[Owasp-board] [Owasp-leaders] Fwd: Project Summit countdown

johanna curiel curiel johanna.curiel at owasp.org
Mon Feb 16 15:02:11 UTC 2015


>Are you going to be the overall Summit point of contact and coordinator?

Yes I'll be present, Martin will help us with 2 volunteers to help
coordinate the activities.

regards

Johanna

On Mon, Feb 16, 2015 at 9:58 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Johanna
>
> Thanks for putting this together.
>
> I like the approach of having an agenda for each project and funding
> approval based on that.
>
> I would also set a funding cap for each participating member. Eg. 800 Euro
> x participant (approx. 1000 USD) so there are no last minutes surprises
> regarding costs.
>
> Ideally, we would like the Summit become a regular activity in which our
> active community gather together during a couple of days, brainstorm ideas,
> and make them happen.
>
> So with clear goals, agenda and activities I'm in full support of this
> activity.
>
> Are you going to be the overall Summit point of contact and coordinator?
>
> Thanks again,
>
> Fabio
>
> On Mon, Feb 16, 2015 at 12:27 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Hi Andrew
>>
>> ROI is essential to any initiative we take, we need to set goals and
>> measure results.
>>
>> >So I think we need to be a tiny bit brutal and be focused on what we
>> *specifically* need from any project investments. Maybe we invest in fewer,
>> higher value projects and add more people to each project, so that we get
>> some momentum rather than spread it out across all the projects.
>>
>> Agree and therefore one of the condition of the actual summit is that the
>> project is active and has a positive review. Another is, that they provide
>> a clear agenda.
>>
>> So far we have 6 participation projects (ZAP,OWTF,CRSF,Hackademic and Top
>> 10 Privacy risks, ASVS)
>> All of these projects have positive reviews and a healthy activity level
>>
>> I have reserved a budget for Simon's team but he already mentioned that
>> his team will be paying their own cost. This has been reserved in case of.
>>
>> It is required that the leaders provide an agenda by next week, otherwise
>> they will not have sponsorship.
>>
>> If we move fwd with the summit, my attendance and from Timo will depend
>> of next week reactions on the agenda and off course your final approval.
>>
>> I think with this info you are ready to take a decision if you would like
>> to finance this summit. Also we need to book early so the cost of tickets
>> do not increase by the time we want to reserve
>>
>> So far, we have achieved 11,000 dollar mark. I don't think there will be
>> more projects willing to attend.
>>
>> Please let us know asap your approval or not.
>>
>>
>> https://docs.google.com/spreadsheets/d/1OIUPJ-fBqsrCvphEHOU7qWuIkA-6ab4frXehZmhRpNE/edit#gid=0
>>
>> Regards
>>
>> Johanna
>>
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Feb 16, 2015 at 12:27 AM, Andrew van der Stock <
>> vanderaj at owasp.org> wrote:
>>
>>> Michael,
>>>
>>> I really think we should either aim for one of several models:
>>>
>>> *There are some projects that whilst vital to OWASP's mission, are just
>>> plain difficult to do*. Things like setting out an education syllabus
>>> at a tertiary level requires a university level researcher who understands
>>> pedagogical requirements of tertiary instiutions and solid AppSec outcomes
>>> can build us something. We have not to date - nor I think will ever - find
>>> someone who as a side project will contribute such an enormous effort, and
>>> yet without this key piece of the puzzle, universities will continue to
>>> churn out pen testers, which at best, is a trade. I see this being like a
>>> one year research position, similar to how much of university level
>>> research is made. We have specific requirements for a deliverable, and we
>>> work with say with a chosen institution to get it done on the basis that
>>> the IP and materials at the end comply with our open source licensing
>>> guidelines. This is just one type of Extra Hard Thorny Problem.
>>>
>>> *There are some flagship projects that OWASP is famous for*. We can
>>> probably get funding directly from sponsors on this one, and if we could do
>>> so with sufficient funds to go 24-48 months with a hire in place, we can
>>> getr some immense traction. I'm thinking these positions would be like
>>> Linux Foundation's fellows.
>>>
>>> *There are some flagship projects that just need a bit more of a boost
>>> to get over the line to gain the self-sustaining momentum*, like the
>>> Testing Guide. These could be assisted by making available project grants
>>> so that folks can travel and be accommodated for at least a week,
>>> preferably two, at an AppSec conference nearest them and get the big jobs
>>> done whilst on site. I see this operating like the IBM redbooks residencies
>>> - you are not ever an OWASP employee, but we help you co-invest in your
>>> project by getting the project leads and resources together to build
>>> something specific.
>>>
>>> The problem is that we have had for such a long time that the ONLY
>>> people who cannot be paid by OWASP are the people doing the writing on
>>> projects. Graphic designers can be paid. The publisher can be paid. Firms
>>> can create services from the materials can get paid. Dinis made this really
>>> clear on OWASP-Leaders, and it's pretty much hard wired into the Projects
>>> handbook. This I feel is off putting to those who might otherwise ask how
>>> they can best contribute to OWASP. It's resulted in a lot of smaller
>>> projects of one-two people that don't really change the world, and inaction
>>> of the big projects. Johanna is right - The DevGuide and ASVS are side
>>> projects for me. I can do the ASVS as it's approachable and re-writeable by
>>> one person over a summer break. The DevGuide isn't. The DevGuide needs a
>>> leader who can work full time on it. Whilst I'm a board member, this is
>>> almost certainly not me.
>>>
>>> We spent a lot of money in 2011 on the Portugal Project Summit. I don't
>>> think we invested money wisely in that project summit, because we didn't
>>> get a return on investment. None of the three major guides got a rev during
>>> the year after it. The Top 10 didn't get a rev. Look at all the tracks and
>>> working groups. We didn't get a OWASP Universities outcome. We didn't get
>>> an XSS outcome. As far as I can tell, not one of the tracks produced a
>>> deliverable within 12 months of that summit.
>>>
>>> https://www.owasp.org/index.php/Summit_2011_Attendee
>>>
>>> So I think we need to be a tiny bit brutal and be focused on what we
>>> *specifically* need from any project investments. Maybe we invest in fewer,
>>> higher value projects and add more people to each project, so that we get
>>> some momentum rather than spread it out across all the projects. I don't
>>> know, and I'm a tiny bit conflicted (DevGuide, ASVS). Obviously, if one of
>>> my projects came to a vote, I'd step aside whilst the vote is taken, but we
>>> should probably decide on a budget, a model, and then the projects.
>>> Projects will come and go, but there should always be a budget to be used
>>> and a governance model to make sure the budget investment is used wisely
>>> and produces specific deliverables for OWASP and it's mission both inside
>>> and outside of OWASP.
>>>
>>> The bigger projects - if we decide on those they we think are valuable
>>> and should continue - need some form of investment. We've spent perilously
>>> close to zero dollars since 2011 on projects. This must change, and we must
>>> shout it from the rooftops once we decide on strategic projects and
>>> investment models.
>>>
>>> Thoughts?
>>>
>>> Andrew
>>>
>>>
>>> On Tue, Feb 10, 2015 at 10:44 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Micheal,
>>>>
>>>> I think you have made a good point.
>>>>
>>>> My experience with projects is, that only the people that can dedicate
>>>> a lot of time to their projects, will see them flourish
>>>>
>>>> If most :Leaders have full time jobs and try todo this on the side,
>>>> they don't get as much as progress as the other ones.
>>>>
>>>> Improving the OWASP inventory has taken also a period of 2 years where
>>>> we have now in place a reasonable way of reviewing and cleaning the
>>>> inventory but there is still some work to do on this part
>>>>
>>>> if we are looking for innovation, then, another strategy is definitely
>>>> needed from the actual one.
>>>>
>>>> regards
>>>>
>>>> Johanna
>>>>
>>>> On Tue, Feb 10, 2015 at 12:32 AM, Michael Coates <
>>>> michael.coates at owasp.org> wrote:
>>>>
>>>>> I think that challenge is for us to solve. How would projects spend
>>>>> money? We've done this exercise before and we have no bites.
>>>>> https://www.owasp.org/index.php/Funding
>>>>>
>>>>> So what are we missing? We've provided guidelines on acceptable
>>>>> expenditures and haven't had anyone raise ideas different than those.
>>>>>
>>>>> As a thought exercise let's allocate 100k to projects this moment
>>>>> (just hypothetical) where would it actually be spent? Why is our current
>>>>> approach not working?
>>>>>
>>>>> Is it time to fully switch to hired developers and further specific
>>>>> objectives? Or should we keep muddling around with limited gains?
>>>>>
>>>>> Which furthers the mission more?
>>>>>
>>>>>
>>>>>
>>>>> On Feb 9, 2015, at 1:30 PM, Andrew van der Stock <vanderaj at owasp.org>
>>>>> wrote:
>>>>>
>>>>> +1000
>>>>>
>>>>> On Tue, Feb 10, 2015 at 4:49 AM, Jim Manico <jim.manico at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> I personally feel that projects are heavily underfunded and would
>>>>>> support a large investment if there is a clear path for how those funds
>>>>>> will be used.
>>>>>>
>>>>>> Aloha,
>>>>>> --
>>>>>> Jim Manico
>>>>>> @Manicode
>>>>>> (808) 652-3805
>>>>>>
>>>>>> On Feb 9, 2015, at 6:13 PM, johanna curiel curiel <
>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>
>>>>>> Hi Josh
>>>>>>
>>>>>> I think indeed that I need to create a break down for the actual
>>>>>> projects leaders that have reacted and a projection for the expected ones
>>>>>> by tomorrow
>>>>>> With this info, then we can have a budget that you can vote for,
>>>>>> including the main goals
>>>>>>
>>>>>> I'm also in favor of spending money wisely with a clear expected
>>>>>> output, not just to hang around and have fun in Amsterdam ;-)
>>>>>>
>>>>>> My personal target is to review projects and communicate regarding
>>>>>> the review process and how to improve this. Also to automate some of the
>>>>>> process during the summit
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On Mon, Feb 9, 2015 at 12:21 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Johanna,
>>>>>>>
>>>>>>> I think that the majority of the Board is in favor of this and sees
>>>>>>> the value in it.  The challenge is that you've come to us with it after
>>>>>>> money was budgeted for 2015 so we would have to pillage from elsewhere in
>>>>>>> order to make this happen.  More money = more pillaging so we have to be
>>>>>>> conservative with the budget.  How much do we anticipate for "coffee
>>>>>>> breaks" for the summit?  How much do we anticipate for tickets,
>>>>>>> accommodation, and food?  How many people would we actually get off that
>>>>>>> money?  What are the goals and deliverables that will come out of this
>>>>>>> summit?  It becomes a question of ROI at this point and the Board has a
>>>>>>> responsibility to maximize the reward for the Foundation.  If we're
>>>>>>> spending $10k for four people to get together and drink coffee, that's
>>>>>>> probably not money well spent, but if we're spending $50k for a code-a-thon
>>>>>>> where 20 people get together and drastically improve upon our OWASP
>>>>>>> toolset, then that's a huge reward.  For all of our conferences, we ask the
>>>>>>> planners to put together a budget that shows anticipated revenue and
>>>>>>> expenses as well as to provide conference deliverables.  My personal
>>>>>>> opinion is that a summit is no different than a conference, just with a
>>>>>>> different target audience, and that a similar plan should be drafted.  Can
>>>>>>> you put something more formal together that the Board can vote on?  It's
>>>>>>> all very nebulous at this point.
>>>>>>>
>>>>>>> ~josh
>>>>>>>
>>>>>>> On Mon, Feb 9, 2015 at 6:53 AM, johanna curiel curiel <
>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>
>>>>>>>> Hi Josh
>>>>>>>>
>>>>>>>> Tentatively? Lets be more specific ;-)
>>>>>>>> Does the board agree yes or no?
>>>>>>>>
>>>>>>>> The money as I have mentioned, will be used to pay the tickets,
>>>>>>>> accommodation and coffee breaks
>>>>>>>> Depending how many leaders would like to assist then I create a
>>>>>>>> breakdown of the cost per leaders (Ticket/Accommodation/Food) and Coffee
>>>>>>>> breaks for in between the sessions. We have 2 rooms but if more projects
>>>>>>>> wants to attend , then we need probably 2 or 3 rooms more
>>>>>>>>
>>>>>>>>
>>>>>>>>    - Flagship leaders have highest prio
>>>>>>>>    - Then LABS
>>>>>>>>    - and then the best out of the incubators
>>>>>>>>
>>>>>>>>
>>>>>>>> The selection is based on their activity level which we have being
>>>>>>>> monitoring through the reviews.
>>>>>>>>
>>>>>>>> If everyone would like to come, I know 10K won't be enough.
>>>>>>>> Probably it will be around 30 to 40K if everyone wants to have sessions but
>>>>>>>> we can accommodate more than one session in one room as done during APPSEC
>>>>>>>> 2013 US.
>>>>>>>>
>>>>>>>> Please let me know what we can expect from the board and if there
>>>>>>>> is an agreement for the 10k at least, be aware, more leaders, then we have
>>>>>>>> more costs but It will be great if we can have at least the top projects
>>>>>>>> leaders together. ZAP and OWTF,ASVS and Dev Guide and  have said yes, but
>>>>>>>> please, be clear if we can count on this budget
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Johanna
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sun, Feb 8, 2015 at 10:41 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Johanna,
>>>>>>>>>
>>>>>>>>> Just to be clear, I believe the Board tentatively approved your
>>>>>>>>> request for the $10k, but requested that you provided a more detailed
>>>>>>>>> budget showing what you intended to use the money for.  I don't remember
>>>>>>>>> you asking if you could solicit sponsors through OWASP, but I, personally,
>>>>>>>>> don't see any reason why we couldn't help with that part of the fundraising.
>>>>>>>>>
>>>>>>>>> ~josh
>>>>>>>>>
>>>>>>>>> On Sun, Feb 8, 2015 at 5:06 PM, johanna curiel curiel <
>>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Collin
>>>>>>>>>>
>>>>>>>>>> Indeed my mistake, we didn't set a deadline yet,however by first
>>>>>>>>>> week of March we will close the participation opportunity. We have publish
>>>>>>>>>> an invitation for participation through the OWASP connector
>>>>>>>>>>
>>>>>>>>>> My answers below
>>>>>>>>>>
>>>>>>>>>> 1. The comment about "launch and or promote" in that email
>>>>>>>>>> confused me because I thought summits were to generate outputs. Is it more
>>>>>>>>>> like a project showcase? If so, are OWASP projects not a part of the main
>>>>>>>>>> conference program?
>>>>>>>>>>
>>>>>>>>>> *A summit is not a showcase but an opportunity to have all
>>>>>>>>>> leaders together to discuss and generate output, guidelines, give direction
>>>>>>>>>> , take decision regarding the direction of projects in general. But I think
>>>>>>>>>> we might turn towards Showcases instead of Summits*
>>>>>>>>>>
>>>>>>>>>> 2. The AppsecEU website doesn't mention this summit. What will be
>>>>>>>>>> done to promote it?
>>>>>>>>>> *Correct. We are looking to first determine how many leaders want
>>>>>>>>>> to assist, apply for a budget and sponsoring in order to publish this
>>>>>>>>>> together *
>>>>>>>>>>
>>>>>>>>>> 3. Who is getting paid/what?
>>>>>>>>>>
>>>>>>>>>> *We are looking for sponsors to at least pay for accommodation
>>>>>>>>>> and tickets. The Boards has not answer my question if there is available
>>>>>>>>>> budget for this and if I can send invitation through OWASP to get sponsors.
>>>>>>>>>> I have proposed to ask for sponsors that could help us cover the expenses.
>>>>>>>>>> This summit should have the leaders of the Flagship projects, LABS and the
>>>>>>>>>> best out of the incubators. An invitation was sent to the Flagships and,
>>>>>>>>>> only a couple of them reacted that they could assist*
>>>>>>>>>>
>>>>>>>>>> 4 . The date and that there are two rooms appear to be new
>>>>>>>>>> information today. What else can be shared please?
>>>>>>>>>>
>>>>>>>>>> *We are looking for budget but important to determine is, how
>>>>>>>>>> many leaders are willing to assist in order to create a final budget
>>>>>>>>>> covering accommodation/tickets and food for them. No leaders, no summit.*
>>>>>>>>>>
>>>>>>>>>> 5. What else will the summit be competing with on the same day?
>>>>>>>>>> *The conference sessions on that day*
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hope this has clarified your questions.
>>>>>>>>>>
>>>>>>>>>> regards
>>>>>>>>>>
>>>>>>>>>> Johanna
>>>>>>>>>>
>>>>>>>>>> On Sun, Feb 8, 2015 at 3:56 PM, colin.watson at owasp.org <
>>>>>>>>>> colin.watson at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Joanna
>>>>>>>>>>>
>>>>>>>>>>> The Amsterdam "project summit " invitation I saw was sent on
>>>>>>>>>>> 21st January:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://lists.owasp.org/pipermail/owasp-leaders/2015-January/013715.html
>>>>>>>>>>>
>>>>>>>>>>> What is the deadline please?
>>>>>>>>>>>
>>>>>>>>>>> Could you provide any more detrimental than appear in the firm's
>>>>>>>>>>> questions?
>>>>>>>>>>>
>>>>>>>>>>> 1. The comment about "launch and or promote" in that email
>>>>>>>>>>> confused me because I thought summits were to generate outputs. Is it more
>>>>>>>>>>> like a project showcase? If so, are OWASP projects not a part of the main
>>>>>>>>>>> conference program?
>>>>>>>>>>>
>>>>>>>>>>> 2. The AppsecEU website doesn't mention this summit. What will
>>>>>>>>>>> be done to promote it?
>>>>>>>>>>>
>>>>>>>>>>> 3. Who is getting paid/what?
>>>>>>>>>>>
>>>>>>>>>>> 4 . The date and that there are two rooms appear to be new
>>>>>>>>>>> information today. What else can be shared please?
>>>>>>>>>>>
>>>>>>>>>>> 5. What else will the summit be competing with on the same day?
>>>>>>>>>>>
>>>>>>>>>>> I am sure other projects will want to participate.
>>>>>>>>>>>
>>>>>>>>>>> Regards Colin
>>>>>>>>>>>
>>>>>>>>>>> ----- Reply message -----
>>>>>>>>>>> From: "johanna curiel curiel" <johanna.curiel at owasp.org>
>>>>>>>>>>> To: "owasp-leaders at lists.owasp.org" <
>>>>>>>>>>> owasp-leaders at lists.owasp.org>
>>>>>>>>>>> Subject: [Owasp-leaders] Fwd: Project Summit countdown
>>>>>>>>>>> Date: Sun, Feb 8, 2015 18:29
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> >Back to the Project Summit, the interesting question is: *should
>>>>>>>>>>> OWASP invest 50k or 100k on its projects? *
>>>>>>>>>>>
>>>>>>>>>>> Well that is the golden question. I have the impression that key
>>>>>>>>>>> decision makers are reluctant for this part, since it is not clear what
>>>>>>>>>>> will be the output from this. This has being mentioned to me in the past.
>>>>>>>>>>>
>>>>>>>>>>> The question is, how effective is to invest 50 or 100k in a
>>>>>>>>>>> summit and what do we get out of it?
>>>>>>>>>>>
>>>>>>>>>>> I think OWASP should at least invest and help promote those
>>>>>>>>>>> flagship projects and LABS/Incubators doing an excellent work . That is how
>>>>>>>>>>> Project leaders can promote and spread the word out about their projects
>>>>>>>>>>> with OWASP support. But, what about new blood and innovative thinking? I'm
>>>>>>>>>>> seeing many vulnerabilities that are not being handle with new projects or
>>>>>>>>>>> fresh approaches.
>>>>>>>>>>>
>>>>>>>>>>> The key factor is, there is low participation and motivation
>>>>>>>>>>> within the Project leaders. There is not really new blood of ideas coming
>>>>>>>>>>> in and some leaders have decided to start their projects outside OWASP.
>>>>>>>>>>>
>>>>>>>>>>> This is what we need to change and reach, more participation,
>>>>>>>>>>> community bonding and innovative projects.
>>>>>>>>>>>
>>>>>>>>>>> *An idea*
>>>>>>>>>>> All major flagship/LABS and the best incubators projects should
>>>>>>>>>>> be present at Defcon/OWASP conference  for the "OWASP Hackaton Contest"
>>>>>>>>>>>
>>>>>>>>>>> Budget: 50,000K
>>>>>>>>>>> Goals:
>>>>>>>>>>>
>>>>>>>>>>>    - Build new features for OWASP projects,
>>>>>>>>>>>    - Promote OWASP projects and Chapters
>>>>>>>>>>>    - Help actual projects to move fwd with development
>>>>>>>>>>>    - Get new volunteers to work on projects
>>>>>>>>>>>    - Start new innovative projects
>>>>>>>>>>>
>>>>>>>>>>> OWASP Hackaton Activities:
>>>>>>>>>>>
>>>>>>>>>>>    - Help build new features,
>>>>>>>>>>>    - Start a new innovative project
>>>>>>>>>>>    - Become an owaps member/volunteer/start a chapter
>>>>>>>>>>>    - Write documentation,
>>>>>>>>>>>    - Motivation for participation: get recognition and a
>>>>>>>>>>>    price(plenty small prices can be given away such as : Drinks/Food vouchers
>>>>>>>>>>>    , T-Shirts etc).
>>>>>>>>>>>
>>>>>>>>>>> This hackaton should be fun, and help people connect and
>>>>>>>>>>> participate
>>>>>>>>>>>
>>>>>>>>>>> regards
>>>>>>>>>>>
>>>>>>>>>>> Johanna
>>>>>>>>>>>
>>>>>>>>>>> On Sun, Feb 8, 2015 at 1:08 PM, Dinis Cruz <dinis.cruz at owasp.org
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Johanna, as you are seeing, it's really hard to create an
>>>>>>>>>>>> OWASP Project Summit with the current model (with little funding, with no
>>>>>>>>>>>> dedicated team, attached to a conference, etc..)
>>>>>>>>>>>>
>>>>>>>>>>>> The formula that worked in the past was to start with a set
>>>>>>>>>>>> budget (lets say 50k to 100k) and :
>>>>>>>>>>>>
>>>>>>>>>>>>    - use those funds to make sure the key players (in this
>>>>>>>>>>>>    case project leaders and 'new players') are going to attend (by offering to
>>>>>>>>>>>>    cover all travel and accommodation expenses (while asking them if they can
>>>>>>>>>>>>    get their employee to pay instead))
>>>>>>>>>>>>    - hire a dedicated summit team (for that period)
>>>>>>>>>>>>    - secure dedicated venue and summit resources
>>>>>>>>>>>>    - generate a huge amount of energy about the summit
>>>>>>>>>>>>    sessions (starting by inventing all sorts of sessions, until the real
>>>>>>>>>>>>    sessions become solid)
>>>>>>>>>>>>    - cast a very wide net of 'invitations to attend the
>>>>>>>>>>>>    summit' (with the vision that* 'the summit is THE place to
>>>>>>>>>>>>    be, where all the key players will be in the same location, and  where REAL
>>>>>>>>>>>>    work can be done'*)
>>>>>>>>>>>>
>>>>>>>>>>>> The hard part is making people 'believe' in the Summit. The
>>>>>>>>>>>> objective is for our leaders (and attendees) to create the sessions that
>>>>>>>>>>>> THEY want to attend (on top of the infrastructure provided by the Summit).
>>>>>>>>>>>> By definition those sessions will be interested to others, and eventually a
>>>>>>>>>>>> virtuous cycle will start to occur.
>>>>>>>>>>>>
>>>>>>>>>>>> Back to the Project Summit, the interesting question is: *should
>>>>>>>>>>>> OWASP invest 50k or 100k on its projects? *
>>>>>>>>>>>>
>>>>>>>>>>>> I think the answer is *YES *since Owasp's projects are
>>>>>>>>>>>> critical part of OWASP (which deserves solid investment)
>>>>>>>>>>>>
>>>>>>>>>>>> Here are some of my blog posts about my views on OWASP Summits
>>>>>>>>>>>> and OWASP Projects
>>>>>>>>>>>>
>>>>>>>>>>>>    - Summits must be part of OWASP's DNA
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/04/summits-must-be-part-of-owasps-dna.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - Great description of why OWASP Summits are special
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/04/great-description-of-why-owasp-summits.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - OWASP Revenue Splits and the "Non-profits have a charter
>>>>>>>>>>>>    to be innovators"
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/12/owasp-revenue-splits-and-non-profits.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - I want to vote for a Summit Team+Vision , NOT for a venue
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/04/i-want-to-vote-for-summit-teamvision.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - Some proposed Visions for next OWASP Summit
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/04/some-proposed-visions-for-next-owasp.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - Why large OWASP projects start to stale (and who should
>>>>>>>>>>>>    pay for the work)
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/04/why-large-owasp-projects-start-to-stale.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - OWASP: Proposed change for SoC: Use budget to pay for
>>>>>>>>>>>>    project related expenses
>>>>>>>>>>>>    <http://blog.diniscruz.com/2009/06/owasp-proposed-change-for-soc-use.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - Sometimes the best response is just say 'YES'
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/10/sometimes-best-response-is-just-say-yes.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - I wish that OWASP in 2014 ....
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - OWASP Principles based on NHS?
>>>>>>>>>>>>    <http://blog.diniscruz.com/2013/01/owasp-principles-based-on-nhs.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - On how to get paid to work on OWASP projects
>>>>>>>>>>>>    <http://blog.diniscruz.com/2013/01/on-how-to-get-paid-to-work-on-owasp.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - ROI on OWASP investment on Projects (ie paying leaders)
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/04/roi-on-owasp-investment-on-projects-ie.html>
>>>>>>>>>>>>
>>>>>>>>>>>>    - Improved Wikipedia funding page, why OWASP needs
>>>>>>>>>>>>    something similar, and who buys OWASP Corporate Memberships
>>>>>>>>>>>>    <http://blog.diniscruz.com/2012/11/improved-wikipedia-funding-page-why.html>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>>>>>> Dinis
>>>>>>>>>>>>
>>>>>>>>>>>> On 7 February 2015 at 19:47, johanna curiel curiel <
>>>>>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Board and Project Leaders
>>>>>>>>>>>>>
>>>>>>>>>>>>> After a first call to get people to assist and participate
>>>>>>>>>>>>> into the Project Summit NL, only 2 major projects(Flagship) have reacted
>>>>>>>>>>>>> and would like to participate.
>>>>>>>>>>>>>
>>>>>>>>>>>>>    - OWASP ZAP
>>>>>>>>>>>>>    - OWTF
>>>>>>>>>>>>>
>>>>>>>>>>>>> Right now we have 2 rooms available for this day-20th May
>>>>>>>>>>>>> (Martin please confirm if this is still the case)
>>>>>>>>>>>>>
>>>>>>>>>>>>> For the rest I think we definitely need to breed in new life
>>>>>>>>>>>>> into projects participation. It can be that for projects with leaders
>>>>>>>>>>>>> located in USA, it will be more convenient to have a small summit there
>>>>>>>>>>>>> specially for them or, we can try to promote participation to projects
>>>>>>>>>>>>> (looking for volunteers, starting a project etc).
>>>>>>>>>>>>>
>>>>>>>>>>>>> So far , I don't think we can call this a Project Summit , and
>>>>>>>>>>>>> it might get down to ZAP/OWTF summit
>>>>>>>>>>>>>
>>>>>>>>>>>>> In that case is essential to know:
>>>>>>>>>>>>>
>>>>>>>>>>>>>    - Identify how many people will be assisting to the ZAP
>>>>>>>>>>>>>    and OWTF session
>>>>>>>>>>>>>    - IF Traveling tickets and accommodation could be paid for
>>>>>>>>>>>>>    ZAP/OWTF leaders
>>>>>>>>>>>>>    - Coffee break sponsorship for the attendees of this summit
>>>>>>>>>>>>>
>>>>>>>>>>>>> That will basically resume the costs. based on this low
>>>>>>>>>>>>> attendance I don't think I'll be present in Amsterdam.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I think we need to think of another strategy to promote Owasp
>>>>>>>>>>>>> projects through summits if we want to continue with this. What do we want
>>>>>>>>>>>>> to achieve indeed?
>>>>>>>>>>>>>
>>>>>>>>>>>>> My impression is that no new innovative projects are being
>>>>>>>>>>>>> started at OWASP.
>>>>>>>>>>>>> We definitely need new 'blood' and innovative thinkers
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>
>>>>>>>>>>>>> Johanna
>>>>>>>>>>>>>
>>>>>>>>>>>>>  --
>>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>>> Google Groups "OWASP Projects Task Force" group.
>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>>>> it, send an email to projects-task-force+unsubscribe at owasp.org
>>>>>>>>>>>>> .
>>>>>>>>>>>>> To post to this group, send email to
>>>>>>>>>>>>> projects-task-force at owasp.org.
>>>>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com
>>>>>>>>>>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>>>>>>>>> .
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150216/da9e7309/attachment-0001.html>


More information about the Owasp-board mailing list