[Owasp-board] [Owasp-leaders] Fwd: Project Summit countdown

Tobias tobias.gondrom at owasp.org
Tue Feb 17 10:32:45 UTC 2015


Hi Johanna,

I agree with Fabio, thank you very much for putting all of this together.
The costs seems very reasonable to me.

How are we on the planned deliverable side?
Did we get from the project leaders a brief agenda or items they will be 
working on during the summit.

And a little question: reading the summit participant lists, am a little 
bit confused about teams where only 1 or 2 people are listed as 
participants. Does that mean that only one person is planning to 
participate in that project meeting or are the other participants 
attending on their own budget?

Looking forward to the final proposal and putting this to a vote ASAP so 
we can get rolling.
The board is very interested in doing everything in our power to 
strengthen our projects and I am very confident that the board will 
approve this.

Best, Tobias



On 16/02/15 21:58, Fabio Cerullo wrote:
> Johanna
>
> Thanks for putting this together.
>
> I like the approach of having an agenda for each project and funding 
> approval based on that.
>
> I would also set a funding cap for each participating member. Eg. 800 
> Euro x participant (approx. 1000 USD) so there are no last minutes 
> surprises regarding costs.
>
> Ideally, we would like the Summit become a regular activity in which 
> our active community gather together during a couple of days, 
> brainstorm ideas, and make them happen.
>
> So with clear goals, agenda and activities I'm in full support of this 
> activity.
>
> Are you going to be the overall Summit point of contact and coordinator?
>
> Thanks again,
>
> Fabio
>
> On Mon, Feb 16, 2015 at 12:27 PM, johanna curiel curiel 
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
>     Hi Andrew
>
>     ROI is essential to any initiative we take, we need to set goals
>     and measure results.
>
>     >So I think we need to be a tiny bit brutal and be focused on what we
>     *specifically* need from any project investments. Maybe we invest
>     in fewer, higher value projects and add more people to each
>     project, so that we get some momentum rather than spread it out
>     across all the projects.
>
>     Agree and therefore one of the condition of the actual summit is
>     that the project is active and has a positive review. Another is,
>     that they provide a clear agenda.
>
>     So far we have 6 participation projects (ZAP,OWTF,CRSF,Hackademic
>     and Top 10 Privacy risks, ASVS)
>     All of these projects have positive reviews and a healthy activity
>     level
>
>     I have reserved a budget for Simon's team but he already mentioned
>     that his team will be paying their own cost. This has been
>     reserved in case of.
>
>     It is required that the leaders provide an agenda by next week,
>     otherwise they will not have sponsorship.
>
>     If we move fwd with the summit, my attendance and from Timo will
>     depend of next week reactions on the agenda and off course your
>     final approval.
>
>     I think with this info you are ready to take a decision if you
>     would like to finance this summit. Also we need to book early so
>     the cost of tickets do not increase by the time we want to reserve
>
>     So far, we have achieved 11,000 dollar mark. I don't think there
>     will be more projects willing to attend.
>
>     Please let us know asap your approval or not.
>
>     https://docs.google.com/spreadsheets/d/1OIUPJ-fBqsrCvphEHOU7qWuIkA-6ab4frXehZmhRpNE/edit#gid=0
>
>     Regards
>
>     Johanna
>
>
>
>
>
>
>
>
>     On Mon, Feb 16, 2015 at 12:27 AM, Andrew van der Stock
>     <vanderaj at owasp.org <mailto:vanderaj at owasp.org>> wrote:
>
>         Michael,
>
>         I really think we should either aim for one of several models:
>
>         *There are some projects that whilst vital to OWASP's mission,
>         are just plain difficult to do*. Things like setting out an
>         education syllabus at a tertiary level requires a university
>         level researcher who understands pedagogical requirements of
>         tertiary instiutions and solid AppSec outcomes can build us
>         something. We have not to date - nor I think will ever - find
>         someone who as a side project will contribute such an enormous
>         effort, and yet without this key piece of the puzzle,
>         universities will continue to churn out pen testers, which at
>         best, is a trade. I see this being like a one year research
>         position, similar to how much of university level research is
>         made. We have specific requirements for a deliverable, and we
>         work with say with a chosen institution to get it done on the
>         basis that the IP and materials at the end comply with our
>         open source licensing guidelines. This is just one type of
>         Extra Hard Thorny Problem.
>
>         *There are some flagship projects that OWASP is famous for*.
>         We can probably get funding directly from sponsors on this
>         one, and if we could do so with sufficient funds to go 24-48
>         months with a hire in place, we can getr some immense
>         traction. I'm thinking these positions would be like Linux
>         Foundation's fellows.
>
>         *There are some flagship projects that just need a bit more of
>         a boost to get over the line to gain the self-sustaining
>         momentum*, like the Testing Guide. These could be assisted by
>         making available project grants so that folks can travel and
>         be accommodated for at least a week, preferably two, at an
>         AppSec conference nearest them and get the big jobs done
>         whilst on site. I see this operating like the IBM redbooks
>         residencies - you are not ever an OWASP employee, but we help
>         you co-invest in your project by getting the project leads and
>         resources together to build something specific.
>
>         The problem is that we have had for such a long time that the
>         ONLY people who cannot be paid by OWASP are the people doing
>         the writing on projects. Graphic designers can be paid. The
>         publisher can be paid. Firms can create services from the
>         materials can get paid. Dinis made this really clear on
>         OWASP-Leaders, and it's pretty much hard wired into the
>         Projects handbook. This I feel is off putting to those who
>         might otherwise ask how they can best contribute to OWASP.
>         It's resulted in a lot of smaller projects of one-two people
>         that don't really change the world, and inaction of the big
>         projects. Johanna is right - The DevGuide and ASVS are side
>         projects for me. I can do the ASVS as it's approachable and
>         re-writeable by one person over a summer break. The DevGuide
>         isn't. The DevGuide needs a leader who can work full time on
>         it. Whilst I'm a board member, this is almost certainly not me.
>
>         We spent a lot of money in 2011 on the Portugal Project
>         Summit. I don't think we invested money wisely in that project
>         summit, because we didn't get a return on investment. None of
>         the three major guides got a rev during the year after it. The
>         Top 10 didn't get a rev. Look at all the tracks and working
>         groups. We didn't get a OWASP Universities outcome. We didn't
>         get an XSS outcome. As far as I can tell, not one of the
>         tracks produced a deliverable within 12 months of that summit.
>
>         https://www.owasp.org/index.php/Summit_2011_Attendee
>
>         So I think we need to be a tiny bit brutal and be focused on
>         what we *specifically* need from any project investments.
>         Maybe we invest in fewer, higher value projects and add more
>         people to each project, so that we get some momentum rather
>         than spread it out across all the projects. I don't know, and
>         I'm a tiny bit conflicted (DevGuide, ASVS). Obviously, if one
>         of my projects came to a vote, I'd step aside whilst the vote
>         is taken, but we should probably decide on a budget, a model,
>         and then the projects. Projects will come and go, but there
>         should always be a budget to be used and a governance model to
>         make sure the budget investment is used wisely and produces
>         specific deliverables for OWASP and it's mission both inside
>         and outside of OWASP.
>
>         The bigger projects - if we decide on those they we think are
>         valuable and should continue - need some form of investment.
>         We've spent perilously close to zero dollars since 2011 on
>         projects. This must change, and we must shout it from the
>         rooftops once we decide on strategic projects and investment
>         models.
>
>         Thoughts?
>
>         Andrew
>
>
>         On Tue, Feb 10, 2015 at 10:44 PM, johanna curiel curiel
>         <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>>
>         wrote:
>
>             Micheal,
>
>             I think you have made a good point.
>
>             My experience with projects is, that only the people that
>             can dedicate a lot of time to their projects, will see
>             them flourish
>
>             If most :Leaders have full time jobs and try todo this on
>             the side, they don't get as much as progress as the other
>             ones.
>
>             Improving the OWASP inventory has taken also a period of 2
>             years where we have now in place a reasonable way of
>             reviewing and cleaning the inventory but there is still
>             some work to do on this part
>
>             if we are looking for innovation, then, another strategy
>             is definitely needed from the actual one.
>
>             regards
>
>             Johanna
>
>             On Tue, Feb 10, 2015 at 12:32 AM, Michael Coates
>             <michael.coates at owasp.org
>             <mailto:michael.coates at owasp.org>> wrote:
>
>                 I think that challenge is for us to solve. How would
>                 projects spend money? We've done this exercise before
>                 and we have no bites.
>                 https://www.owasp.org/index.php/Funding
>
>                 So what are we missing? We've provided guidelines on
>                 acceptable expenditures and haven't had anyone raise
>                 ideas different than those.
>
>                 As a thought exercise let's allocate 100k to projects
>                 this moment (just hypothetical) where would it
>                 actually be spent? Why is our current approach not
>                 working?
>
>                 Is it time to fully switch to hired developers and
>                 further specific objectives? Or should we keep
>                 muddling around with limited gains?
>
>                 Which furthers the mission more?
>
>
>
>                 On Feb 9, 2015, at 1:30 PM, Andrew van der Stock
>                 <vanderaj at owasp.org <mailto:vanderaj at owasp.org>> wrote:
>
>>                 +1000
>>
>>                 On Tue, Feb 10, 2015 at 4:49 AM, Jim Manico
>>                 <jim.manico at owasp.org <mailto:jim.manico at owasp.org>>
>>                 wrote:
>>
>>                     I personally feel that projects are heavily
>>                     underfunded and would support a large investment
>>                     if there is a clear path for how those funds will
>>                     be used.
>>
>>                     Aloha,
>>                     --
>>                     Jim Manico
>>                     @Manicode
>>                     (808) 652-3805 <tel:%28808%29%20652-3805>
>>
>>                     On Feb 9, 2015, at 6:13 PM, johanna curiel curiel
>>                     <johanna.curiel at owasp.org
>>                     <mailto:johanna.curiel at owasp.org>> wrote:
>>
>>>                     Hi Josh
>>>
>>>                     I think indeed that I need to create a break
>>>                     down for the actual projects leaders that have
>>>                     reacted and a projection for the expected ones
>>>                     by tomorrow
>>>                     With this info, then we can have a budget that
>>>                     you can vote for, including the main goals
>>>
>>>                     I'm also in favor of spending money wisely with
>>>                     a clear expected output, not just to hang around
>>>                     and have fun in Amsterdam ;-)
>>>
>>>                     My personal target is to review projects and
>>>                     communicate regarding the review process and how
>>>                     to improve this. Also to automate some of the
>>>                     process during the summit
>>>
>>>                     Regards
>>>
>>>                     Johanna
>>>
>>>                     On Mon, Feb 9, 2015 at 12:21 PM, Josh Sokol
>>>                     <josh.sokol at owasp.org
>>>                     <mailto:josh.sokol at owasp.org>> wrote:
>>>
>>>                         Johanna,
>>>
>>>                         I think that the majority of the Board is in
>>>                         favor of this and sees the value in it.  The
>>>                         challenge is that you've come to us with it
>>>                         after money was budgeted for 2015 so we
>>>                         would have to pillage from elsewhere in
>>>                         order to make this happen. More money = more
>>>                         pillaging so we have to be conservative with
>>>                         the budget.  How much do we anticipate for
>>>                         "coffee breaks" for the summit? How much do
>>>                         we anticipate for tickets, accommodation,
>>>                         and food?  How many people would we actually
>>>                         get off that money?  What are the goals and
>>>                         deliverables that will come out of this
>>>                         summit?  It becomes a question of ROI at
>>>                         this point and the Board has a
>>>                         responsibility to maximize the reward for
>>>                         the Foundation. If we're spending $10k for
>>>                         four people to get together and drink
>>>                         coffee, that's probably not money well
>>>                         spent, but if we're spending $50k for a
>>>                         code-a-thon where 20 people get together and
>>>                         drastically improve upon our OWASP toolset,
>>>                         then that's a huge reward.  For all of our
>>>                         conferences, we ask the planners to put
>>>                         together a budget that shows anticipated
>>>                         revenue and expenses as well as to provide
>>>                         conference deliverables. My personal opinion
>>>                         is that a summit is no different than a
>>>                         conference, just with a different target
>>>                         audience, and that a similar plan should be
>>>                         drafted.  Can you put something more formal
>>>                         together that the Board can vote on?  It's
>>>                         all very nebulous at this point.
>>>
>>>                         ~josh
>>>
>>>                         On Mon, Feb 9, 2015 at 6:53 AM, johanna
>>>                         curiel curiel <johanna.curiel at owasp.org
>>>                         <mailto:johanna.curiel at owasp.org>> wrote:
>>>
>>>                             Hi Josh
>>>
>>>                             Tentatively? Lets be more specific ;-)
>>>                             Does the board agree yes or no?
>>>
>>>                             The money as I have mentioned, will be
>>>                             used to pay the tickets, accommodation
>>>                             and coffee breaks
>>>                             Depending how many leaders would like to
>>>                             assist then I create a breakdown of the
>>>                             cost per leaders
>>>                             (Ticket/Accommodation/Food) and Coffee
>>>                             breaks for in between the sessions. We
>>>                             have 2 rooms but if more projects wants
>>>                             to attend , then we need probably 2 or 3
>>>                             rooms more
>>>
>>>                               * Flagship leaders have highest prio
>>>                               * Then LABS
>>>                               * and then the best out of the incubators
>>>
>>>
>>>                             The selection is based on their activity
>>>                             level which we have being monitoring
>>>                             through the reviews.
>>>
>>>                             If everyone would like to come, I know
>>>                             10K won't be enough. Probably it will be
>>>                             around 30 to 40K if everyone wants to
>>>                             have sessions but we can accommodate
>>>                             more than one session in one room as
>>>                             done during APPSEC 2013 US.
>>>
>>>                             Please let me know what we can expect
>>>                             from the board and if there is an
>>>                             agreement for the 10k at least, be
>>>                             aware, more leaders, then we have more
>>>                             costs but It will be great if we can
>>>                             have at least the top projects leaders
>>>                             together. ZAP and OWTF,ASVS and Dev
>>>                             Guide and  have said yes, but please, be
>>>                             clear if we can count on this budget
>>>
>>>                             Regards
>>>
>>>                             Johanna
>>>
>>>
>>>                             On Sun, Feb 8, 2015 at 10:41 PM, Josh
>>>                             Sokol <josh.sokol at owasp.org
>>>                             <mailto:josh.sokol at owasp.org>> wrote:
>>>
>>>                                 Johanna,
>>>
>>>                                 Just to be clear, I believe the
>>>                                 Board tentatively approved your
>>>                                 request for the $10k, but requested
>>>                                 that you provided a more detailed
>>>                                 budget showing what you intended to
>>>                                 use the money for.  I don't remember
>>>                                 you asking if you could solicit
>>>                                 sponsors through OWASP, but I,
>>>                                 personally, don't see any reason why
>>>                                 we couldn't help with that part of
>>>                                 the fundraising.
>>>
>>>                                 ~josh
>>>
>>>                                 On Sun, Feb 8, 2015 at 5:06 PM,
>>>                                 johanna curiel curiel
>>>                                 <johanna.curiel at owasp.org
>>>                                 <mailto:johanna.curiel at owasp.org>>
>>>                                 wrote:
>>>
>>>                                     Hi Collin
>>>
>>>                                     Indeed my mistake, we didn't set
>>>                                     a deadline yet,however by first
>>>                                     week of March we will close the
>>>                                     participation opportunity. We
>>>                                     have publish an invitation for
>>>                                     participation through the OWASP
>>>                                     connector
>>>
>>>                                     My answers below
>>>
>>>                                     1. The comment about "launch and
>>>                                     or promote" in that email
>>>                                     confused me because I thought
>>>                                     summits were to generate
>>>                                     outputs. Is it more like a
>>>                                     project showcase? If so, are
>>>                                     OWASP projects not a part of the
>>>                                     main conference program?
>>>
>>>                                     /A summit is not a showcase but
>>>                                     an opportunity to have all
>>>                                     leaders together to discuss and
>>>                                     generate output, guidelines,
>>>                                     give direction , take decision
>>>                                     regarding the direction of
>>>                                     projects in general. But I think
>>>                                     we might turn towards Showcases
>>>                                     instead of Summits/
>>>
>>>                                     2. The AppsecEU website doesn't
>>>                                     mention this summit. What will
>>>                                     be done to promote it?
>>>                                     /Correct. We are looking to
>>>                                     first determine how
>>>                                     many leaders want to assist,
>>>                                     apply for a budget
>>>                                     and sponsoring in order to
>>>                                     publish this together /
>>>
>>>                                     3. Who is getting paid/what?
>>>
>>>                                     /We are looking for sponsors to
>>>                                     at least pay for accommodation
>>>                                     and tickets. The Boards has not
>>>                                     answer my question if there is
>>>                                     available budget for this and if
>>>                                     I can send invitation through
>>>                                     OWASP to get sponsors. I have
>>>                                     proposed to ask for sponsors
>>>                                     that could help us cover the
>>>                                     expenses. This summit should
>>>                                     have the leaders of the Flagship
>>>                                     projects, LABS and the best out
>>>                                     of the incubators. An invitation
>>>                                     was sent to the Flagships and,
>>>                                     only a couple of them reacted
>>>                                     that they could assist/
>>>
>>>                                     4 . The date and that there are
>>>                                     two rooms appear to be new
>>>                                     information today. What else can
>>>                                     be shared please?
>>>
>>>                                     /We are looking for budget but
>>>                                     important to determine is, how
>>>                                     many leaders are willing to
>>>                                     assist in order to create a
>>>                                     final budget
>>>                                     covering accommodation/tickets
>>>                                     and food for them. No leaders,
>>>                                     no summit./
>>>
>>>                                     5. What else will the summit be
>>>                                     competing with on the same day?
>>>                                     /The conference sessions on that
>>>                                     day/
>>>
>>>
>>>                                     Hope this has clarified your
>>>                                     questions.
>>>
>>>                                     regards
>>>
>>>                                     Johanna
>>>
>>>                                     On Sun, Feb 8, 2015 at 3:56 PM,
>>>                                     colin.watson at owasp.org
>>>                                     <mailto:colin.watson at owasp.org>
>>>                                     <colin.watson at owasp.org
>>>                                     <mailto:colin.watson at owasp.org>>
>>>                                     wrote:
>>>
>>>                                         Joanna
>>>
>>>                                         The Amsterdam "project
>>>                                         summit " invitation I saw
>>>                                         was sent on 21st January:
>>>
>>>                                         http://lists.owasp.org/pipermail/owasp-leaders/2015-January/013715.html
>>>
>>>                                         What is the deadline please?
>>>
>>>                                         Could you provide any more
>>>                                         detrimental than appear in
>>>                                         the firm's questions?
>>>
>>>                                         1. The comment about "launch
>>>                                         and or promote" in that
>>>                                         email confused me because I
>>>                                         thought summits were to
>>>                                         generate outputs. Is it more
>>>                                         like a project showcase? If
>>>                                         so, are OWASP projects not a
>>>                                         part of the main conference
>>>                                         program?
>>>
>>>                                         2. The AppsecEU website
>>>                                         doesn't mention this
>>>                                         summit. What will be done to
>>>                                         promote it?
>>>
>>>                                         3. Who is getting paid/what?
>>>
>>>                                         4 . The date and that there
>>>                                         are two rooms appear to be
>>>                                         new information today. What
>>>                                         else can be shared please?
>>>
>>>                                         5. What else will the summit
>>>                                         be competing with on the
>>>                                         same day?
>>>
>>>                                         I am sure other projects
>>>                                         will want to participate.
>>>
>>>                                         Regards Colin
>>>
>>>                                         ----- Reply message -----
>>>                                         From: "johanna curiel
>>>                                         curiel"
>>>                                         <johanna.curiel at owasp.org
>>>                                         <mailto:johanna.curiel at owasp.org>>
>>>                                         To:
>>>                                         "owasp-leaders at lists.owasp.org
>>>                                         <mailto:owasp-leaders at lists.owasp.org>"
>>>                                         <owasp-leaders at lists.owasp.org
>>>                                         <mailto:owasp-leaders at lists.owasp.org>>
>>>                                         Subject: [Owasp-leaders]
>>>                                         Fwd: Project Summit countdown
>>>                                         Date: Sun, Feb 8, 2015 18:29
>>>
>>>
>>>
>>>                                         >Back to the Project Summit, the interesting question is: *should OWASP
>>>                                         invest 50k or 100k on its
>>>                                         projects? *
>>>                                         *
>>>                                         *
>>>                                         Well that is the golden
>>>                                         question. I have the
>>>                                         impression that key decision
>>>                                         makers are reluctant for
>>>                                         this part, since it is not
>>>                                         clear what will be the
>>>                                         output from this.
>>>                                         This has being mentioned to
>>>                                         me in the past.
>>>
>>>                                         The question is, how
>>>                                         effective is to invest 50 or
>>>                                         100k in a summit and what do
>>>                                         we get out of it?
>>>
>>>                                         I think OWASP should at
>>>                                         least invest and help
>>>                                         promote those flagship
>>>                                         projects and LABS/Incubators
>>>                                         doing an excellent work .
>>>                                         That is how Project leaders
>>>                                         can promote and spread the
>>>                                         word out about their
>>>                                         projects with OWASP support.
>>>                                         But, what about new blood
>>>                                         and innovative thinking? I'm
>>>                                         seeing many vulnerabilities
>>>                                         that are not being handle
>>>                                         with new projects or fresh
>>>                                         approaches.
>>>
>>>                                         The key factor is, there is
>>>                                         low participation and
>>>                                         motivation within the
>>>                                         Project leaders. There is
>>>                                         not really new blood of
>>>                                         ideas coming in and some
>>>                                         leaders have decided to
>>>                                         start their projects outside
>>>                                         OWASP.
>>>
>>>                                         This is what we need to
>>>                                         change and reach, more
>>>                                         participation, community
>>>                                         bonding and innovative
>>>                                         projects.
>>>
>>>                                         *An idea*
>>>                                         All major flagship/LABS and
>>>                                         the best incubators projects
>>>                                         should be present at
>>>                                         Defcon/OWASP conference  for
>>>                                         the "OWASP Hackaton Contest"
>>>
>>>                                         Budget: 50,000K
>>>                                         Goals:
>>>
>>>                                           * Build new features for
>>>                                             OWASP projects,
>>>                                           * Promote OWASP projects
>>>                                             and Chapters
>>>                                           * Help actual projects to
>>>                                             move fwd with development
>>>                                           * Get new volunteers to
>>>                                             work on projects
>>>                                           * Start new innovative
>>>                                             projects
>>>
>>>                                         OWASP Hackaton Activities:
>>>
>>>                                           * Help build new features,
>>>                                           * Start a new innovative
>>>                                             project
>>>                                           * Become an owaps
>>>                                             member/volunteer/start a
>>>                                             chapter
>>>                                           * Write documentation,
>>>                                           * Motivation for
>>>                                             participation: get
>>>                                             recognition and a
>>>                                             price(plenty small
>>>                                             prices can be given away
>>>                                             such as : Drinks/Food
>>>                                             vouchers , T-Shirts etc).
>>>
>>>                                         This hackaton should be fun,
>>>                                         and help people connect and
>>>                                         participate
>>>
>>>                                         regards
>>>
>>>                                         Johanna
>>>
>>>                                         On Sun, Feb 8, 2015 at 1:08
>>>                                         PM, Dinis Cruz
>>>                                         <dinis.cruz at owasp.org
>>>                                         <mailto:dinis.cruz at owasp.org>>
>>>                                         wrote:
>>>
>>>                                             Hi Johanna, as you are
>>>                                             seeing, it's really hard
>>>                                             to create an OWASP
>>>                                             Project Summit with the
>>>                                             current model (with
>>>                                             little funding, with no
>>>                                             dedicated team, attached
>>>                                             to a conference, etc..)
>>>
>>>                                             The formula that worked
>>>                                             in the past was to start
>>>                                             with a set budget (lets
>>>                                             say 50k to 100k) and :
>>>
>>>                                               * use those funds to
>>>                                                 make sure the key
>>>                                                 players (in this
>>>                                                 case project leaders
>>>                                                 and 'new players')
>>>                                                 are going to attend
>>>                                                 (by offering to
>>>                                                 cover all travel and
>>>                                                 accommodation
>>>                                                 expenses (while
>>>                                                 asking them if they
>>>                                                 can get their
>>>                                                 employee to pay
>>>                                                 instead))
>>>                                               * hire a dedicated
>>>                                                 summit team (for
>>>                                                 that period)
>>>                                               * secure dedicated
>>>                                                 venue and summit
>>>                                                 resources
>>>                                               * generate a huge
>>>                                                 amount of energy
>>>                                                 about the summit
>>>                                                 sessions (starting
>>>                                                 by inventing all
>>>                                                 sorts of sessions,
>>>                                                 until the real
>>>                                                 sessions become solid)
>>>                                               * cast a very wide net
>>>                                                 of 'invitations to
>>>                                                 attend the summit'
>>>                                                 (with the vision
>>>                                                 that/'the summit is
>>>                                                 THE place to be,
>>>                                                 where all the key
>>>                                                 players will be in
>>>                                                 the same location,
>>>                                                 and  where REAL work
>>>                                                 can be done'/)
>>>
>>>                                             The hard part is making
>>>                                             people 'believe' in the
>>>                                             Summit. The objective is
>>>                                             for our leaders (and
>>>                                             attendees) to create the
>>>                                             sessions that THEY want
>>>                                             to attend (on top of the
>>>                                             infrastructure provided
>>>                                             by the Summit). By
>>>                                             definition those
>>>                                             sessions will be
>>>                                             interested to others,
>>>                                             and eventually a
>>>                                             virtuous cycle will
>>>                                             start to occur.
>>>
>>>                                             Back to the Project
>>>                                             Summit, the interesting
>>>                                             question is: *should
>>>                                             OWASP invest 50k or 100k
>>>                                             on its projects? *
>>>                                             *
>>>                                             *
>>>                                             I think the answer is
>>>                                             *YES *since Owasp's
>>>                                             projects are critical
>>>                                             part of OWASP (which
>>>                                             deserves solid investment)
>>>
>>>                                             Here are some of my blog
>>>                                             posts about my views on
>>>                                             OWASP Summits and OWASP
>>>                                             Projects
>>>
>>>                                               * Summits must be part
>>>                                                 of OWASP's DNA
>>>                                                 <http://blog.diniscruz.com/2012/04/summits-must-be-part-of-owasps-dna.html>
>>>
>>>                                               * Great description of
>>>                                                 why OWASP Summits
>>>                                                 are special
>>>                                                 <http://blog.diniscruz.com/2012/04/great-description-of-why-owasp-summits.html>
>>>
>>>                                               * OWASP Revenue Splits
>>>                                                 and the "Non-profits
>>>                                                 have a charter to be
>>>                                                 innovators"
>>>                                                 <http://blog.diniscruz.com/2012/12/owasp-revenue-splits-and-non-profits.html>
>>>
>>>                                               * I want to vote for a
>>>                                                 Summit Team+Vision ,
>>>                                                 NOT for a venue
>>>                                                 <http://blog.diniscruz.com/2012/04/i-want-to-vote-for-summit-teamvision.html>
>>>
>>>                                               * Some proposed
>>>                                                 Visions for next
>>>                                                 OWASP Summit
>>>                                                 <http://blog.diniscruz.com/2012/04/some-proposed-visions-for-next-owasp.html>
>>>
>>>                                               * Why large OWASP
>>>                                                 projects start to
>>>                                                 stale (and who
>>>                                                 should pay for the
>>>                                                 work)
>>>                                                 <http://blog.diniscruz.com/2012/04/why-large-owasp-projects-start-to-stale.html>
>>>
>>>                                               * OWASP: Proposed
>>>                                                 change for SoC: Use
>>>                                                 budget to pay for
>>>                                                 project related
>>>                                                 expenses
>>>                                                 <http://blog.diniscruz.com/2009/06/owasp-proposed-change-for-soc-use.html>
>>>
>>>                                               * Sometimes the best
>>>                                                 response is just say
>>>                                                 'YES'
>>>                                                 <http://blog.diniscruz.com/2012/10/sometimes-best-response-is-just-say-yes.html>
>>>
>>>                                               * I wish that OWASP in
>>>                                                 2014 ....
>>>                                                 <http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html>
>>>
>>>                                               * OWASP Principles
>>>                                                 based on NHS?
>>>                                                 <http://blog.diniscruz.com/2013/01/owasp-principles-based-on-nhs.html>
>>>
>>>                                               * On how to get paid
>>>                                                 to work on OWASP
>>>                                                 projects
>>>                                                 <http://blog.diniscruz.com/2013/01/on-how-to-get-paid-to-work-on-owasp.html>
>>>
>>>                                               * ROI on OWASP
>>>                                                 investment on
>>>                                                 Projects (ie paying
>>>                                                 leaders)
>>>                                                 <http://blog.diniscruz.com/2012/04/roi-on-owasp-investment-on-projects-ie.html>
>>>
>>>                                               * Improved Wikipedia
>>>                                                 funding page, why
>>>                                                 OWASP needs
>>>                                                 something similar,
>>>                                                 and who buys OWASP
>>>                                                 Corporate
>>>                                                 Memberships
>>>                                                 <http://blog.diniscruz.com/2012/11/improved-wikipedia-funding-page-why.html>
>>>
>>>
>>>                                             Thanks
>>>
>>>                                             Dinis
>>>
>>>                                             On 7 February 2015 at
>>>                                             19:47, johanna curiel
>>>                                             curiel
>>>                                             <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>>
>>>                                             wrote:
>>>
>>>                                                 Board and Project
>>>                                                 Leaders
>>>
>>>                                                 After a first call
>>>                                                 to get people to
>>>                                                 assist and
>>>                                                 participate into the
>>>                                                 Project Summit NL,
>>>                                                 only 2 major
>>>                                                 projects(Flagship)
>>>                                                 have reacted and
>>>                                                 would like to
>>>                                                 participate.
>>>
>>>                                                   * OWASP ZAP
>>>                                                   * OWTF
>>>
>>>                                                 Right now we have 2
>>>                                                 rooms available for
>>>                                                 this day-20th May
>>>                                                 (Martin please
>>>                                                 confirm if this is
>>>                                                 still the case)
>>>
>>>                                                 For the rest I think
>>>                                                 we definitely need
>>>                                                 to breed in new life
>>>                                                 into projects
>>>                                                 participation. It
>>>                                                 can be that for
>>>                                                 projects with
>>>                                                 leaders located in
>>>                                                 USA, it will be more
>>>                                                 convenient to have a
>>>                                                 small summit there
>>>                                                 specially for them
>>>                                                 or, we can try to
>>>                                                 promote
>>>                                                 participation to
>>>                                                 projects (looking
>>>                                                 for volunteers,
>>>                                                 starting a project etc).
>>>
>>>                                                 So far , I don't
>>>                                                 think we can call
>>>                                                 this a Project
>>>                                                 Summit , and it
>>>                                                 might get down to
>>>                                                 ZAP/OWTF summit
>>>
>>>                                                 In that case is
>>>                                                 essential to know:
>>>
>>>                                                   * Identify how
>>>                                                     many people will
>>>                                                     be assisting to
>>>                                                     the ZAP and OWTF
>>>                                                     session
>>>                                                   * IF Traveling
>>>                                                     tickets and
>>>                                                     accommodation
>>>                                                     could be paid
>>>                                                     for ZAP/OWTF leaders
>>>                                                   * Coffee break
>>>                                                     sponsorship for
>>>                                                     the attendees of
>>>                                                     this summit
>>>
>>>                                                 That will basically
>>>                                                 resume the costs.
>>>                                                 based on this low
>>>                                                 attendance I don't
>>>                                                 think I'll be
>>>                                                 present in Amsterdam.
>>>
>>>                                                 I think we need to
>>>                                                 think of another
>>>                                                 strategy to promote
>>>                                                 Owasp projects
>>>                                                 through summits if
>>>                                                 we want to continue
>>>                                                 with this. What do
>>>                                                 we want to achieve
>>>                                                 indeed?
>>>
>>>                                                 My impression is
>>>                                                 that no new
>>>                                                 innovative projects
>>>                                                 are being started at
>>>                                                 OWASP.
>>>                                                 We definitely need
>>>                                                 new 'blood' and
>>>                                                 innovative thinkers
>>>
>>>
>>>                                                 Regards
>>>
>>>                                                 Johanna
>>>
>>>                                                 -- 
>>>                                                 You received this
>>>                                                 message because you
>>>                                                 are subscribed to
>>>                                                 the Google Groups
>>>                                                 "OWASP Projects Task
>>>                                                 Force" group.
>>>                                                 To unsubscribe from
>>>                                                 this group and stop
>>>                                                 receiving emails
>>>                                                 from it, send an
>>>                                                 email to
>>>                                                 projects-task-force+unsubscribe at owasp.org
>>>                                                 <mailto:projects-task-force+unsubscribe at owasp.org>.
>>>                                                 To post to this
>>>                                                 group, send email to
>>>                                                 projects-task-force at owasp.org
>>>                                                 <mailto:projects-task-force at owasp.org>.
>>>                                                 To view this
>>>                                                 discussion on the
>>>                                                 web visit
>>>                                                 https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com
>>>                                                 <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0OwMS2fHm8v2DuK7a2h8oXuo4WpPmiz3cKF2A%3DqXYJRg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>>>
>>>
>>>
>>>
>>>
>>>
>>>                                     _______________________________________________
>>>                                     OWASP-Leaders mailing list
>>>                                     OWASP-Leaders at lists.owasp.org
>>>                                     <mailto:OWASP-Leaders at lists.owasp.org>
>>>                                     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>>
>>>                     _______________________________________________
>>>                     Owasp-board mailing list
>>>                     Owasp-board at lists.owasp.org
>>>                     <mailto:Owasp-board at lists.owasp.org>
>>>                     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>                     _______________________________________________
>>                     Owasp-board mailing list
>>                     Owasp-board at lists.owasp.org
>>                     <mailto:Owasp-board at lists.owasp.org>
>>                     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>                 _______________________________________________
>>                 Owasp-board mailing list
>>                 Owasp-board at lists.owasp.org
>>                 <mailto:Owasp-board at lists.owasp.org>
>>                 https://lists.owasp.org/mailman/listinfo/owasp-board
>
>                 _______________________________________________
>                 Owasp-board mailing list
>                 Owasp-board at lists.owasp.org
>                 <mailto:Owasp-board at lists.owasp.org>
>                 https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>             _______________________________________________
>             Owasp-board mailing list
>             Owasp-board at lists.owasp.org
>             <mailto:Owasp-board at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150217/fe2d3872/attachment-0001.html>


More information about the Owasp-board mailing list