OWASP EU Summit 2008 - updates


 * From: Paulo Coimbra/OWASP Project Manager
 * Date: September 9, 2008
 * To: OWASP ALL
 * Subject: OWASP EU Summit Portugal 2008 - Update.

Hello everyone,

I hope you are well.

Here I am again, taking your time, to give you up-to-date information regarding the OWASP EU Summit Portugal 2008. I hope you appreciate it as we are working to have as many of you as possible attending the event and we are very thrilled with the idea of setting up a big all OWASP gathering event. 'COME HELP MAKE A CHANGE IN GLOBAL APPLICATION SECURITY' is our challenge for you all.

We are still shaping the event wiki page but it was already agreed to hold a four-day OWASP gathering to discuss OWASP strategic issues and present all OWASP relevant projects. This first OWASP Summit will take place in Algarve (Faro is the nearest airport), Portugal, in the well-equipped seaside Hotel Santa Eulália, between the 4th and the 7th of November 2008.

In the first two days, the event will have the format of Working Sessions to openly discuss and decide on several OWASP projects and issues, e.g., OWASP Strategic Planning, OWASP Top 10 2009, OWASP Winter Of Code 2009, EASPI Project, OWASP Code Review Version 2, OWASP Testing Guide Version 4, OWASP Application Security Desk Reference (ASDR), OWASP Certifications, OWASP Awards, OWASP Website and much more as you can see here. Of course, we count on you to join the discussion and contribute to the final decisions.

As announced before, the remaining period of two days will consist of a two-day conference, where more than 40 OWASP specific presentations will be held. Again, we most definitely count on you to present your project.

The cost of the Summit will be a fix price of 500 Euros for the 4 days to attend both working groups and conference. As soon as possible, we will send you a follow-on email with details about the accommodation options, the training courses available and the Summit sponsorship opportunities.

As mentioned before, OWASP will be sponsoring 100+ OWASP Project Leaders, Reviewers and Contributors with their travel and accommodation expenses.

''[You might not be interested in the remaining of this email as it contains updated information for the OWASP universe that is eligible for travel and accommodation support.] '' As was said before, to be considered a relevant OWASP participant, and, consequently, to qualify to have the Summit attendance expenses partially paid, you must belong to one, or more, of the following categories:


 * 1) OWASP Summer of Code 2008 project leaders & reviewers,
 * 2) OWASP Summer of Code 2008 special project contributors,
 * 3) OWASP Spring of Code 2007 project leaders & reviewers,
 * 4) OWASP Autumn of Code 2006 project leaders & reviewers,
 * 5) Active Project Leaders (not currently participating on SoC 08),
 * 6) Active Chapter Leaders,
 * 7) Member with significant past OWASP Contribution.

The OWASP Summer of Code 2008 leaders, reviewers and contributors have also a specific set of rules to abide by. These rules can be seen here.

Regarding the category 2, up to ten project contributors will be chosen by OWASP Board having into consideration the supported and detailed proposals made by the SoC's projects authors.

In addition, regarding the categories between 3 and 4, we will consider relevant OWASP participant only those who have timely delivered their projects or have timely performed their reviews.

Regarding the category 5, we will consider relevant OWASP participant only those with projects in activity and the OWASP Board will judge that by checking if any significant update on the project page was done in the last six months.

Regarding the category 6, we will consider relevant OWASP participant only those with chapters in activity and the OWASP Board will judge that by checking if any significant activity was done in the last six months.

The last category, the seventh one, was deliberately created to assure that nobody with relevant past OWASP contributions will be excluded. As this judgement will be necessarily subjective and casuistic, it will be OWASP Board's responsibility. However, you can present your application.

In what respects to the level of expenses that will be paid, the following rules have been established:


 * 1) With the exceptions below, all accommodation and meal expenses, during all the four days, will be paid.
 * 2) As we are still seeking out for financial sponsorship support, until further notice, none of the dinners will be paid.
 * 3) The meals consist of a pre-negotiated menu and only this one will be paid.
 * 4) The accommodation will consist in a place in a shared T1 (3 people) or T2 (5 people) apartment. Therefore, even though one can choose an individual room, OWASP will pay only for the cost associated with a shared stay.  At the cost of +/- 60 Euros per night, there is the option to stay in an individual room (or in a double-room, in the cases where the partner - wife / husband - is also present).
 * 5) Please note that the nights of 3 and 7 of Nov will be included in the paid accommodation for those of you attending the whole event.
 * 6) Regarding the flight expenses, OWASP will pay a maximum of 900 US dollars to all non-European attendees and 500 US dollars to the European ones.
 * 7) The operational model to book accommodations and flights is not finished yet but, as soon as possible, more details will be given.

On the whole, if you accept our challenge to be at the OWASP EU Summit 2008 to present your project and engage the discussion at one, or more, Working Sessions and if you qualify to have your expenses partially paid, please add your name right here. Please do not forget to add the name of your city/airport of departure.

Please make note that to qualify to have the Summit attendance expenses partially paid, the intention of attending the Summit must be stated imperiously until September 15 by filling in the link above referred.

Nevertheless, although we start with a good budget to cover expenses (150,000 USD), it will not be enough to cover the current projected number of OWASP participants. Therefore, if you can convince your company to pay for some or all of your expenses please do so and, on the other flip of the coin, we can advertise its logo at the conference materials - more details about sponsorship opportunities will be sent later on.

To conclude, I will be here if you need further assistance, however, as I am releasing all the information and details already stabilized, the best way to keep yourself up to date and informed about the event is to visit regularly its wiki page.

Keep up the good work - I am looking forward to seeing you in Portugal!

Many thanks, best regards,

Paulo Coimbra,

OWASP Foundation Project Manager

OWASP AppSec NYC 2008 is coming... are you ready?

August 24, 2008
Hi OWASP community,

I hope you are well.

As you all know, we have announced before the organization of a conference in Portugal 100% dedicated to OWASP – the OWASP EU Summit 2008. We are planning to make it a big, productive and interesting OWASP gathering, also with many non-OWASP attendees and external relevant speakers. Beyond the software security relevant questions addressed by selected industry representatives, the idea is to discuss the open source answer to those issues by presenting all the most relevant work done within the OWASP context. We will also take the opportunity to discuss the OWASP strategic positioning for 2009. We are on our way to finish all the details concerning the venue – it’s likely that it will happen in Portugal, Algarve. We are counting on having this question totally solved within the next week. We also have begun the process of selecting the OWASP member attendees/speakers and, if you are a relevant OWASP participant, we are inviting you as well. To be considered a relevant OWASP participant you must belong to one, or more, of the following categories:


 * 1) OWASP Summer of Code 2008 project leaders & reviewers,
 * 2) OWASP Summer of Code 2008 special project contributors,
 * 3) OWASP Spring of Code 2007 project leaders & reviewers,
 * 4) OWASP Autumn of Code 2006 project leaders & reviewers,
 * 5) Active Project Leaders (not currently participating on SoC 08),
 * 6) Active Chapter Leaders,
 * 7) Member with significant past OWASP Contribution.

In addition, regarding the categories between 1, 3 and 4, we will consider relevant OWASP participant only those who have timely delivered their projects or have timely performed their reviews.

Regarding the category 2, up to ten project contributors will be chosen by OWASP Board having into consideration the supported and detailed proposals made by the SoC’s projects authors.

Regarding the category 5, we will consider relevant OWASP participant only those with projects in activity and the OWASP Board will judge that by checking if any significant update on the project page was done in the last six months.

Regarding the category 6, we will consider relevant OWASP participant only those with chapters in activity and the OWASP Board will judge that by checking if any significant activity was done in the last six months.

The last category, the seventh one, was deliberately created to assure that nobody with relevant past OWASP contributions will be excluded. As this judgement will be necessarily subjective and casuistic, it will be OWASP Board’s responsibility. However, you can present your application. * Hence, to those of you that fit the criteria, are planning to attend the conference and haven’t said so yet, I ask to fill in here''' as soon as possible. To the others, I ask to go to the same wiki page and add the name of the city/airport of departure.'''

In terms of financial support, our goal is to cover as much of the flight and accommodation expenses as possible but we are not sure still about what eventually it will mean, as it will depend on how many attendees we will have.

Although we start with a good budget to cover expenses (150,000 USD), it will not be enough to cover the current projected number of OWASP participants (200 people). Therefore, if you can convince your company to pay for some or all of your expenses please do so and, on the other flip of the coin, we can advertise its logo at the conference materials - more details about sponsorship opportunities will be sent later on.

Fell free to contact me, or the [mailto:owasp-summit-europe-2008@lists.owasp.org OWASP EU Summit 2008 Team], if you have questions about this conference, but please beware that I will be out of office until next Thursday as I will be in Lisbon and Algarve with Dinis Cruz to try to sort out all the venue details.

Many thanks, best regards,

Paulo Coimbra, OWASP Foundation Project Manager

'''* From: Dinis Cruz/OWASP Board Member
 * Date: July 2, 2008
 * To: OWASP Leaders'''
 * Subject: [Owasp-leaders] OWASP EU Summit 2008 ,please register if you can make it (4-7 November 2008 in Portugal)
 * Hello, as you probably have heard by now, we are going to organize a conference in Portugal 100% dedicated to OWASP.
 * The idea is to get us (OWASP participants) together in the same place in order to:
 * 1) present your (project & chapter leader) great work and
 * 2) answer the questions: 'what is happening at OWASP?', 'How can OWASP help?' and 'What should OWASP focus in 2009?'


 * The idea was originated from the amazing group that embarked on the current OWASP Summer of Code 2008 initiative! Not only we have a vibrant number of participants (31), we also have a excellent number of reviewers (~70). See http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Projects_Authors_Status_Target_and_Reviewers


 * Me (Dinis Cruz) and Paulo Coimbra are the crazy ones that will try to make all of this happen. We have started to put some ideas here: https://www.owasp.org/index.php/OWASP_EU_Summit_2008, but please note that these are still early days, and there is still quite a lot to decide. If you are able to help, or know somebody who is (we are going to have a couple extra invitations for helpers), please let us know asap with the area(s) you would like to be involved in.


 * VERY IMPORTANT: In order to know who (and how many) will go, we need you to do ASAP add YOUR NAME to the list of participants . As always we will do this via the wiki, so go ahead and deface this page: https://www.owasp.org/index.php/OWASP_EU_Summit_2008#Participants.


 * The idea is to cover as much of your costs as possible.


 * In principle - for everybody that meet the invitation criteria (for example, the current SOC participants & Reviewers WILL NEED to successfully complete your objectives :)  )  - we will be aim to  cover 100 % of the accommodation expenses and a % of the transportation. And before you ask, no, the invitation criteria has not been finalized yet :)


 * The final number will depend of a lot of factors, but the current plan is to provide financial support to: all Seasons of Code participants and reviewers, significant & active Projects and Chapters leaders, significant past OWASP contributores and member of the summit organizing team (see https://www.owasp.org/index.php/OWASP_EU_Summit_2008#Participants).


 * Although we start with a good budget (150,000 USD) to cover expenses (i.e. venue, accommodation, transport & food), it will not be enough to cover the current projected number of OWASP participants (200 people). So if you can get your company to pay for some or all expenses (for example the flight), please do so (that will allow us to support somebody else that cannot get their expenses covered and doesn't match the invitation critia (which I note again, is still yet to be finalized))


 * We need to start sorting out the travel logistics as soon as possible, so if you can make those dates (and even if you are from a not very active project or chapter) please put ASAP your name in that list.
 * Fell free to contact Paulo (or me) if you have specific questions about this OWASP Summit,


 * Looking forward to see you all there :)

Dinis Cruz OWASP Board Member