[Owasp-leaders] [Committees-chairs] [Global_chapter_committee] [Global_conference_committee] [owasp-board] Re: 2012 Speaker Agreement Update

Dave Wichers dave.wichers at owasp.org
Sun Jan 20 15:42:46 UTC 2013

I agree with you that they should be allowed to choose the open source
license they prefer.




From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Dirk Wetter
Sent: Sunday, January 20, 2013 5:58 AM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] [Committees-chairs] [Global_chapter_committee]
[Global_conference_committee] [owasp-board] Re: 2012 Speaker Agreement


Hi folks,

as I am just putting a draft for the CfP for AppSecEU 2013 together, I am
just wondering
whether anything has happening since the last discussion.

Specifically there's the question under which licence the slides would be
 IMO it would make sense that a participant is free to choose any CC-(/BY)-*
license. Right now
all published slides don't have any license if I understand this correctly.
So worst case is reader
of slides thinks its cc-zero and reusing that w/o attribution of any kind
for his/her purposes maybe
selling it has his invention, author thinks it's  cc-by-nc-nd. 

Another point: Published slides should not contain any copyrighted
materials. In a lot of countries
that might cause legal and financial trouble for OWASP. IMO for shorter
terms it is helpful that the 
speaker agreement is just pointing this out in order to avoid most common

Best,  Dirk

On 06/25/2012 01:52 PM, Tom Brennan wrote:

Did this thread result in a updated speaker agreement or just a discussion
about it?

Conferences / Chapters committee owns this - please advise of your
understanding and URL to current agreement

On Wed, Mar 28, 2012 at 7:08 PM, Jim Manico <jim.manico at owasp.org> wrote:

Personally, I think we need to enforce, strictly, only 2 points on speakers:


1) All presentations must be creative commons.

2) No vendor pitches.


Number 1 is easy to enforce. Number 2 is very difficult to enforce.


WhiteHat Security is very kindly sponsoring me to fly all over the
country/world to give vendor-neutral secure-coding creative-commons talks.
They asked me, very politely, to brand my PowerPoints as WhiteHat Security.
At first, I was really against this. But a few things changed my mind today.


1) WhiteHat is paying my salary, which helps support my ability to deliver
these talks

2) I would not be able to do this if it was  not for their support giving me
massive chunks of time to do this

3) WhiteHat is also a OWASP corporate sponsor and supports various OWASP

4) They are not trying to control ANY of my content; they are even helping
me clean up my creative-commons slide decks. 


My integrity matters to me. But I am starting to think that a company who
supports me giving a whole lot of vendor-neutral creative-commons secure
coding talks deserves some recognition.


Thoughts, community? Am I off base here?



Jim Manico

(808) 652-3805 <tel:%28808%29%20652-3805> 



On Mar 29, 2012, at 12:40 AM, Thomas Brennan <tomb at owasp.org> wrote:

We want to make a agreement that is acceptable to the goals and mission of
the association in raising application security.  


We don't want to have a paper-tiger agreement that is disregarded as to
complex and not enforced do we?


Revise and alert the speakers for AppSecDC AppSecUSA EMEA, LATAM etc etc..
If OWASP can't do this with our employees and volunteers then call it what
Seba noted best practice.


Content is content it's either valuable or it's not, I personally don't care
about a logo -- in many cases they paid the airfare, lodging and salary of
the speaker (this includes Government and other submitters) hence if the
preso sucks... It still sucks.  


The agreement is what I am changeling and asking the committees chapters and
conferences trot a health check - and the rest of the leaders for there
input as its their organization and they speak for the 160 chapters and
running conferences.


On Mar 28, 2012, at 6:22 PM, Jim Manico <jim.manico at owasp.org> wrote:

The speaker agreement is already very clear on the topic of presentation

" Speakers are encouraged to include their contact information when
introducing themselves, but may NOT include their logo on any visual and
handout materials. Speakers are to avoid any appearance of commercialism in
their session and presentations are to be of a technical or solutions

At least 50% of all speakers I have seen violate this, including board

The question is, do we want to enforce this policy (from Nov 2011)?

- Jim

A general remark from my side: only use the speaker agreement when in doubt.

We use this agreement very pragmatically in Belgium and have only pointed to
it upfront to speakers when we thought a certain speaker/topic could become
a commercial talk.


Otherwise: minimize the red tape :-)




On Wed, Mar 28, 2012 at 8:22 PM, Teresa Stevens
<teresa-ann-stevens at comcast.net> wrote:

I agree with Josh. Thanks,


Teresa Stevens, CISSP, MSIA, PMMC

Information Security Specialist - Team Leader

San Francisco Bay Area

510-842-8868 (home), 510-872-2187 (cell)



From: Josh Sokol <josh.sokol at owasp.org>
Date: Wed, 28 Mar 2012 11:13:22 -0500
To: Mark Bristow <mark.bristow at owasp.org>
Cc: "owasp-board at owasp.org" <owasp-board at owasp.org>,
"committees-chairs at lists.owasp.org" <committees-chairs at lists.owasp.org>,
global_conference_committee <global_conference_committee at lists.owasp.org>,
global_chapter_committee Committee
<global_chapter_committee at lists.owasp.org>, Eoin <eoin.keary at owasp.org>
Subject: Re: [Global_chapter_committee] [Global_conference_committee]
[owasp-board] Re: [Committees-chairs] 2012 Speaker Agreement Update


I agree with what Jason said.  I see no reason why a person should not be
able to include a company logo in a slide deck regardless of whether they
are a corporate member or not.  My $0.02:

* If the event has a presentation template, then corporate logos should be
limited to only the "About Me" page of the presentation.


On Wed, Mar 28, 2012 at 9:20 AM, Mark Bristow <mark.bristow at owasp.org>

I think these are reasonable changes except the no-logo on the "about me"
slide.  I think that's fine if we put a boundry on the size.  The GCC is in
the final process of selecting a new presentation template, so this will be
easy to add.

On Tue, Mar 27, 2012 at 12:29 PM, Eoin <eoin.keary at owasp.org> wrote:

I am happy with vendor logo as long as content isn't a vendor pitch or
vendor bespoke (ip) and covers off an issue which is in the open  body of


Eoin Keary 

BCC Risk Advisory

Owasp Global Board

+353 87 977 2988 <tel:%2B353%2087%20977%202988> 


On 27 Mar 2012, at 16:13, Jason Li <jason.li at owasp.org> wrote:

Agreed on the use of the template. 


What's the purpose of the restriction on the company logo? 


Is it an attempt to spur corporate membership? Is it meant to remove the
"vendor"-ness of a talk?


If the former, I think it actually comes across as off-putting and might
have the opposite effect... If the latter, then the inclusion of the company
logo if and only if they are an OWASP supporter seems overly restrictive
IMHO in comparison to the goal. 


What about updating the template to include a specific place and limited
small size for a logo and mandating the use of the template? That would
limit how much a presenter could plaster their logo across a presentation.



On Tue, Mar 27, 2012 at 9:35 AM, Tom Brennan <tomb at owasp.org> wrote:


Today OWASP utilizes a Speaker Agreement that outlines the rules for
compensation of speakers, required templates, audio/visual, vulnerabilities
disclosure and a laundry list of other terms.

The Document:  https://www.owasp.org/index.php/Speaker_Agreement

With the upcoming long list of AppSec<Regional>, AppSec<Global> and chapter
events  globally happening weekly enforcement of this policy or event
policing of this policy is difficult however the spirit of the speaker
agreement in keeping OWASP pure to technical, 


Committees-chairs mailing list
Committees-chairs at lists.owasp.org

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

skype: drwetter.de 
tel:   +49-40-2442035-1
German OWASP Board, Conference Chair AppSec EU 2013
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130120/d9c52289/attachment-0001.html>

More information about the OWASP-Leaders mailing list