[Owasp-leaders] Reaching developers = cooperative hackathons

Jeff Williams jeff.williams at owasp.org
Sun Sep 5 22:03:25 EDT 2010

This is a really cool idea.  Would be great to reach out to a bunch of open
source projects and offer them free time to work side-by-side with some
application security experts.  We could do some adhoc testing of their
software, teach them how to find vulnerabilities, and work with them on
defending against the T10 and more with some strong security controls.


Great idea - even though I'd prefer not to call this a "hackathon" J   How
about a "bootcamp" or something positive?





From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mark Bristow
Sent: Sunday, September 05, 2010 4:28 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Reaching developers = cooperative hackathons


This is a great idea John!  Actually just gave me a cool idea for a similar
"developer" based contest that perhaps we can do in DC.


On Sun, Sep 5, 2010 at 4:16 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

Hey John, (as I mention on the chat) don't use the funding as an excuse :)


If you're busy, well ... that's fair enough


But if you can find the time, see you in Irvine :)


On 5 Sep 2010, at 21:00, John Wilander <john.wilander at owasp.org> wrote:

Dear OWASP leaders,


At last year's AppSec USA I had several interesting discussions with you on
OWASP's inability to reach developers. We've been stuck in "Preaching for
the choir" far too long. The "Bring a developer" at this year's conference
will hopefully make a difference.


But we can make a difference on a regional level too, especially all of us
who are chapter leaders! I have really been thinking "What can my chapter do
to reach out to more developers?"


The solution was cooperation.


This weekend OWASP Sweden successfully held "Community Hack" - a two-day
hackathon - together with the regional FOSS community (FOSS = Free Open
Source Software). A majority of the attendees were developers. Developers
who now know about OWASP. Many of them also joined our chapter.


So what's the trick? Well, developers like to do things, such as develop
software. During hackathons you bring your computer and you do things. You
learn new tools, try out new languges and frameworks, develop new
applications, and investigate the unknown. In other words appsec and foss
communities have much in common! During a hackathon you can always mix in
technical talks, demos and discussions. It's the perfect way of reaching
developers. We did it and it was a blast.


If you'd like to have a Community Hack in your region or country, this is
what we did:

1.	Make contact with the regional or national open source movement.
They're good guys. Try to set up a cooperation for hack.
2.	Set up a wiki page where attendees can post which projects they're
going to work on. This helps to inspire others who want to come but don't
have a project yet.
3.	Get sponsoring for breakfast, soft drinks, snacks etc. It's easy
since all the software companies want to sponsor. We had to reject a handful
of sponsoring offers!
4.	Get a venue with office tables and a decent wireless network. We
cooperated with academia who provided us with a place free of charge.
5.	Start the hackathon with a "stand up" where everybody gets to
introduce themselves and their project during ~20 seconds.
6.	Hack away. Have breakout sessions with talks or workshops.
Socialize. Tell non-chapter members about OWASP.
7.	End with a round of summaries or demos of what people have done.

Please let me know if you try this out or if you already are running


   Kind regards, John



PS.  I won't be attending the AppSec US in Irvine :(. Too busy and no
funding. Hope you all have a great time!  DS.


PPS.  Swedish blog entry with pictures from the Community Hack:
http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html .  DS.

John Wilander
Chapter leader OWASP Sweden, http://owaspsweden.blogspot.com
Conference chair OWASP AppSec Research 2010, http://owasp.se

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

Mark Bristow

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
AppSec DC 2010 Organizer - https://www.appsecdc.org
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100905/b1430332/attachment.html 

More information about the OWASP-Leaders mailing list