OWASP Dinner Defcon Blackhat 2007

OWASP Dinner Defcon Blackhat 2007

Notes by Tom

OWASP Dinner Defcon Blackhat 2007
Date 5-Aug-2007

Tonight was the OWASP dinner that took place in las vegas after the DefCon event at the Star Trek Experince/Hilton. With 18 persons in attendance including Dinis Cruz, RSnake, Joe Bernik, Yiannis, Daniel Herrera, David Byrne, Nathan Keltner, Mike Jones, Chris, Tory Silvers, Ted Amor and many others that slip my mind by name at this min (sorry guys...) Yea... Its 5am and lots of red bull to blame :) and the craps table just went cold. Plus details from Blackhat, Shadowbar event.

So I wanted to recap several noted items as a result of the dinner:

Notes

Ok so this is the OWASP Top 10 kinda...

1. OWASP/Members should request a panel at such events Defcon/Blackhat/Shmoocon/Cansec/EUSecWest/UNCon/CCC etc... And at panel present OWASP as a member of on projects such as Top Ten / Testing Guide / Jbrofuzz / Labrat etc... Etc...

Why: Ongoing education and awareness - we actually took a random survey of 50 persons and of such at Blackhat Defcon question was "Do you know what OWASP is?" and the result was 42 huh / 8 yes that knew what it was (3) of them goverment

Dinis suggested that all persons who want to be on the "OWASP Panel" at future events simply add yourself to the wiki as there are funds to offset travel to such when resources are perhaps not local

2. Local Chapters - worldwide we have many local chapters and as we can see from the upcoming Global Security Week (GSW) active chapters have arranged a meeting during that week and are now posted on the OWASP GSW page - 15 chapters thus far and we hope ALL of you will step up and unify (kinda reminds me of Independance Day when they had a global effort to shoot down the aliens.... Well Area 51 is nearby <grin>

3. Clear Mission - it was discussed many times to have increase the awareness of the global mission (short term goals and longer term goals) and suggested to publish this clearly on its own page for chapter leads to work on locally and globally.

4. Funding - its was discussed that membership to OWASP should be more than a "I'm on the mailing list" a membership drive should provide a "welcome package" and Dinis asked Yiannis to lead this effort. (Shirt, Annual Membership Card, Name listed on member in good standing page and local chapter association) Today there is a way to become a individual/corporate member however you submit money and..... That's it (so why join today)

5. OWASP Foundation - As a US Based 501(3)c non-profit, it is required to file tax returns with the US Goverment with that said this is "OPEN" information just like everything else with OWASP. It was suggested that 2006 and all annual reports moving into the future are .PDF and available by inspection by all members so money in, money out and money in reserve is stated.

6. Local Chapters - Jeff discussed at Blackhat (he was not at the dinner) with Dinis and myself at the kickoff of the OWASP party that took place at the shadowbar during Blackhat (we had 300+ persons attend this event - THANK YOU BREACH and everyone who helped out with it) the desire to improve the "money model" with local chapters getting OWASP points with a cash value for local chapter expences etc. Example chapter A brings in 10 corporate memberships at 10k each (100k) and 100 paid members at $100 (1k) then that local chapter would be able to purchase with points (percentage to be determined) items (example: projectors, letter head, gift cards, banners, etc.. Anything they need based on the efforts of the chapter.

Also if you start up a chapter you should get a chapter welcome kit (banner, owasp shirts for the leaders/board members and a "deposit" into your chapters points account to get you started

7. Projects - there are lots of wants in the form of projects and with the next round of funding coming up for code projects, check out the page for details. Project leads want update on payments for projects in proce$$

8. OWASP Event - eBay, Cali Dinis updated everyone on the commitment from EBAY to host a upcoming worldwide event - he also had a reqest for bandmembers :). As some may be aware Dinis is a drummer and he wants to put together the OWASP band for this event and rent out a bar/club for entertainment and jam with who ever wants to be in it..... Guess the song list will be like 1. Java Java Java baby 2. DotNet Love 3. Wilma Wiki 4. ID40 and more..... I suggested for the shooters in the group to block time at the gun range (lots of fun at The Gun Store, LV) but with california gun laws.... That is another Org/mailinglist

9. Ideas suggestions - a suggestion was to use a PR firm to get out press releases on completed projects once they are completed. This would include a PR Newswire submission and other related tasks.

Number 10 -- Wow day light... Hmmm maybe its time to go back to the craps tabe for a change of luck (6:00am now)

10. Chapter leader meetings. Mailing lists are good and emails with notes about items good but there is no replacement for face-time with peers. At future events what ever they maybe (Defcon/Blackhat/Shmoocon/Cansec/EUSecWest/UNCon/CCC etc...) Since there will be a panel, let's have a chapter leader exclusive dinner to thank the leaders for hard work, communicate chapter info and better collobrate. It was also suggested that OWASP dinners such as this one for 18 people w/$600 bills should be an approved "expence" (it is a write off) not divided by the 18 people - logic stated was if OWASP can give away 100k+ in code projects they can pick up a dinner bill.

Actions

1) tbd