[Owasp-leaders] New Working Sessions Added - Get involved!

Chris Schmidt chris.schmidt at owasp.org
Fri Jan 28 14:26:17 EST 2011

All  - 

I have added two more working sessions to the Summit and wanted to garner
some interest and involvement from you all as well as let you know what they
are and what they are about.

1. OWASP Projects Infrastructure (
http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 )

A lot of the OWASP Code Projects have reached a level of maturity and
acceptance where it would be beneficial to both contributors and our users
to create a cohesive OWASP Code Projects Infrastructure. There has been a
lot of off-list talk and interest in making this happen from my experience
and I think the Summit is the perfect venue to really get a concrete set of
plans and roadmap together for implementing this infrastructure. The main
focus of this session will be defining exactly what the needs of the OWASP
Code Projects are, what kind of solutions exist that we can leverage, and
what relationships do we have with partners that we can leverage in order to
provide a good project infrastructure for all of our wonderful code

2. OWASP Projects Security Bulletins (
http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 )

Our code projects and libraries have reached a point where we need to define
a clear disclosure policy for security flaws in those projects ­ including
project team responsibilities, expectations, and a framework and means for
those flaws to be reported both to OWASP from researchers and to OWASP
Project users. The aim of this working session will be to define an OWASP
Projects Security Disclosure Policy to cover all of these angles, a template
for use when notifying users, a leadership for the initiative, and a set of
expectations and rules for code projects to adhere to. This is imperative to
maintain our image within our community and help really bring our projects
to the next level as far as acceptance in enterprise organizations.

I invite anyone who may be interested in either of these sessions to please
hop on the page and drop your name on the list. I would also ask that we
refrain from delving too deeply into these topics prior to the summit and
rather than blasting out replies of praise or prejudice to these concepts,
make a note of it and join us!

Any questions regarding these sessions can be directed to me off-list.

I look forward to seeing you all at the summit and meeting those of you I
have not yet had the opportunity to meet!

Chris Schmidt
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
Blog: http://yet-another-dev.blogspot.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110128/81946b27/attachment.html 

More information about the OWASP-Leaders mailing list