[Owasp-leaders] Reaching developers = cooperative hackathons
john.wilander at owasp.org
Sun Sep 5 16:00:56 EDT 2010
Dear OWASP leaders,
At last year's AppSec USA I had several interesting discussions with you on
OWASP's inability to reach developers. We've been stuck in "Preaching for
the choir" far too long. The "Bring a developer" at this year's conference
will hopefully make a difference.
But we can make a difference on a regional level too, especially all of us
who are chapter leaders! I have really been thinking "What can my chapter do
to reach out to more developers?"
The solution was cooperation.
This weekend OWASP Sweden successfully held "Community Hack" – a two-day *
hackathon* – together with the regional FOSS community (FOSS = Free Open
Source Software). A majority of the attendees were developers. Developers
who now know about OWASP. Many of them also joined our chapter.
So what's the trick? Well, developers like to *do* things, such as develop
software. During hackathons you bring your computer and you *do* things. You
learn new tools, try out new languges and frameworks, develop new
applications, and investigate the unknown. In other words appsec and foss
communities have much in common! During a hackathon you can always mix in
technical talks, demos and discussions. It's the perfect way of reaching
developers. We did it and it was a blast.
If you'd like to have a Community Hack in your region or country, this is
what we did:
1. Make contact with the regional or national open source movement.
They're good guys. Try to set up a cooperation for hack.
2. Set up a wiki page where attendees can post which projects they're
going to work on. This helps to inspire others who want to come but don't
have a project yet.
3. Get sponsoring for breakfast, soft drinks, snacks etc. It's easy since
all the software companies want to sponsor. We had to reject a handful of
4. Get a venue with office tables and a decent wireless network. We
cooperated with academia who provided us with a place free of charge.
5. Start the hackathon with a "stand up" where everybody gets to
introduce themselves and their project during ~20 seconds.
6. Hack away. Have breakout sessions with talks or workshops. Socialize.
Tell non-chapter members about OWASP.
7. End with a round of summaries or demos of what people have done.
Please let me know if you try this out or if you already are running
Kind regards, John
PS. I won't be attending the AppSec US in Irvine :(. Too busy and no
funding. Hope you all have a great time! DS.
PPS. Swedish blog entry with pictures from the Community Hack:
http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html . DS.
Chapter leader OWASP Sweden, http://owaspsweden.blogspot.com
Conference chair OWASP AppSec Research 2010, http://owasp.se
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders