[Owasp-leaders] Reaching developers = cooperative hackathons

dinis cruz dinis.cruz at owasp.org
Sun Sep 5 16:16:51 EDT 2010

Hey John, (as I mention on the chat) don't use the funding as an excuse :)

If you're busy, well ... that's fair enough

But if you can find the time, see you in Irvine :)


On 5 Sep 2010, at 21:00, John Wilander <john.wilander at owasp.org> wrote:

Dear OWASP leaders,

At last year's AppSec USA I had several interesting discussions with you on
OWASP's inability to reach developers. We've been stuck in "Preaching for
the choir" far too long. The "Bring a developer" at this year's conference
will hopefully make a difference.

But we can make a difference on a regional level too, especially all of us
who are chapter leaders! I have really been thinking "What can my chapter do
to reach out to more developers?"

The solution was cooperation.

This weekend OWASP Sweden successfully held "Community Hack" – a two-day *
hackathon* – together with the regional FOSS community (FOSS = Free Open
Source Software). A majority of the attendees were developers. Developers
who now know about OWASP. Many of them also joined our chapter.

So what's the trick? Well, developers like to *do* things, such as develop
software. During hackathons you bring your computer and you *do* things. You
learn new tools, try out new languges and frameworks, develop new
applications, and investigate the unknown. In other words appsec and foss
communities have much in common! During a hackathon you can always mix in
technical talks, demos and discussions. It's the perfect way of reaching
developers. We did it and it was a blast.

If you'd like to have a Community Hack in your region or country, this is
what we did:

   1. Make contact with the regional or national open source movement.
   They're good guys. Try to set up a cooperation for hack.
   2. Set up a wiki page where attendees can post which projects they're
   going to work on. This helps to inspire others who want to come but don't
   have a project yet.
   3. Get sponsoring for breakfast, soft drinks, snacks etc. It's easy since
   all the software companies want to sponsor. We had to reject a handful of
   sponsoring offers!
   4. Get a venue with office tables and a decent wireless network. We
   cooperated with academia who provided us with a place free of charge.
   5. Start the hackathon with a "stand up" where everybody gets to
   introduce themselves and their project during ~20 seconds.
   6. Hack away. Have breakout sessions with talks or workshops. Socialize.
   Tell non-chapter members about OWASP.
   7. End with a round of summaries or demos of what people have done.

Please let me know if you try this out or if you already are running

   Kind regards, John

PS.  I won't be attending the AppSec US in Irvine :(. Too busy and no
funding. Hope you all have a great time!  DS.

PPS.  Swedish blog entry with pictures from the Community Hack:
http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html .  DS.

John Wilander
Chapter leader OWASP Sweden, http://owaspsweden.blogspot.com
Conference chair OWASP AppSec Research 2010, http://owasp.se

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100905/069787bd/attachment.html 

More information about the OWASP-Leaders mailing list