[OWASP-IBWAS10] IBWAS'10 - Proposed conference agenda - Very draft

dinis cruz dinis.cruz at owasp.org
Mon Nov 22 06:29:37 EST 2010


Actually that is exactly what is not acceptable :)

The problem is that we have to make sure OWASP doesn't become an
advertizement engine for these companies.

It's a fine balance, but one that made OWASP what it is today

Also, from an audience point of view, people are so tired of marketing
messages that those type of presentations can actually backfire.

Let me give an example

- PT (Portugal Telecom) talking about their broadband products and maybe
it's security features: NOT Aceptable presentation

- PT presenting a case study on how when they secured their latest
generation of Broadband services, namely how they built their CERT , how
they added protection against DoS/Web-Worms/ Exploits and if they share some
stats on what they are seeing in their world (type of attacks, etc ...) :
Acceptable presentation

Both presentations will pass the same marketing message (PT has broadband
services with security built-in) but the 1st is NOT compatible with OWASP's
values and the 2nd is compatible (while ironically being more effective)

Dinis Cruz

On 22 Nov 2010, at 11:01, "Carlos Serrão" <carlos.serrao at iscte.pt> wrote:

Ok.

>From your experience, can they make a presentation about their products or
services, without making any reference to OWASP, and they don't make any
references that OWASP actually recommends their products?

Is this acceptable by OWASP terms?

Best regards,

On 2010/11/22, at 10:46, dinis cruz wrote:

Ok, just a warning here, we don't do 'vendor' talks at Owasp conference or
chapters

There is a very fine line here between a 'vendor pitch'/advertisement and a
'talk on a product/service XYZ that is delivered in a impartial way (and
that is relevant to the owasp community)'

Look for example what Jeremiah did with his talk in Brazil AppSec. He was
talking about web stats that he got via the service that his company
provides.

So be careful with managing the expectations of our sponsors since they have
to understand the message and type of presentation that is acceptable at
OWASP

If this is an obvious point to you, then sorry for making it. I just want to
make surer we don't go down the wrong path

Dinis Cruz

On 19 Nov 2010, at 23:50, Nuno Teodoro <nuno.filipe.teodoro at gmail.com>
wrote:

Ok, a sponsors talk has definitely  to exist, We know in Portugal sponsor
are scarce, and if they see true benefits (like talking about their stuff)
they're more likely to return next year :)

Doing it at the conference's end seems ok.

Best regards

*Nuno Filipe Martins da Silveira Teodoro*

*SCCM Junior Consultant at NOESIS*

*IM: * <nfteodoro at hotmail.com>nfteodoro at hotmail.com
*LinkedIn:*  <http://www.linkedin.com/in/nunoteodoro>
http://www.linkedin.com/in/nunoteodoro
*e-mail:*  <nuno.filipe.teodoro at gmail.com>nuno.filipe.teodoro at gmail.com
*mobile*: (00351) 919370496


Em 19 de novembro de 2010 23:46, Carlos Serrão < <carlos.serrao at iscte.pt>
carlos.serrao at iscte.pt> escreveu:

> Probably nothing... it may be replaced by a sponsors session.
> Best regards,
>
> On 2010/11/19, at 23:44, Nuno Teodoro wrote:
>
> I don't see anything wrong with this scheduling. I'm just wondering, what's
> on the end of the day where it says technical talk?
>
> Best regars
>
> *Nuno Filipe Martins da Silveira Teodoro*
>
> *SCCM Junior Consultant at NOESIS*
>
> *IM: * <nfteodoro at hotmail.com>nfteodoro at hotmail.com
> *LinkedIn:*  <http://www.linkedin.com/in/nunoteodoro>
> http://www.linkedin.com/in/nunoteodoro
> *e-mail:*  <nuno.filipe.teodoro at gmail.com>nuno.filipe.teodoro at gmail.com
> *mobile*: (00351) 919370496
>
>
> Em 19 de novembro de 2010 23:09, Carlos Serrão < <carlos.serrao at iscte.pt>
> carlos.serrao at iscte.pt> escreveu:
>
>> Dear all,
>> please find attached is a proposal (very draft) for the conference day.
>>
>> Your suggestions are quite welcome!
>>
>> I think we should also include a sponsors session at the conference in
>> some block.
>>
>> All your suggestions are welcome!!!
>>
>> Best regards,
>>
>>
>>
>>
>>       --
>> Carlos Serrão
>> ISCTE-IUL/ISTA/DCTI | ADETTI-IUL/NetMuST | PT.OWASP
>>
>>
>> _______________________________________________
>> Owasp-ibwas10 mailing list
>>  <Owasp-ibwas10 at lists.owasp.org>Owasp-ibwas10 at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/owasp-ibwas10>
>> https://lists.owasp.org/mailman/listinfo/owasp-ibwas10
>>
>>
> _______________________________________________
> Owasp-ibwas10 mailing list
> <Owasp-ibwas10 at lists.owasp.org>Owasp-ibwas10 at lists.owasp.org
>  <https://lists.owasp.org/mailman/listinfo/owasp-ibwas10>
> https://lists.owasp.org/mailman/listinfo/owasp-ibwas10
>
>
>       --
> Carlos Serrão
> ISCTE-IUL/ISTA/DCTI | ADETTI-IUL/NetMuST | PT.OWASP
>
>
> _______________________________________________
> Owasp-ibwas10 mailing list
>  <Owasp-ibwas10 at lists.owasp.org>Owasp-ibwas10 at lists.owasp.org
>  <https://lists.owasp.org/mailman/listinfo/owasp-ibwas10>
> https://lists.owasp.org/mailman/listinfo/owasp-ibwas10
>
>
_______________________________________________
Owasp-ibwas10 mailing list
Owasp-ibwas10 at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-ibwas10

_______________________________________________
Owasp-ibwas10 mailing list
Owasp-ibwas10 at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-ibwas10


--
Carlos Serrão
ISCTE-IUL/ISTA/DCTI | ADETTI-IUL/NetMuST | PT.OWASP

_______________________________________________
Owasp-ibwas10 mailing list
Owasp-ibwas10 at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-ibwas10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ibwas10/attachments/20101122/80316959/attachment-0001.html 


More information about the Owasp-ibwas10 mailing list