[Owasp-leaders] Some proposed Visions for next OWASP Summit

dinis cruz dinis.cruz at owasp.org
Fri Apr 6 14:01:27 UTC 2012


In case some of you are thinking of putting energy in creating the next
OWASP Summit, I really think that the 'Summit Proposal' concept I detailed
here<http://diniscruz.blogspot.co.uk/2012/04/i-want-to-vote-for-summit-teamvision.html>
is
a good model.

So starting from the point that first we need a strong theme/vision, here
are a couple ideas:

   - *OWASP Summit on OWASP Projects* - This would actually be at least one
   or more 'mini-Summit(s)' followed by a bigger one. The mini-summit(s) would
   be focused on very specific OWASP project's activities (project review,
   project's normalization/mapping,  project XYZ, work, project's
   consolidation, GIT migration, etc...) with the bigger Summit the one where
   the results (of those mini-summits) would be presented, and the main
   stakeholders (i.e. the OWASP Projects users) would come together to learn,
   share and collaborate

   - *OWASP Summit on Web Frameworks - *This would be the location where
   the key players of Web Frameworks (like Spring, Struts, Apache Shiro, RoR,
   ASP.NET, J2EE Stack,Grails etc...) would come together with OWASP's
   community, AND developers AND their 'clients'. The key objective would be
   to figure out how to help to make those frameworks/platforms 'secure by
   default' or at least to allow developers to easily code them in a secure
   way. In fact we could even be a bit radical and do a  *OWASP Summit
   on Apache Shiro *(http://shiro.apache.org/) since those guys are clearly
   doing something right and have the momentum in working with key frameworks

   - *OWASP Summit on Static Analysis*  - This is one that I'm specially
   very interested in, and would be focused on figuring a way to really make
   Static Analysis work in a web security world. There is so much potential
   with SAST technology which currently is not fulfilled because the multiple
   parties (from tools developers, to security consultants, to users, to
   clients, to regulatory bodies, etc...) are not collaborating and working
   together to figure out a number of Open Standards which we call all use to
   communicate (for example why can't we feed static analysis data to a web
   proxy/scanner like ZAP?)

   - *OWASP Summit on Web Privacy* - Privacy is becoming more and more a
   big issue in the Web World, and with: a) Browsers adding features
like the Do
   not track header <http://en.wikipedia.org/wiki/Do_not_track_header> (
   http://donottrack.us/ ), b) new laws being passed, c) recent big
   privacies breaches, d) governments regulatory bodies wanting to do
   something about it , and ... {many more recent developments} ...  Privacy
   is definitely a topic which will draw a good crowd (and although one day it
   might be big enough to have it's own dedicated 'Brower Summit', I think in
   the short them, the Browser track (following the work done at the last
   Summit) should be part of this Summit).

Of course that there are many other hot topics or OWASP Projects we could
create a Summit around (ESAPI, OpenSamm, Guide Trilogy, Cloud, DAST, Secure
Coding, Code Review, PenTesting, etc...), what is needed to make it happen
is a core team with passion and energy for it.

On the financial side of things, one thing that  OWASP could do is to
say:*"Here is 50k seed money, the rest you need to find from other
sources
(including internally like OWASP Chapers)"*. And maybe even that 50k is not
needed (if there is enough energy and supporters willing to buy '20k Summit
tickets' )

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120406/a38b05e8/attachment.html>


More information about the OWASP-Leaders mailing list