[Owasp-board] Please how to avoid this - conference codes in mailing list

johanna curiel curiel johanna.curiel at owasp.org
Fri Feb 24 21:52:02 UTC 2017


>To reach the project leaders in a timely fashion, we made the decision to
send them via the leader list - the best method to ensure we reached
project leaders without potentially missing the leaders.  This was a
one-time decision done to maximize coverage of the community leaders,
especially project leaders. Our preference was to broadcast those codes and
reach all leaders over missing some of our valued community leaders.

Thank you Matt for this feedback.

I recall very clearly that once I was 'warned' not to give other
people these codes , while they are being sent in the Open ;-P

Tiffany and Claudia should have an updated list of the emails of these
leaders.

Glad to hear that you and the staff are working out through these issues
and I assume having an updated list of project and chapter leaders is a
regular and continuos maintenance work. I used to do it sometime ago ;-)

Regards

Johanna

On Fri, Feb 24, 2017 at 6:01 PM, Matt Tesauro <matt.tesauro at owasp.org>
wrote:

> TLDR:
>
> This was a conscious, one-time decision on the part of the staff based on
> the available systems and data stores to get the discount codes out to the
> leaders in our community with maximum coverage.  There are compensating
> controls in place currently to catch any abuse of the OWASP leader discount
> codes.
>
> The new AMS system currently being installed/upgraded will be used for
> future registrations and can better handle leader discount codes.
>
> NON-TLDR:
>
> When Laura asked the O&A Committee how she should get the discount codes
> out to our leaders, the default answer was to run a report of leaders in
> Saleforce and directly email each person on that report - aka those people
> SF has listed as OWASP Leaders.
>
> While gathering this list from Salesforce, Laura noticed that there were
> some omissions of project leaders and talked with Claudia about it.
>
> As part of our current migration effort to the new AMS, we are doing
> reviews/sanity checking of the leadership of all chapters and projects.
> This is a significant undertaking and the effort for projects is still in
> process.  This lead to missing and incorrect data in the SF report for
> project.
>
> We revised the report to remove project leaders from the SF output and
> sent the discount code to the non-project leaders.
>
> To reach the project leaders in a timely fashion, we made the decision to
> send them via the leader list - the best method to ensure we reached
> project leaders without potentially missing the leaders.  *This was a
> one-time decision done to maximize coverage of the community leaders,
> especially project leaders. Our preference was to broadcast those codes and
> reach all leaders over missing some of our valued community leaders.*
>
> Note:  AppSec EU is using the existing registration system which is does
> not support a robust method of doing discount codes.  Historically, Laura
> has checked all registrations using the leader discount code against our
> Salesforce data and verified with Claudia or Tiffany where there were gaps
> in our data.  The same process is in place for the AppSec EU 2017
> registration so any inappropriate use of those code will be caught by the
> above process.
>
> Going forward, the new AMS upgrade will handle conference registrations
> and has a significantly enhanced functionality for discount codes,
> including verifying at registration time the registrant's leadership status
> in Salesforce and unique discount codes for each individual.
>
> HTH
>
> Cheers!
>
> --
> -- Matt Tesauro
> OWASP AppSec Pipeline Lead
> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
> OWASP WTE Project Lead
> *https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
> <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
> http://AppSecLive.org <http://appseclive.org/> - Community and Download
> site
>
>
> On Thu, Feb 23, 2017 at 12:21 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>>
>> Hi All
>>
>> This is the second year that we publish all the 'conference free of
>> charge' discount codes in the mailing list!!!!!
>>
>> I mentioned this last year! People can just find this info online and go
>> for free without being a leader, or...is there any form of control that the
>> person that used the code is an actual OWASP leader
>>
>> How can we avoid this mistake again?
>>
>> Regards
>>
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20170224/6819634c/attachment.html>


More information about the Owasp-board mailing list