[Owasp-leaders] Introducing FLOSSHack

Tim Morgan tim.morgan at owasp.org
Wed Nov 7 22:41:04 UTC 2012

Greetings OWASP Leaders,

I want to bring to your attention an experimental project that the
Portland, Oregon OWASP chapter has been working on this year.  The
project is structured as a hacking competition and workshop and is
motivated by two observations I've made over the years:

* It's hard to find good pentesters

* Lots of organizations need application security testing, but simply
  can't afford it

Free/Libre Open Source Software Hacking (FLOSSHack) events are
designed to bring together individuals interested in learning more
about application security with open source projects and organizations
in need of low cost or pro bono security auditing.  FLOSSHack provides
a friendly, but mildly competitive, workshop environment in which
participants learn about and search for vulnerabilities in selected
software. In turn, selected open source projects and qualified
non-profit organizations benefit from additional quality assurance and
security guidance.

You can learn more about my thoughts on how best to organize FLOSSHack
events here:

We held our first FLOSSHack event in July and I think it was quite

We learned a lot about what works and what doesn't, so I hope to make
our next FLOSSHack even more effective.  My ultimate goal is that
these events become more streamlined and organized to where other
OWASP chapters can easily throw their own FLOSSHack events.  If any of
you are interested in holding a similar event or would like to help in
other ways, please let me know.


* Thanks much to Wil Clouser, Michael Coates, Ushahidi, and all of the
  participants who made this possible

More information about the OWASP-Leaders mailing list