[Owasp-summit-2013] (Why Summits are special) Re: Cancelation of the OWASP Summit 2013
dinis.cruz at owasp.org
Sat Apr 7 14:39:01 UTC 2012
Thanks Abe for providing one of the best descriptions of what makes Owasp
Summit's special and worthwhile doing (please read his post below).
If you've never been to one of our Summits, this is why they are so
important and necessary (Imagine what we could achieve with regular Summits)
On 6 Apr 2012, at 18:14, Abraham Kang <abraham.kang at owasp.org> wrote:
Although, I agree with Jim in spirit.
I have to admit that I was able to get things accomplished at the 2011
Summit that would have taken longer had I not attended the Summit.
I was kind of Stuck on the DOM based XSS cheat sheet because there were
just so many existing ways and new ways of exploiting DOM based XSS. I was
lost in trying to understand the exploiting instead of focusing on the
The Summit gave me an opportunity to work with some of top guys ( Jim
Manico, Stefano Di Paola, Robert Hansen, Gareth Hazes, Chris Schmidt,
Mario Heiderich, Eduardo Nava, Achim Hoffman, John Stevens, Arian Evans,
Mike Samuel, Jeremy Long, Dinis Cruz, and others please forgive me if I
forgot to mention you) in Web security to get their ideas and refine mine.
I also was able to bring up issues that were affecting adoption by large
enterprises of OWASP materials with Jeff Williams and others.
Finally, I was also able to meet the people interested in OWASP Web
Development Guide (which I have been trying to reboot but having started a
new job have failed to make much progress on) to discuss issues related to
the guide and try to address them.
All of this would have been impossible to do without the summit.
I was also hoping to suggest that this year we try to bring other security
members of the community that haven't traditionally participated (iSec
Partners, Gotham Digital Science, etc.) in OWASP to the summit as I have
great respect for those guys and think they could contribute greatly to the
success of OWASP.
The conference is viewed as being private but I thought it was open to
anyone interested in contributing to OWASP. I think people would be
willing to pay to attend a conference where they could speak to other
leaders in informal meetings on topics of interest and provide the
additional benefit of OWASP deliverables.
We are a very disperse group, it helps to get people together to work
things out, discuss and see the other people as human beings. I have to
admit that the conference was also a lot of fun. I got to laugh with
people I would have never had the chance to before this. Jokes don't seem
to go over as well when they are made over email. I got to hear stories of
(Larry's or Chris's -- the last names have been omitted to protect the
Guilty) midget experiences/encounters. I got to know of other people
skeleton's in their closets.
This allowed all of us to bond in a way that couldn't happen without a
conference like this.
Another benefit of these types of interactions is that everyone that
attended last summit was involved with an OWASP project (which may be a
good requirement). I met Andras (my German brother) of WS-Attacks.org and
although I haven't done a good job of it yet, I was hoping to reboot the
OWASP Web Development Guide (I will send another email on that thread to
explain my struggles) and see if I could use the content from
WS-Attacks.orgin the new guide (seeing as I did the translation
revision for Andras) for
the Web Services chapter. If I didn't attend the Summit I wouldn't have
met him and made this connection.
Yes there were a couple of things that could have been handled better
related to the usurping of funds from individual Chapter's accounts and we
probably could have spent less money on the incidentals but there is great
value in the Summit.
Sorry for being so long winded.
On Fri, Apr 6, 2012 at 3:46 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
> Sorry Jim, but you are very wrong.
> The last Summit represents the best of what OWASP can do, and nothing we
> did that year come even close in generating so much work, energy,
> serendipity and connections (not projects, chapters or conferences)
> What you had there was a week of massive collaboration, relationship
> creation, work , brainstorming and planning.
> That Summit was not a private/closed party, just take a look at the
> participants again (read it slowly paying attention to the name of the
> attendee , it's company and reason for attending:
> https://www.owasp.org/index.php/Summit_2011_Attendee . Also take a look
> at the planned tracks to see the wide range of topics that were on the
> agenda: https://www.owasp.org/index.php/Category:Summit_2011_Tracks
> Just about everybody that went to the Summit really worked hard, and we
> showed that OWASP is the only organisation in the world that is able to put
> in the same place (working together) individuals that are from different
> companies, races, religions and politics.
> THAT is spectacularly unique.
> One of my favourite comments about the Summit was: 'Hey! This is just like
> the UN, but actually working!'
> For example the crowd that John was able to assemble in the browser track
> had never meet before! (and some of them had even wrote a book before). And
> they are not you typical OWASP crowd (ie we were reaching out)
> Yes (on next summits) we need to be more focused on the deliverables,
> handle better the post-summit activities and bring (even more)
> developers/architects/business-reps/'non typical Owasp Contributor'
> BUT!!!! let's not confuse the problems with the failed Summit 2013
> attempt with the need for Owasp to have Summits.
> I was publicly very critical of the Summit 2013 (namely when I stated that
> 'I want to vote for a Summit Team+Vision, NOT for a venue
> http://diniscruz.blogspot.co.uk/2012/04/i-want-to-vote-for-summit-teamvision.html), but that doesn't mean that we should abandon the Summit activities.
> Summits should be key to OWASP's DNA since that is where we should
> regularly meet to work hard, collaborate, present recent developments and
> create action plans.
> Inside my post I presented a really interesting concept of what a 'Summit
> Proposal' should look like.
> That is how (in my view) successful Summits are set-up and executed (that
> is what I tried to do the last two Summits), so please let's make another
> summit happen :)
> Dinis Cruz
> On 5 Apr 2012, at 23:59, Jim Manico <jim.manico at owasp.org> wrote:
> The Open Web Application Security Project (OWASP) is a 501(c)(3)
> not-for-profit worldwide charitable organization focused on improving the
> security of application software. Our mission is to make application
> security visible, <https://www.owasp.org/index.php/Category:OWASP_Video> so
> that people and organizations can make informed decisions<https://www.owasp.org/index.php/Industry:Citations> about
> true application security risks. Everyone is free to participate in OWASP
> and *all of our materials* are available under a free and open software
> How do summits directly serve the mission?
> We need to get the word out and get outside the inner-circle of OWASP.
> The summits are a very closed/private party. I think we could spends those
> funds better.
> Now, if you want to party on a boat or resort and talk AppSec then go for
> it and I may join you. But please do not ask OWASP for funds to do it.
> Now smaller focused summits that are project driven? Awesome. Less
> expensive venues? Awesome.
> Funding projects? Awesome.
> My 2 cents,
> Jim Manico
> (808) 652-3805
> On Apr 5, 2012, at 5:18 PM, Mauro Flores <mauro.flores at owasp.org> wrote:
> I agree. The last meeting was awesome, we could see each other faces, now
> better and talk about how we can make things better in OWASP. We should
> find a way to make the summit... Can someone explain a little better the
> reasons why this decision was taken?
> regards, Mauro Flores
> El jue, 05-04-2012 a las 21:56 +0300, Konstantinos Papapanagiotou
> My 2 eurocents:
> I believe OWASP is all about people.
> The summit is a really important event for OWASP as it brings people
> together from all over the world for a specific cause. Actually the
> summit is what really got me going with OWASP.
> Re-assessing financial priorities sounds very good. Finding cheaper
> alternatives/venues/concepts for the summit also sounds good. Putting
> the summit on "indefinite hold" sounds like canceling it: not good.
> On Thu, Apr 5, 2012 at 9:45 PM, Thomas Brennan <tomb at owasp.org> wrote:
> > FYI
> > Begin forwarded message:
> > From: Mark Bristow <mark.bristow at owasp.org>
> > Date: April 5, 2012 2:41:30 PM EDT
> > To: OWASP Summit 2013 <owasp-summit-2013 at owasp.org>
> > Cc: global_conference_committee
> > <global_conference_committee at lists.owasp.org>, OWASP Foundation Board List
> > <owasp-board at lists.owasp.org>
> > Subject: Cancelation of the OWASP Summit 2013
> > Reply-To: owasp-summit-2013 at owasp.org
> > Team,
> > It's with regret that I inform you that as of the board meeting today the
> > OWASP board has decided to put all plans for a summit on indefinite hold for
> > 2013. They were careful to point out that this was not a reflection on this
> > team or our decisions but rather a decision to re-prioritize OWASP resources
> > and re-evaluate OWASP's conducting of Summits as a general activity. As a
> > result planning for the summit is on indefinite hold until the board can
> > asses if they are appropriate activities for OWASP to conduct.
> > I want to thank all of you for your volunteerism and excitement around the
> > 2013 Summit planning. I thought that we were gearing up to have a
> > spectacular and unique event however as OWASP grows it's important that we
> > re-asses our priorities.
> > Regards,
> > --
> > Mark Bristow
> > (703) 596-5175
> > mark.bristow at owasp.org
> > OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> > OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> > AppSec DC Organizer - https://www.appsecdc.org
> > --
> > You received this message because you are subscribed to the Google Groups
> > "OWASP Summit 2013" group.
> > To post to this group, send email to owasp-summit-2013 at owasp.org.
> > To unsubscribe from this group, send email to
> > owasp-summit-2013+unsubscribe at owasp.org.
> > For more options, visit this group at
> > http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To post to this group, send email to owasp-summit-2013 at owasp.org.
To unsubscribe from this group, send email to owasp-summit-2013+unsubscribe at owasp.org.
For more options, visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-summit-2013