<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
span.EmailStyle20
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle21
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
 /* List Definitions */
 @list l0
        {mso-list-id:1830245191;
        mso-list-type:hybrid;
        mso-list-template-ids:-882615140 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-text:"%1\)";
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=WordSection1>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Fabio has asked for financial help to go to OWASP DC in Nov and
present his work on the OWASP ESAPI Swingset. His request seems very reasonable
and I think we should try to support this, but we just don’t have any
precedent for it.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So here is my question:<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>1)<span style='font:7.0pt "Times New Roman"'>     
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Do we want to simply support it out of Boardmember discretionary
funds?<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>2)<span style='font:7.0pt "Times New Roman"'>     
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Do we want to require our conferences to provide some amount of
budget to help OWASP project leaders present?<o:p></o:p></span></p>

<p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;
mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><span style='mso-list:Ignore'>a.<span
style='font:7.0pt "Times New Roman"'>      </span></span></span><![endif]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Maybe
at some ratio of the total # of speakers, like 1 for every 10 or something?<o:p></o:p></span></p>

<p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;
mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><span style='mso-list:Ignore'>b.<span
style='font:7.0pt "Times New Roman"'>      </span></span></span><![endif]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Such
funds to be used only upon request??<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>3)<span style='font:7.0pt "Times New Roman"'>     
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Do we want to set up a separate fund to support OWASP project
leaders presenting at OWASP conferences <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>In the past, the leaders employers have been paying for this,
which obviously saves OWASP money, and I’d think that we’d like to
continue that behavior when the employers are willing.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So, if we do any of these things I don’t think we want to make
a big deal out of it. Alternatively, we could make a big deal out of it in
order to encourage more OWASP project leaders to present their projects. I
think we should require such projects to be fairly active, but I doubt that
would be much of a problem.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thoughts?<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Dave<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Dave Wichers
[mailto:dave.wichers@owasp.org] <br>
<b>Sent:</b> Wednesday, September 22, 2010 8:16 AM<br>
<b>To:</b> 'fabio.e.cerullo@aib.ie'<br>
<b>Cc:</b> 'eoin.keary@owasp.org'<br>
<b>Subject:</b> RE: RE: Swingset @ AppSecDC 2010<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p> </o:p></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I agree with you in principle. OWASP just hasn’t done this
in the past, so we simply don’t have any precedent for this, and therefore
we don’t have any budget specifically set aside to support these kinds of
activities.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I’ll talk to the board to see what we can do. I agree
these are valuable to the OWASP community and we should support/encourage OWASP
contributors to speak at our conferences about their projects.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks, Dave<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>p.s. Has the work you’ve done been finalized and posted to
Google or OWASP? I wanted to let NSA know that your Swingset app was done and
available for them to play with.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> fabio.e.cerullo@aib.ie
[mailto:fabio.e.cerullo@aib.ie] <br>
<b>Sent:</b> Wednesday, September 22, 2010 6:53 AM<br>
<b>To:</b> Dave Wichers<br>
<b>Cc:</b> eoin.keary@owasp.org<br>
<b>Subject:</b> RE: RE: Swingset @ AppSecDC 2010<o:p></o:p></span></p>

</div>

<p class=MsoNormal><o:p> </o:p></p>

<p class=MsoNormal style='margin-bottom:12.0pt'><br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Hi Dave,</span>
<br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I understand
OWASP not covering expenses for everyone to attend conferences as this will
obviously be expensive, even prohibitive.</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>However, I
think special consideration should be taken for leaders who are promoting OWASP
across the globe on a voluntary basis.</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>In my
particular case, I've asked for resources at AIB (my employer) to build a
customized version of the Swingset application and then donate it to OWASP. </span><br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I think that is
supportive enough from my employer, and asking for funds to travel to the US in
order to present the tool at AppSec DC wouldn't be appropiate.</span> <br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I am not
planning on going to DC to mingle with potential clients/etc, but rather to
promote OWASP and some of its tools in that particular conference.</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>The OWASP
Ireland chapter (which I'm currently leading) is lucky enough to have funds
available thanks to hard work during the year and a tremendous effort by Eoin
and the rest of the team to put up a successful conference last week. However,
I think saying we need to use those funds to cover travel expenses is not fair
to the chapter or its members who paid their annual membership and are
expecting those funds to be used in their local community.</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>OWASP Ireland
obviously is not benefiting from me presenting SwingSet at DC and if I have to
stick to the rule, I shouldn't go to the AppSecDC conference for that
particular reason. However, if we look at our mission of 'making application
security visible' OWASP central should cover at least part of these costs
because the final beneficiary of this project in the end is... our global
community. </span><br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Please let me
know how would you like to proceed on this.</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thank you,</span>
<br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Fabio Cerullo<br>
Divisional Information Security <br>
Bankcentre D1, <br>
Ballsbridge,<br>
Dublin 4,<br>
Ireland.<br>
<br>
Tel: +353 1 772 6309<br>
Email: fabio.e.cerullo@aib.ie<br>
<br>
</span><o:p></o:p></p>

<table class=MsoNormalTable border=0 cellspacing=3 cellpadding=0 width="100%"
 style='width:100.0%'>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'></td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>"Dave
  Wichers" <dave.wichers@owasp.org></span></b> <o:p></o:p></p>
  <p><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>21/09/2010
  23:23</span> <o:p></o:p></p>
  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'> 
        </span><br>
  <span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>   
      To:        <fabio.e.cerullo@aib.ie></span>
  <br>
  <span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>   
      cc:        </span> <br>
  <span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>   
      Subject:        RE: RE: Swingset @ AppSecDC
  2010</span> <o:p></o:p></p>
  </td>
 </tr>
</table>

<p class=MsoNormal><br>
<br>
<br>
<br>
<span style='font-family:Consolas'>Fabio,</span> <o:p></o:p></p>

<p><span style='font-family:Consolas'>In general, presenters employers pay them
to attend/present as it looks good that their employer is supporting this kind
of work, and you get to mingle with potential clients, etc.</span> <o:p></o:p></p>

<p><span style='font-family:Consolas'>In this case, is AIB supportive of your
efforts and willing to pay your expenses, or are you in the situation where you</span>
<span style='font-family:Consolas'>would have to pay most or all of your own
expenses?</span> <o:p></o:p></p>

<p><span style='font-family:Consolas'>-Dave</span> <o:p></o:p></p>

<pre><o:p> </o:p></pre><pre>******************************************************<o:p></o:p></pre><pre>This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>This email has been scanned by an external email security system.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Allied Irish Banks<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Please consider the environment before printing this e-mail. <o:p></o:p></pre><pre>******************************************************<o:p></o:p></pre></div>

</body>

</html>