses. This
>>>>> summit should have the leaders of the Flagship projects, LABS and the best
>>>>> out of the incubators. An invitation was sent to the Flagships and, only a
>>>>> couple of them reacted that they could assist*
>>>>>
>>>>> 4 . The date and that there are two rooms appear to be new information
>>>>> today. What else can be shared please?
>>>>>
>>>>> *We are looking for budget but important to determine is, how many
>>>>> leaders are willing to assist in order to create a final budget
>>>>> covering accommodation/tickets and food for them. No leaders, no summit.*
>>>>>
>>>>> 5. What else will the summit be competing with on the same day?
>>>>> *The conference sessions on that day*
>>>>>
>>>>>
>>>>> Hope this has clarified your questions.
>>>>>
>>>>> regards
>>>>>
>>>>> Johanna
>>>>>
>>>>> On Sun, Feb 8, 2015 at 3:56 PM, colin.watson at owasp.org <
>>>>> colin.watson at owasp.org> wrote:
>>>>>
>>>>>> Joanna
>>>>>>
>>>>>> The Amsterdam "project summit " invitation I saw was sent on 21st
>>>>>> January:
>>>>>>
>>>>>>
>>>>>> http://lists.owasp.org/pipermail/owasp-leaders/2015-January/013715.html
>>>>>>
>>>>>> What is the deadline please?
>>>>>>
>>>>>> Could you provide any more detrimental than appear in the firm's
>>>>>> questions?
>>>>>>
>>>>>> 1. The comment about "launch and or promote" in that email confused
>>>>>> me because I thought summits were to generate outputs. Is it more like a
>>>>>> project showcase? If so, are OWASP projects not a part of the main
>>>>>> conference program?
>>>>>>
>>>>>> 2. The AppsecEU website doesn't mention this summit. What will be
>>>>>> done to promote it?
>>>>>>
>>>>>> 3. Who is getting paid/what?
>>>>>>
>>>>>> 4 . The date and that there are two rooms appear to be new
>>>>>> information today. What else can be shared please?
>>>>>>
>>>>>> 5. What else will the summit be competing with on the same day?
>>>>>>
>>>>>> I am sure other projects will want to participate.
>>>>>>
>>>>>> Regards Colin
>>>>>>
>>>>>> ----- Reply message -----
>>>>>> From: "johanna curiel curiel" <johanna.curiel at owasp.org>
>>>>>> To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>>>>>> Subject: [Owasp-leaders] Fwd: Project Summit countdown
>>>>>> Date: Sun, Feb 8, 2015 18:29
>>>>>>
>>>>>>
>>>>>>
>>>>>> >Back to the Project Summit, the interesting question is: *should
>>>>>> OWASP invest 50k or 100k on its projects? *
>>>>>>
>>>>>> Well that is the golden question. I have the impression that key
>>>>>> decision makers are reluctant for this part, since it is not clear what
>>>>>> will be the output from this. This has being mentioned to me in the past.
>>>>>>
>>>>>> The question is, how effective is to invest 50 or 100k in a summit
>>>>>> and what do we get out of it?
>>>>>>
>>>>>> I think OWASP should at least invest and help promote those flagship
>>>>>> projects and LABS/Incubators doing an excellent work . That is how Project
>>>>>> leaders can promote and spread the word out about their projects with OWASP
>>>>>> support. But, what about new blood and innovative thinking? I'm seeing many
>>>>>> vulnerabilities that are not being handle with new projects or fresh
>>>>>> approaches.
>>>>>>
>>>>>> The key factor is, there is low participation and motivation within
>>>>>> the Project leaders. There is not really new blood of ideas coming in and
>>>>>> some leaders have decided to start their projects outside OWASP.
>>>>>>
>>>>>> This is what we need to change and reach, more participation,
>>>>>> community bonding and innovative projects.
>>>>>>
>>>>>> *An idea*
>>>>>> All major flagship/LABS and the best incubators projects should be
>>>>>> present at Defcon/OWASP conference  for the "OWASP Hackaton Contest"
>>>>>>
>>>>>> Budget: 50,000K
>>>>>> Goals:
>>>>>>
>>>>>>    - Build new features for OWASP projects,
>>>>>>    - Promote OWASP projects and Chapters
>>>>>>    - Help actual projects to move fwd with development
>>>>>>    - Get new volunteers to work on projects
>>>>>>    - Start new innovative projects
>>>>>>
>>>>>> OWASP Hackaton Activities:
>>>>>>
>>>>>>    - Help build new features,
>>>>>>    - Start a new innovative project
>>>>>>    - Become an owaps member/volunteer/start a chapter
>>>>>>    - Write documentation,
>>>>>>    - Motivation for participation: get recognition and a
>>>>>>    price(plenty small prices can be given away such as : Drinks/Food vouchers
>>>>>>    , T-Shirts etc).
>>>>>>
>>>>>> This hackaton should be fun, and help people connect and participate
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On Sun, Feb 8, 2015 at 1:08 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Johanna, as you are seeing, it's really hard to create an OWASP
>>>>>>> Project Summit with the current model (with little funding, with no
>>>>>>> dedicated team, attached to a conference, etc..)
>>>>>>>
>>>>>>> The formula that worked in the past was to start with a set budget
>>>>>>> (lets say 50k to 100k) and :
>>>>>>>
>>>>>>>    - use those funds to make sure the key players (in this case
>>>>>>>    project leaders and 'new players') are going to attend (by offering to
>>>>>>>    cover all travel and accommodation expenses (while asking them if they can
>>>>>>>    get their employee to pay instead))
>>>>>>>    - hire a dedicated summit team (for that period)
>>>>>>>    - secure dedicated venue and summit resources
>>>>>>>    - generate a huge amount of energy about the summit sessions
>>>>>>>    (starting by inventing all sorts of sessions, until the real sessions
>>>>>>>    become solid)
>>>>>>>    - cast a very wide net of 'invitations to attend the summit'
>>>>>>>    (with the vision that* 'the summit is THE place to be, where all
>>>>>>>    the key players will be in the same location, and  where REAL work can be
>>>>>>>    done'*)
>>>>>>>
>>>>>>> The hard part is making people 'believe' in the Summit. The
>>>>>>> objective is for our leaders (and attendees) to create the sessions that
>>>>>>> THEY want to attend (on top of the infrastructure provided by the Summit).
>>>>>>> By definition those sessions will be interested to others, and eventually a
>>>>>>> virtuous cycle will start to occur.
>>>>>>>
>>>>>>> Back to the Project Summit, the interesting question is: *should
>>>>>>> OWASP invest 50k or 100k on its projects? *
>>>>>>>
>>>>>>> I think the answer is *YES *since Owasp's projects are critical
>>>>>>> part of OWASP (which deserves solid investment)
>>>>>>>
>>>>>>> Here are some of my blog posts about my views on OWASP Summits and
>>>>>>> OWASP Projects
>>>>>>>
>>>>>>>    - Summits must be part of OWASP's DNA
>>>>>>>    <http://blog.diniscruz.com/2012/04/summits-must-be-part-of-owasps-dna.html>
>>>>>>>
>>>>>>>    - Great description of why OWASP Summits are special
>>>>>>>    <http://blog.diniscruz.com/2012/04/great-description-of-why-owasp-summits.html>
>>>>>>>
>>>>>>>    - OWASP Revenue Splits and the "Non-profits have a charter to be
>>>>>>>    innovators"
>>>>>>>    <http://blog.diniscruz.com/2012/12/owasp-revenue-splits-and-non-profits.html>
>>>>>>>
>>>>>>>    - I want to vote for a Summit Team+Vision , NOT for a venue
>>>>>>>    <http://blog.diniscruz.com/2012/04/i-want-to-vote-for-summit-teamvision.html>
>>>>>>>
>>>>>>>    - Some proposed Visions for next OWASP Summit
>>>>>>>    <http://blog.diniscruz.com/2012/04/some-proposed-visions-for-next-owasp.html>
>>>>>>>
>>>>>>>    - Why large OWASP projects start to stale (and who should pay
>>>>>>>    for the work)
>>>>>>>    <http://blog.diniscruz.com/2012/04/why-large-owasp-projects-start-to-stale.html>
>>>>>>>
>>>>>>>    - OWASP: Proposed change for SoC: Use budget to pay for project
>>>>>>>    related expenses
>>>>>>>    <http://blog.diniscruz.com/2009/06/owasp-proposed-change-for-soc-use.html>
>>>>>>>
>>>>>>>    - Sometimes the best response is just say 'YES'
>>>>>>>    <http://blog.diniscruz.com/2012/10/sometimes-best-response-is-just-say-yes.html>
>>>>>>>
>>>>>>>    - I wish that OWASP in 2014 ....
>>>>>>>    <http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html>
>>>>>>>
>>>>>>>    - OWASP Principles based on NHS?
>>>>>>>    <http://blog.diniscruz.com/2013/01/owasp-principles-based-on-nhs.html>
>>>>>>>
>>>>>>>    - On how to get paid to work on OWASP projects
>>>>>>>    <http://blog.diniscruz.com/2013/01/on-how-to-get-paid-to-work-on-owasp.html>
>>>>>>>
>>>>>>>    - ROI on OWASP investment on Projects (ie paying leaders)
>>>>>>>    <http://blog.diniscruz.com/2012/04/roi-on-owasp-investment-on-projects-ie.html>
>>>>>>>
>>>>>>>    - Improved Wikipedia funding page, why OWASP needs something
>>>>>>>    similar, and who buys OWASP Corporate Memberships
>>>>>>>    <http://blog.diniscruz.com/2012/11/improved-wikipedia-funding-page-why.html>
>>>>>>>
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Dinis
>>>>>>>
>>>>>>> On 7 February 2015 at 19:47, johanna curiel curiel <
>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>
>>>>>>>> Board and Project Leaders
>>>>>>>>
>>>>>>>> After a first call to get people to assist and participate into the
>>>>>>>> Project Summit NL, only 2 major projects(Flagship) have reacted and would
>>>>>>>> like to participate.
>>>>>>>>
>>>>>>>>    - OWASP ZAP
>>>>>>>>    - OWTF
>>>>>>>>
>>>>>>>> Right now we have 2 rooms available for this day-20th May (Martin
>>>>>>>> please confirm if this is still the case)
>>>>>>>>
>>>>>>>> For the rest I think we definitely need to breed in new life into
>>>>>>>> projects participation. It can be that for projects with leaders located in
>>>>>>>> USA, it will be more convenient to have a small summit there specially for
>>>>>>>> them or, we can try to promote participation to projects (looking for
>>>>>>>> volunteers, starting a project etc).
>>>>>>>>
>>>>>>>> So far , I don't think we can call this a Project Summit , and it
>>>>>>>> might get down to ZAP/OWTF summit
>>>>>>>>
>>>>>>>> In that case is essential to know:
>>>>>>>>
>>>>>>>>    - Identify how many people will be assisting to the ZAP and
>>>>>>>>    OWTF session
>>>>>>>>    - IF Traveling tickets and accommodation could be paid for
>>>>>>>>    ZAP/OWTF leaders
>>>>>>>>    - Coffee break sponsorship for the attendees of this summit
>>>>>>>>
>>>>>>>> That will basically resume the costs. based on this low attendance
>>>>>>>> I don't think I'll be present in Amsterdam.
>>>>>>>>
>>>>>>>> I think we need to think of another strategy to promote Owasp
>>>>>>>> projects through summits if we want to continue with this. What do we want
>>>>>>>> to achieve indeed?
>>>>>>>>
>>>>>>>> My impression is that no new innovative projects are being started
>>>>>>>> at OWASP.
>>>>>>>> We definitely need new 'blood' and innovative thinkers
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Johanna
>>>>>>>>
>>>>>>>>  --
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "OWASP Projects Task Force" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to projects-task-force+unsubscribe at owasp.org.
>>>>>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com
>>>>>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>>>> .
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150210/1d671a9e/attachment-0001.html>


More information about the Owasp-board mailing list