[Owasp-summit-2013] (Why Summits are special) Re: Cancelation of the OWASP Summit 2013

Seba seba at owasp.org
Sat Apr 7 14:51:53 UTC 2012


Indeed a great testimony.

I'd like to make the summit more efficient and organize targeted
project/workgroup summits where we bring together people around project
We can hook these on the global appsec conferences or organize dedicated
mini-summits with remote 24h 'follow-the-sun' participation.

Why not do an O2 mini-summit in the coming months? Who is stopping you?
We can certainly seed this with the owasp project reboot initiative


On Sat, Apr 7, 2012 at 4:39 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Thanks Abe for providing one of the best descriptions of what makes Owasp
> Summit's special and worthwhile doing (please read his post below).
> If you've never been to one of our Summits, this is why they are so
> important and necessary (Imagine what we could achieve with regular Summits)
> Dinis Cruz
> On 6 Apr 2012, at 18:14, Abraham Kang <abraham.kang at owasp.org> wrote:
> Although, I agree with Jim in spirit.
> I have to admit that I was able to get things accomplished at the 2011
> Summit that would have taken longer had I not attended the Summit.
> I was kind of Stuck on the DOM based XSS cheat sheet because there were
> just so many existing ways and new ways of exploiting DOM based XSS.  I was
> lost in trying to understand the exploiting instead of focusing on the
> Mitigating.
> The Summit gave me an opportunity to work with some of top guys  ( Jim
> Manico, Stefano Di Paola, Robert Hansen, Gareth Hazes,  Chris Schmidt,
>  Mario Heiderich, Eduardo Nava, Achim Hoffman, John Stevens, Arian Evans,
> Mike Samuel, Jeremy Long, Dinis Cruz, and others please forgive me if I
> forgot to mention you) in Web security to get their ideas and refine mine.
> I also was able to bring up issues that were affecting adoption by large
> enterprises of OWASP materials with Jeff Williams and others.
> Finally, I was also able to meet the people interested in OWASP Web
> Development Guide (which I have been trying to reboot but having started a
> new job have failed to make much progress on) to discuss issues related to
> the guide and try to address them.
> All of this would have been impossible to do without the summit.
> I was also hoping to suggest that this year we try to bring other security
> members of the community that haven't traditionally participated (iSec
> Partners, Gotham Digital Science, etc.) in OWASP to the summit as I have
> great respect for those guys and think they could contribute greatly to the
> success of OWASP.
> The conference is viewed as being private but I thought it was open to
> anyone interested in contributing to OWASP.  I think people would be
> willing to pay to attend a conference where they could speak to other
> leaders in informal meetings on topics of interest and provide the
> additional benefit of OWASP deliverables.
> We are a very disperse group, it helps to get people together to work
> things out, discuss and see the other people as human beings. I have to
> admit that the conference was also a lot of fun.  I got to laugh with
> people I would have never had the chance to before this.  Jokes don't seem
> to go over as well when they are made over email.  I got to hear stories of
> (Larry's or Chris's -- the last names have been omitted to protect the
> Guilty) midget experiences/encounters.  I got to know of other people
> skeleton's in their closets.
> This allowed all of us to bond in a way that couldn't happen without a
> conference like this.
> Another benefit of these types of interactions is that everyone that
> attended last summit was involved with an OWASP project (which may be a
> good requirement).  I met Andras (my German brother) of WS-Attacks.organd although I haven't done a good job of it yet, I was hoping to reboot
> the OWASP Web Development Guide (I will send another email on that thread
> to explain my struggles) and see if I could use the content from
> WS-Attacks.org in the new guide (seeing as I did the translation revision
> for Andras) for the Web Services chapter.  If I didn't attend the Summit I
> wouldn't have met him and made this connection.
> Yes there were a couple of things that could have been handled better
> related to the usurping of funds from individual Chapter's accounts and we
> probably could have spent less money on the incidentals but there is great
> value in the Summit.
> OWASP Rocks!
> Warmest Regards,
> Abe
> Sorry for being so long winded.
> On Fri, Apr 6, 2012 at 3:46 AM, dinis cruz < <dinis.cruz at owasp.org>
> dinis.cruz at owasp.org> wrote:
>> Sorry Jim, but you are very wrong.
>> The last Summit represents the best of what OWASP can do, and nothing we
>> did that year come even close in generating so much work, energy,
>> serendipity and connections (not projects, chapters or conferences)
>> What you had there was a week of massive collaboration, relationship
>> creation, work , brainstorming and planning.
>> That Summit was not a private/closed party, just take a look at the
>> participants again (read it slowly paying attention to the name of the
>> attendee , it's company and reason for attending: <https://www.owasp.org/index.php/Summit_2011_Attendee>
>> https://www.owasp.org/index.php/Summit_2011_Attendee . Also take a look
>> at the planned tracks to see the wide range of topics that were on the
>> agenda:  <https://www.owasp.org/index.php/Category:Summit_2011_Tracks>
>> https://www.owasp.org/index.php/Category:Summit_2011_Tracks
>> Just about everybody that went to the Summit really worked hard, and we
>> showed that OWASP is the only organisation in the world that is able to put
>> in the same place (working together) individuals that are from different
>> companies, races, religions and politics.
>> THAT is spectacularly unique.
>> One of my favourite comments about the Summit was: 'Hey! This is just
>> like the UN, but actually working!'
>> For example the crowd that John was able to assemble in the browser track
>> had never meet before! (and some of them had even wrote a book before). And
>> they are not you typical OWASP crowd (ie we were reaching out)
>> Yes (on next summits) we need to be more focused on the deliverables,
>> handle better the post-summit activities and bring (even more)
>> developers/architects/business-reps/'non typical Owasp Contributor'
>> BUT!!!! let's not confuse the problems with the failed Summit 2013
>> attempt with the need for Owasp to have Summits.
>> I was publicly very critical of the Summit 2013 (namely when I stated
>> that 'I want to vote for a Summit Team+Vision, NOT for a venue
>> <http://diniscruz.blogspot.co.uk/2012/04/i-want-to-vote-for-summit-teamvision.html>
>> http://diniscruz.blogspot.co.uk/2012/04/i-want-to-vote-for-summit-teamvision.html), but that doesn't mean that we should abandon the Summit activities.
>> Summits should be key to OWASP's DNA since that is where we should
>> regularly meet to work hard, collaborate, present recent developments and
>> create action plans.
>> Inside my post I presented a really interesting concept of what a 'Summit
>> Proposal' should look like.
>> That is how (in my view) successful Summits are set-up and executed (that
>> is what I tried to do the last two Summits), so please let's make another
>> summit happen :)
>> Dinis Cruz
>> On 5 Apr 2012, at 23:59, Jim Manico < <jim.manico at owasp.org>
>> jim.manico at owasp.org> wrote:
>>  The Open Web Application Security Project (OWASP) is a 501(c)(3)
>> not-for-profit worldwide charitable organization focused on improving the
>> security of application software. Our mission is to make application
>> security visible, <https://www.owasp.org/index.php/Category:OWASP_Video> so
>> that people and organizations can make informed decisions<https://www.owasp.org/index.php/Industry:Citations> about
>> true application security risks. Everyone is free to participate in OWASP
>> and *all of our materials* are available under a free and open software
>> license.
>> How do summits directly serve the mission?
>> We need to get the word out and get outside the inner-circle of OWASP.
>> The summits are a very closed/private party. I think we could spends
>> those funds better.
>> Now, if you want to party on a boat or resort and talk AppSec then go for
>> it and I may join you. But please do not ask OWASP for funds to do it.
>> Now smaller focused summits that are project driven? Awesome. Less
>> expensive venues? Awesome.
>> Funding projects? Awesome.
>> My 2 cents,
>> --
>> Jim Manico
>> (808) 652-3805
>> On Apr 5, 2012, at 5:18 PM, Mauro Flores < <mauro.flores at owasp.org>
>> mauro.flores at owasp.org> wrote:
>> I agree. The last meeting was awesome, we could see each other faces, now
>> better and talk about how we can make things better in OWASP. We should
>> find a way to make the summit... Can someone explain a little better the
>> reasons why this decision was taken?
>> regards, Mauro Flores
>> El jue, 05-04-2012 a las 21:56 +0300, Konstantinos Papapanagiotou
>> escribió:
>> My 2 eurocents:
>> I believe OWASP is all about people.
>> The summit is a really important event for OWASP as it brings people
>> together from all over the world for a specific cause. Actually the
>> summit is what really got me going with OWASP.
>> Re-assessing financial priorities sounds very good. Finding cheaper
>> alternatives/venues/concepts for the summit also sounds good. Putting
>> the summit on "indefinite hold" sounds like canceling it: not good.
>> Kostas
>> On Thu, Apr 5, 2012 at 9:45 PM, Thomas Brennan < <tomb at owasp.org>tomb at owasp.org> wrote:
>> > FYI
>> >
>> >
>> > Begin forwarded message:
>> >
>> > From: Mark Bristow < <mark.bristow at owasp.org>mark.bristow at owasp.org>
>> > Date: April 5, 2012 2:41:30 PM EDT
>> > To: OWASP Summit 2013 < <owasp-summit-2013 at owasp.org>owasp-summit-2013 at owasp.org>
>> > Cc: global_conference_committee
>> > < <global_conference_committee at lists.owasp.org>global_conference_committee at lists.owasp.org>, OWASP Foundation Board List
>> > < <owasp-board at lists.owasp.org>owasp-board at lists.owasp.org>
>> > Subject: Cancelation of the OWASP Summit 2013
>> > Reply-To:  <owasp-summit-2013 at owasp.org>owasp-summit-2013 at owasp.org
>> >
>> > Team,
>> >
>> > It's with regret that I inform you that as of the board meeting today the
>> > OWASP board has decided to put all plans for a summit on indefinite hold for
>> > 2013.  They were careful to point out that this was not a reflection on this
>> > team or our decisions but rather a decision to re-prioritize OWASP resources
>> > and re-evaluate OWASP's conducting of Summits as a general activity.  As a
>> > result planning for the summit is on indefinite hold until the board can
>> > asses if they are appropriate activities for OWASP to conduct.
>> >
>> > I want to thank all of you for your volunteerism and excitement around the
>> > 2013 Summit planning.  I thought that we were gearing up to have a
>> > spectacular and unique event however as OWASP grows it's important that we
>> > re-asses our priorities.
>> >
>> > Regards,
>> >
>> > --
>> > Mark Bristow
>> > (703) 596-5175
>> >  <mark.bristow at owasp.org>mark.bristow at owasp.org
>> >
>> > OWASP Global Conferences Committee Chair -  <http://is.gd/5MTvF>http://is.gd/5MTvF
>> > OWASP DC Chapter Co-Chair -  <http://is.gd/5MTwu>http://is.gd/5MTwu
>> > AppSec DC Organizer -  <https://www.appsecdc.org>https://www.appsecdc.org
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "OWASP Summit 2013" group.
>> > To post to this group, send email to  <owasp-summit-2013 at owasp.org>owasp-summit-2013 at owasp.org.
>> > To unsubscribe from this group, send email to
>> >  <owasp-summit-2013+unsubscribe at owasp.org>owasp-summit-2013+unsubscribe at owasp.org.
>> > For more options, visit this group at
>> >  <http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en>http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
>  --
> You received this message because you are subscribed to the Google Groups
> "OWASP Summit 2013" group.
> To post to this group, send email to owasp-summit-2013 at owasp.org.
> To unsubscribe from this group, send email to
> owasp-summit-2013+unsubscribe at owasp.org.
> For more options, visit this group at
> http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To post to this group, send email to owasp-summit-2013 at owasp.org.
To unsubscribe from this group, send email to owasp-summit-2013+unsubscribe at owasp.org.
For more options, visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20120407/ffd6f794/attachment-0001.html>

More information about the Owasp-summit-2013 mailing list