[Owasp-summit-2013] (Why Summits are special) Re: Cancelation of the OWASP Summit 2013

Konstantinos Papapanagiotou Konstantinos at owasp.org
Mon Apr 9 11:12:39 UTC 2012

This is an amazing initiative but in my opinion mini-summits are very much
different from THE Summit.

A mini-summit is more like a hackathon or a workshop where you focus on 1,
2 or maybe 3 projects. In the Summit you had a chance to see OWASP as a
whole. I learned about projects I had never heard before and witnessed the
creation of several others. I had the chance to not only meet with a couple
of project leaders and contributors but practically with everyone,
expanding my interests in areas I had never thought of before.

I'm also not so much in favour of an open source organization funding its
own projects, ie paying developers/leaders/contributors to update the
projects, although I can definitely see the benefits. YES, this is hard
work that should be paid, but ideally there should be a company (e.g.
Google as we're also evaluating GSOC proposals these days) wishing to
invest on specific projects. Otherwise the whole concept of contribution to
the community is somehow lost.

Anyway, we will be organizing project workshops in AppSec Research in July.
This is something that we wanted to do from the beginning, and has nothing
to do with the recent news :)
Announcement and "call for projects" will appear soon on the leaders list.


On Sat, Apr 7, 2012 at 7:48 PM, Eoin <eoin.keary at owasp.org> wrote:

> The project reboot wiki shall be set up early next week.
> We have $100k I'm principal to use for this first phase.
> It can be used for mini summits for projects, paying contributors for
> rewrites, marketing, awareness, QA, user guide dev, WBT and training
> sessions.
> I recommend you take a look at the idea in principal when the wiki is up.
> -ek
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 7 Apr 2012, at 15:51, Seba <seba at owasp.org> wrote:
> Dinis,
> Indeed a great testimony.
> I'd like to make the summit more efficient and organize targeted
> project/workgroup summits where we bring together people around project
> reboots
> We can hook these on the global appsec conferences or organize dedicated
> mini-summits with remote 24h 'follow-the-sun' participation.
> Why not do an O2 mini-summit in the coming months? Who is stopping you?
> We can certainly seed this with the owasp project reboot initiative
> --seba
> On Sat, Apr 7, 2012 at 4:39 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> Thanks Abe for providing one of the best descriptions of what makes Owasp
>> Summit's special and worthwhile doing (please read his post below).
>> If you've never been to one of our Summits, this is why they are so
>> important and necessary (Imagine what we could achieve with regular Summits)
>> Dinis Cruz
>> On 6 Apr 2012, at 18:14, Abraham Kang <abraham.kang at owasp.org> wrote:
>> Although, I agree with Jim in spirit.
>> I have to admit that I was able to get things accomplished at the 2011
>> Summit that would have taken longer had I not attended the Summit.
>> I was kind of Stuck on the DOM based XSS cheat sheet because there were
>> just so many existing ways and new ways of exploiting DOM based XSS.  I was
>> lost in trying to understand the exploiting instead of focusing on the
>> Mitigating.
>> The Summit gave me an opportunity to work with some of top guys  ( Jim
>> Manico, Stefano Di Paola, Robert Hansen, Gareth Hazes,  Chris Schmidt,
>>  Mario Heiderich, Eduardo Nava, Achim Hoffman, John Stevens, Arian Evans,
>> Mike Samuel, Jeremy Long, Dinis Cruz, and others please forgive me if I
>> forgot to mention you) in Web security to get their ideas and refine mine.
>> I also was able to bring up issues that were affecting adoption by large
>> enterprises of OWASP materials with Jeff Williams and others.
>> Finally, I was also able to meet the people interested in OWASP Web
>> Development Guide (which I have been trying to reboot but having started a
>> new job have failed to make much progress on) to discuss issues related to
>> the guide and try to address them.
>> All of this would have been impossible to do without the summit.
>> I was also hoping to suggest that this year we try to bring other
>> security members of the community that haven't traditionally participated
>> (iSec Partners, Gotham Digital Science, etc.) in OWASP to the summit as I
>> have great respect for those guys and think they could contribute greatly
>> to the success of OWASP.
>> The conference is viewed as being private but I thought it was open to
>> anyone interested in contributing to OWASP.  I think people would be
>> willing to pay to attend a conference where they could speak to other
>> leaders in informal meetings on topics of interest and provide the
>> additional benefit of OWASP deliverables.
>> We are a very disperse group, it helps to get people together to work
>> things out, discuss and see the other people as human beings. I have to
>> admit that the conference was also a lot of fun.  I got to laugh with
>> people I would have never had the chance to before this.  Jokes don't seem
>> to go over as well when they are made over email.  I got to hear stories of
>> (Larry's or Chris's -- the last names have been omitted to protect the
>> Guilty) midget experiences/encounters.  I got to know of other people
>> skeleton's in their closets.
>> This allowed all of us to bond in a way that couldn't happen without a
>> conference like this.
>> Another benefit of these types of interactions is that everyone that
>> attended last summit was involved with an OWASP project (which may be a
>> good requirement).  I met Andras (my German brother) of WS-Attacks.organd although I haven't done a good job of it yet, I was hoping to reboot
>> the OWASP Web Development Guide (I will send another email on that thread
>> to explain my struggles) and see if I could use the content from
>> WS-Attacks.org in the new guide (seeing as I did the translation
>> revision for Andras) for the Web Services chapter.  If I didn't attend the
>> Summit I wouldn't have met him and made this connection.
>> Yes there were a couple of things that could have been handled better
>> related to the usurping of funds from individual Chapter's accounts and we
>> probably could have spent less money on the incidentals but there is great
>> value in the Summit.
>> OWASP Rocks!
>> Warmest Regards,
>> Abe
>> Sorry for being so long winded.
>> On Fri, Apr 6, 2012 at 3:46 AM, dinis cruz < <dinis.cruz at owasp.org>
>> dinis.cruz at owasp.org> wrote:
>>> Sorry Jim, but you are very wrong.
>>> The last Summit represents the best of what OWASP can do, and nothing we
>>> did that year come even close in generating so much work, energy,
>>> serendipity and connections (not projects, chapters or conferences)
>>> What you had there was a week of massive collaboration, relationship
>>> creation, work , brainstorming and planning.
>>> That Summit was not a private/closed party, just take a look at the
>>> participants again (read it slowly paying attention to the name of the
>>> attendee , it's company and reason for attending: <https://www.owasp.org/index.php/Summit_2011_Attendee>
>>> https://www.owasp.org/index.php/Summit_2011_Attendee . Also take a look
>>> at the planned tracks to see the wide range of topics that were on the
>>> agenda:  <https://www.owasp.org/index.php/Category:Summit_2011_Tracks>
>>> https://www.owasp.org/index.php/Category:Summit_2011_Tracks
>>> Just about everybody that went to the Summit really worked hard, and we
>>> showed that OWASP is the only organisation in the world that is able to put
>>> in the same place (working together) individuals that are from different
>>> companies, races, religions and politics.
>>> THAT is spectacularly unique.
>>> One of my favourite comments about the Summit was: 'Hey! This is just
>>> like the UN, but actually working!'
>>> For example the crowd that John was able to assemble in the browser
>>> track had never meet before! (and some of them had even wrote a book
>>> before). And they are not you typical OWASP crowd (ie we were reaching out)
>>> Yes (on next summits) we need to be more focused on the deliverables,
>>> handle better the post-summit activities and bring (even more)
>>> developers/architects/business-reps/'non typical Owasp Contributor'
>>> BUT!!!! let's not confuse the problems with the failed Summit 2013
>>> attempt with the need for Owasp to have Summits.
>>> I was publicly very critical of the Summit 2013 (namely when I stated
>>> that 'I want to vote for a Summit Team+Vision, NOT for a venue
>>> <http://diniscruz.blogspot.co.uk/2012/04/i-want-to-vote-for-summit-teamvision.html>
>>> http://diniscruz.blogspot.co.uk/2012/04/i-want-to-vote-for-summit-teamvision.html), but that doesn't mean that we should abandon the Summit activities.
>>> Summits should be key to OWASP's DNA since that is where we should
>>> regularly meet to work hard, collaborate, present recent developments and
>>> create action plans.
>>> Inside my post I presented a really interesting concept of what a
>>> 'Summit Proposal' should look like.
>>> That is how (in my view) successful Summits are set-up and executed
>>> (that is what I tried to do the last two Summits), so please let's make
>>> another summit happen :)
>>> Dinis Cruz
>>> On 5 Apr 2012, at 23:59, Jim Manico < <jim.manico at owasp.org>
>>> jim.manico at owasp.org> wrote:
>>>  The Open Web Application Security Project (OWASP) is a 501(c)(3)
>>> not-for-profit worldwide charitable organization focused on improving the
>>> security of application software. Our mission is to make application
>>> security visible, <https://www.owasp.org/index.php/Category:OWASP_Video> so
>>> that people and organizations can make informed decisions<https://www.owasp.org/index.php/Industry:Citations> about
>>> true application security risks. Everyone is free to participate in OWASP
>>> and *all of our materials* are available under a free and open software
>>> license.
>>> How do summits directly serve the mission?
>>> We need to get the word out and get outside the inner-circle of OWASP.
>>> The summits are a very closed/private party. I think we could spends
>>> those funds better.
>>> Now, if you want to party on a boat or resort and talk AppSec then go
>>> for it and I may join you. But please do not ask OWASP for funds to do it.
>>> Now smaller focused summits that are project driven? Awesome. Less
>>> expensive venues? Awesome.
>>> Funding projects? Awesome.
>>> My 2 cents,
>>> --
>>> Jim Manico
>>> (808) 652-3805
>>> On Apr 5, 2012, at 5:18 PM, Mauro Flores < <mauro.flores at owasp.org>
>>> mauro.flores at owasp.org> wrote:
>>> I agree. The last meeting was awesome, we could see each other faces,
>>> now better and talk about how we can make things better in OWASP. We should
>>> find a way to make the summit... Can someone explain a little better the
>>> reasons why this decision was taken?
>>> regards, Mauro Flores
>>> El jue, 05-04-2012 a las 21:56 +0300, Konstantinos Papapanagiotou
>>> escribió:
>>> My 2 eurocents:
>>> I believe OWASP is all about people.
>>> The summit is a really important event for OWASP as it brings people
>>> together from all over the world for a specific cause. Actually the
>>> summit is what really got me going with OWASP.
>>> Re-assessing financial priorities sounds very good. Finding cheaper
>>> alternatives/venues/concepts for the summit also sounds good. Putting
>>> the summit on "indefinite hold" sounds like canceling it: not good.
>>> Kostas
>>> On Thu, Apr 5, 2012 at 9:45 PM, Thomas Brennan < <tomb at owasp.org>tomb at owasp.org> wrote:
>>> > FYI
>>> >
>>> >
>>> > Begin forwarded message:
>>> >
>>> > From: Mark Bristow < <mark.bristow at owasp.org>mark.bristow at owasp.org>
>>> > Date: April 5, 2012 2:41:30 PM EDT
>>> > To: OWASP Summit 2013 < <owasp-summit-2013 at owasp.org>owasp-summit-2013 at owasp.org>
>>> > Cc: global_conference_committee
>>> > < <global_conference_committee at lists.owasp.org>global_conference_committee at lists.owasp.org>, OWASP Foundation Board List
>>> > < <owasp-board at lists.owasp.org>owasp-board at lists.owasp.org>
>>> > Subject: Cancelation of the OWASP Summit 2013
>>> > Reply-To:  <owasp-summit-2013 at owasp.org>owasp-summit-2013 at owasp.org
>>> >
>>> > Team,
>>> >
>>> > It's with regret that I inform you that as of the board meeting today the
>>> > OWASP board has decided to put all plans for a summit on indefinite hold for
>>> > 2013.  They were careful to point out that this was not a reflection on this
>>> > team or our decisions but rather a decision to re-prioritize OWASP resources
>>> > and re-evaluate OWASP's conducting of Summits as a general activity.  As a
>>> > result planning for the summit is on indefinite hold until the board can
>>> > asses if they are appropriate activities for OWASP to conduct.
>>> >
>>> > I want to thank all of you for your volunteerism and excitement around the
>>> > 2013 Summit planning.  I thought that we were gearing up to have a
>>> > spectacular and unique event however as OWASP grows it's important that we
>>> > re-asses our priorities.
>>> >
>>> > Regards,
>>> >
>>> > --
>>> > Mark Bristow
>>> > (703) 596-5175
>>> >  <mark.bristow at owasp.org>mark.bristow at owasp.org
>>> >
>>> > OWASP Global Conferences Committee Chair -  <http://is.gd/5MTvF>http://is.gd/5MTvF
>>> > OWASP DC Chapter Co-Chair -  <http://is.gd/5MTwu>http://is.gd/5MTwu
>>> > AppSec DC Organizer -  <https://www.appsecdc.org>https://www.appsecdc.org
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google Groups
>>> > "OWASP Summit 2013" group.
>>> > To post to this group, send email to  <owasp-summit-2013 at owasp.org>owasp-summit-2013 at owasp.org.
>>> > To unsubscribe from this group, send email to
>>> >  <owasp-summit-2013+unsubscribe at owasp.org>owasp-summit-2013+unsubscribe at owasp.org.
>>> > For more options, visit this group at
>>> >  <http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en>http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Summit 2013" group.
>> To post to this group, send email to owasp-summit-2013 at owasp.org.
>> To unsubscribe from this group, send email to
>> owasp-summit-2013+unsubscribe at owasp.org.
>> For more options, visit this group at
>> http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
>  --
> You received this message because you are subscribed to the Google Groups
> "OWASP Summit 2013" group.
> To post to this group, send email to owasp-summit-2013 at owasp.org.
> To unsubscribe from this group, send email to
> owasp-summit-2013+unsubscribe at owasp.org.
> For more options, visit this group at
> http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To post to this group, send email to owasp-summit-2013 at owasp.org.
To unsubscribe from this group, send email to owasp-summit-2013+unsubscribe at owasp.org.
For more options, visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20120409/bcdb055d/attachment-0001.html>

More information about the Owasp-summit-2013 mailing list