[Owasp-topten] Lets do an OWASP Top 10 Summit before the end of the year
dave.wichers at aspectsecurity.com
Thu Nov 19 08:17:25 EST 2009
I think this is a great idea in principle, but is too quick/difficult to
pull off in the short time frame we have left.
I think we should plan for an event like this prior to releasing the
release candidate for the next update. In fact, way prior. So, if we are
going to release an update in 2013, we should have a summit like this in
like Jan/Feb of 2012. And the results of that can drive the update that
is produced during that year.
From: dinis cruz [mailto:dinis.cruz at owasp.org]
Sent: Wednesday, November 18, 2009 8:06 AM
To: Dave Wichers
Cc: Steven M. Christey; Ty Miller; owasp-topten at lists.owasp.org; OWASP
Foundation Board List; Global Projects Committee
Subject: Lets do an OWASP Top 10 Summit before the end of the year
The OWASP Top 10 threads have been great, but I feel that to really nail
this down, we need to get together in one physical (with virtual/remote
participation) to debate any pending issues & present new ideas.
So what about a 1 or 2 day "OWASP Top 10 Summit" where we work together
to complete this document?
Financially, I would say that the cost per person (for the guys that
need financial support) would be on average USD 1500 (to cover for
international flights) which would cover Flights, Accommodation and
Food. So for 10 guys to get together are wrap this up it would cost
15,000 USD (which is not that bad for a document like the OWASP Top 10)
Ideally we should find one or two sponsors for this. Think about it, 2
companies, each providing 15k USD each, and get 20 (or more) top
security consultants plus business users working together (for example
the PCI council should be there, so should representatives from active
OWASP Corporate Champions like GE). From a Marketing point of view,
being associated with this event shouldn't be that hard to justify .
The deliverable of this Summit would be simple and easy to measure: 'The
OWASP Top 10 - 2010 edition" ready for publishing and distribution
The location would depend on the possible participants. Washington DC is
a strong contestant due to Dave (& others) being there (I will lobby for
London :) ). Another option is to piggy back on one of the OWASP
conferences we still have until the end of the year (not sure what is
the schedule in 2010):
* December 2nd 2009 - BeNeLux Day
* December 10-11, 2009 - IBWAS (Spain and Portugal)
If it is too tight to make this happen in 2009, a Summit in early
January 2010 followed by a release of "OWASP Top 10 - 2010 Edition" by
31st January would also work well.
I'm happy to help making this event happen
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten