[Owasp-leaders] Reaching developers = cooperative hackathons

dinis cruz dinis.cruz at owasp.org
Mon Sep 6 02:19:25 EDT 2010

Great initiative :)

So for the other chapters that want to replicate the model (Justin???
London?? :)  ), can you share more operational details?

   - What environment did you had (from a technology and process point of
   view). For example, was it similar to what Martin is doing with the CTF?
   - How did you communicated to the Developers what they were going to do?
   - What did the developers do on those two days?  Was it just "come on,
   bring your laptop, do/code what you want to do, and show the result in the
   - Any changes from the original plan?
   - What (if any) OWASP materials and projects did you use?
   - Where did security fit in these?
   - What could be done (from OWASP point of view) to improve it?
   - Have OWASP books there,
      - have a couple computers preloaded with OWASP materials,
      - etc...
   - you mention a WIKI page, is that shared to the world? (is it available
   - favor: can you translate:

This fits really nice with the 'Bring a developer to an OWASP conference' ,
in fact maybe the overal program/initiative should be called 'Bring OWASP to

Dinis Cruz

On 5 September 2010 21:00, John Wilander <john.wilander at owasp.org> wrote:

> Dear OWASP leaders,
> At last year's AppSec USA I had several interesting discussions with you on
> OWASP's inability to reach developers. We've been stuck in "Preaching for
> the choir" far too long. The "Bring a developer" at this year's conference
> will hopefully make a difference.
> But we can make a difference on a regional level too, especially all of us
> who are chapter leaders! I have really been thinking "What can my chapter do
> to reach out to more developers?"
> The solution was cooperation.
> This weekend OWASP Sweden successfully held "Community Hack" – a two-day *
> hackathon* – together with the regional FOSS community (FOSS = Free Open
> Source Software). A majority of the attendees were developers. Developers
> who now know about OWASP. Many of them also joined our chapter.
> So what's the trick? Well, developers like to *do* things, such as develop
> software. During hackathons you bring your computer and you *do* things.
> You learn new tools, try out new languges and frameworks, develop new
> applications, and investigate the unknown. In other words appsec and foss
> communities have much in common! During a hackathon you can always mix in
> technical talks, demos and discussions. It's the perfect way of reaching
> developers. We did it and it was a blast.
> If you'd like to have a Community Hack in your region or country, this is
> what we did:
>    1. Make contact with the regional or national open source movement.
>    They're good guys. Try to set up a cooperation for hack.
>    2. Set up a wiki page where attendees can post which projects they're
>    going to work on. This helps to inspire others who want to come but don't
>    have a project yet.
>    3. Get sponsoring for breakfast, soft drinks, snacks etc. It's easy
>    since all the software companies want to sponsor. We had to reject a handful
>    of sponsoring offers!
>    4. Get a venue with office tables and a decent wireless network. We
>    cooperated with academia who provided us with a place free of charge.
>    5. Start the hackathon with a "stand up" where everybody gets to
>    introduce themselves and their project during ~20 seconds.
>    6. Hack away. Have breakout sessions with talks or workshops.
>    Socialize. Tell non-chapter members about OWASP.
>    7. End with a round of summaries or demos of what people have done.
> Please let me know if you try this out or if you already are running
> hackathons.
>    Kind regards, John
> PS.  I won't be attending the AppSec US in Irvine :(. Too busy and no
> funding. Hope you all have a great time!  DS.
> PPS.  Swedish blog entry with pictures from the Community Hack:
> http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html .  DS.
> --
> John Wilander
> Chapter leader OWASP Sweden, http://owaspsweden.blogspot.com
> Conference chair OWASP AppSec Research 2010, http://owasp.se
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100906/3d03ca37/attachment-0001.html 

More information about the OWASP-Leaders mailing list