[Owasp-portland] FLOSSHack Details and Potential Targets

Timothy D. Morgan tmorgan-owasp at vsecurity.com
Thu May 10 23:03:59 UTC 2012

Hi Wil,

> The options they were looking at to allow groups to use the space in
> the evenings/weekends for a reduced rate didn't pass the board vote so
> that is out.  As a member, I can sponsor 2 hours of meeting time this
> month for the OWASP meeting, anything over that hits the regular
> $35/hour rate.  

That's great to know about for future meetings with Collective Agency.  Thanks
for following up with that.  We could either find a sponsor for the meeting to
extend it to 4 hours for a very reasonable $70, or just have it elsewhere.
Anyone think their company would jump at the chance to sponsor it?

> I know we were talking about a longer get together so
> I'm not sure if that'll work or not.  Timothy, did you investigate
> getting any funds from OWASP?

I did read up on chapter funding, and besides the method we've been using so far
(having sponsors for individual meetings) it looks like we can either start
encouraging paid memberships or looking for local companies to sponsor us on an
annual basis.  I could probably ask the OWASP board for "start up" funds of some
sort, since we're a young chapter, but chances are they're going to come back at
some point with strong with encouragement to start asking people to join as
$50/year members.  (Going this route doesn't mean everyone must pay to join
meetings.  It just means we'd be pestering you all the time, OPB-style, to pony
up. =)  If you guys are cool with that, I'm fine with it as well, but I had
initially hoped to establish a strong attendance and regular meetings before
going there.

For FLOSSHack, I'm kind of interested in trying out FreeGeek.  We haven't had a
meeting there yet, and it seems it could accommodate quite a few people, even if
folks do get a bit spread out through the building.  (That may actually be OK
for this kind of event, as folks might want to be heads-down hacking now and
then with less interruption.)

> Regarding Ushahidi, it sounds like they've been making progress with
> their security group.  Some details are at
> http://wiki.ushahidi.com/display/WIKI/Security+Working+Group including
> the submission process (emailing them).  Security issues are published
> publicly at http://security.ushahidi.com/

Great!  I'm glad they are getting organized about their security posture.  Makes
reporting issues much easier.

> I'm still figuring out if they'd like to be present (live or virtual)
> at our meeting but I think the next steps here are to determine where
> and when we want to do this and how many people will show up.  Towards
> that end, I think scheduling online last time had good feedback, so I
> made a link we can schedule with:
> http://www.doodle.com/mu3486diwmrarpb4

Great.  I wanted to do this, but hadn't got around to it.  I think based on the
replies I received to the "weeknight vs. weekend" question, the majority of
people preferred doing it on a weekend.

The most important consideration, though, is scheduling with our venue.  If we
do go with FreeGeek, Sundays would probably be best based on what Paul told me
off-list.  Collective Agency probably has a bit more flexibility on this.

Unfortunately my schedule this month has become totally crazy and I will be out
of town for a lot of it.  I've added the weekend days I can do to the doodle
page (which are May 19 & 20, or June 2 & 3).  Doing the 2nd and 3rd is probably
safest from a planning perspective, but I also don't want to steal any thunder
from the meeting we have on the 10th.

> It's tough to find a good day so I threw some variety in there but
> it's by no means official - if everyone can find another good day or
> you want me to add one to the list just let me know, I just wanted to
> get the ball rolling.  We talked about meeting for 2-4 hours in an
> evening, so figure 6pm or so on whatever day?

I'm fine with doing it later in the day on the weekend, but earlier works too.
Earlier might be better on a Sunday.

> Also, did anyone else play with the virtual machine?  Any trouble
> getting it up and running?

No time yet. =(  I'm sure it won't be too tough to throw together though.

Thanks for keeping the ball rolling!

More information about the Owasp-portland mailing list