[Owasp-leaders] Reaching developers = cooperative hackathons

James Ruffer admin at unixbox.ws
Mon Sep 6 02:24:03 EDT 2010


We were thinking about doing a bslide maybe this would be better...thoughts
on us hosting something like this in Memphis?
Thank you for your time.

C|EH
1.312.238.8571  Mobile


On Mon, Sep 6, 2010 at 1:19 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Great initiative :)
>
> So for the other chapters that want to replicate the model (Justin???
> London?? :)  ), can you share more operational details?
>
>    - What environment did you had (from a technology and process point of
>    view). For example, was it similar to what Martin is doing with the CTF?
>    - How did you communicated to the Developers what they were going to
>    do?
>    - What did the developers do on those two days?  Was it just "come on,
>    bring your laptop, do/code what you want to do, and show the result in the
>    end"?
>    - Any changes from the original plan?
>    - What (if any) OWASP materials and projects did you use?
>    - Where did security fit in these?
>    - What could be done (from OWASP point of view) to improve it?
>    - Have OWASP books there,
>       - have a couple computers preloaded with OWASP materials,
>       - etc...
>    - you mention a WIKI page, is that shared to the world? (is it
>    available before?)
>    - favor: can you translate:
>    http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.htm<http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html>? :)
>
> This fits really nice with the 'Bring a developer to an OWASP conference' ,
> in fact maybe the overal program/initiative should be called 'Bring OWASP to
> developers'
>
> Dinis Cruz
>
> On 5 September 2010 21:00, John Wilander <john.wilander at owasp.org> wrote:
>
>> Dear OWASP leaders,
>>
>> At last year's AppSec USA I had several interesting discussions with you
>> on OWASP's inability to reach developers. We've been stuck in "Preaching for
>> the choir" far too long. The "Bring a developer" at this year's conference
>> will hopefully make a difference.
>>
>> But we can make a difference on a regional level too, especially all of us
>> who are chapter leaders! I have really been thinking "What can my chapter do
>> to reach out to more developers?"
>>
>> The solution was cooperation.
>>
>> This weekend OWASP Sweden successfully held "Community Hack" – a two-day
>> *hackathon* – together with the regional FOSS community (FOSS = Free Open
>> Source Software). A majority of the attendees were developers. Developers
>> who now know about OWASP. Many of them also joined our chapter.
>>
>> So what's the trick? Well, developers like to *do* things, such as
>> develop software. During hackathons you bring your computer and you *do*things. You learn new tools, try out new languges and frameworks, develop
>> new applications, and investigate the unknown. In other words appsec and
>> foss communities have much in common! During a hackathon you can always mix
>> in technical talks, demos and discussions. It's the perfect way of reaching
>> developers. We did it and it was a blast.
>>
>> If you'd like to have a Community Hack in your region or country, this is
>> what we did:
>>
>>    1. Make contact with the regional or national open source movement.
>>    They're good guys. Try to set up a cooperation for hack.
>>    2. Set up a wiki page where attendees can post which projects they're
>>    going to work on. This helps to inspire others who want to come but don't
>>    have a project yet.
>>    3. Get sponsoring for breakfast, soft drinks, snacks etc. It's easy
>>    since all the software companies want to sponsor. We had to reject a handful
>>    of sponsoring offers!
>>    4. Get a venue with office tables and a decent wireless network. We
>>    cooperated with academia who provided us with a place free of charge.
>>    5. Start the hackathon with a "stand up" where everybody gets to
>>    introduce themselves and their project during ~20 seconds.
>>    6. Hack away. Have breakout sessions with talks or workshops.
>>    Socialize. Tell non-chapter members about OWASP.
>>    7. End with a round of summaries or demos of what people have done.
>>
>> Please let me know if you try this out or if you already are running
>> hackathons.
>>
>>    Kind regards, John
>>
>>
>> PS.  I won't be attending the AppSec US in Irvine :(. Too busy and no
>> funding. Hope you all have a great time!  DS.
>>
>> PPS.  Swedish blog entry with pictures from the Community Hack:
>> http://owaspsweden.blogspot.com/2010/09/cmtyhack-ii-ar-over.html .  DS.
>>
>> --
>> John Wilander
>> Chapter leader OWASP Sweden, http://owaspsweden.blogspot.com
>> Conference chair OWASP AppSec Research 2010, http://owasp.se
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100906/ead6cca4/attachment.html 


More information about the OWASP-Leaders mailing list