[Owasp-leaders] Reaching developers = cooperative hackathons
dinis.cruz at owasp.org
Mon Sep 6 02:19:25 EDT 2010
Great initiative :)
So for the other chapters that want to replicate the model (Justin???
London?? :) ), can you share more operational details?
- What environment did you had (from a technology and process point of
view). For example, was it similar to what Martin is doing with the CTF?
- How did you communicated to the Developers what they were going to do?
- What did the developers do on those two days? Was it just "come on,
bring your laptop, do/code what you want to do, and show the result in the
- Any changes from the original plan?
- What (if any) OWASP materials and projects did you use?
- Where did security fit in these?
- What could be done (from OWASP point of view) to improve it?
- Have OWASP books there,
- have a couple computers preloaded with OWASP materials,
- you mention a WIKI page, is that shared to the world? (is it available
- favor: can you translate:
This fits really nice with the 'Bring a developer to an OWASP conference' ,
in fact maybe the overal program/initiative should be called 'Bring OWASP to
On 5 September 2010 21:00, John Wilander <john.wilander at owasp.org> wrote:
> Dear OWASP leaders,
> At last year's AppSec USA I had several interesting discussions with you on
> OWASP's inability to reach developers. We've been stuck in "Preaching for
> the choir" far too long. The "Bring a developer" at this year's conference
> will hopefully make a difference.
> But we can make a difference on a regional level too, especially all of us
> who are chapter leaders! I have really been thinking "What can my chapter do
> to reach out to more developers?"
> The solution was cooperation.
> This weekend OWASP Sweden successfully held "Community Hack" – a two-day *
> hackathon* – together with the regional FOSS community (FOSS = Free Open
> Source Software). A majority of the attendees were developers. Developers
> who now know about OWASP. Many of them also joined our chapter.
> So what's the trick? Well, developers like to *do* things, such as develop
> software. During hackathons you bring your computer and you *do* things.
> You learn new tools, try out new languges and frameworks, develop new
> applications, and investigate the unknown. In other words appsec and foss
> communities have much in common! During a hackathon you can always mix in
> technical talks, demos and discussions. It's the perfect way of reaching
> developers. We did it and it was a blast.
> If you'd like to have a Community Hack in your region or country, this is
> what we did:
> 1. Make contact with the regional or national open source movement.
> They're good guys. Try to set up a cooperation for hack.
> 2. Set up a wiki page where attendees can post which projects they're
> going to work on. This helps to inspire others who want to come but don't
> have a project yet.
> 3. Get sponsoring for breakfast, soft drinks, snacks etc. It's easy
> since all the software companies want to sponsor. We had to reject a handful
> of sponsoring offers!
> 4. Get a venue with office tables and a decent wireless network. We
> cooperated with academia who provided us with a place free of charge.
> 5. Start the hackathon with a "stand up" where everybody gets to
> introduce themselves and their project during ~20 seconds.
> 6. Hack away. Have breakout sessions with talks or workshops.
> Socialize. Tell non-chapter members about OWASP.
> 7. End with a round of summaries or demos of what people have done.
> Please let me know if you try this out or if you already are running
> Kind regards, John
> PS. I won't be attending the AppSec US in Irvine :(. Too busy and no
> funding. Hope you all have a great time! DS.
> PPS. Swedish blog entry with pictures from the Community Hack:
> http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html . DS.
> John Wilander
> Chapter leader OWASP Sweden, http://owaspsweden.blogspot.com
> Conference chair OWASP AppSec Research 2010, http://owasp.se
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders