This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

How to Host an OWASP Projects Event Module

From OWASP
Jump to: navigation, search


CONGRATULATIONS! YOU'RE GOING TO HOST AN OWASP PROJECTS EVENT MODULE!

The purpose of these guidelines is to give our conference and event planners a general idea of how to plan, prepare, and deliver an OWASP Projects Event Module at any given OWASP event. While it is almost impossible to cover every aspect of planning, we think we have put together a fairly comprehensive series of recommendations. Planning the event itself is very hard work that takes dedication, great time management, and a great team. It can also be a very rewarding experience for all those involved. The following tabs focus on event modules dedicated to our Open Source OWASP Projects. We have developed different activities that engage our OWASP Project Leaders, and help spread the word on the amazing work done by your fellow community members. These event modules are optional activities that can be added to your conference or event. I recommend familiarising yourself with the different types of modules so you can get a better idea of what our OWASP Project Leaders can offer your attendees. If you have questions about planning the overall conference, we recommend referring to the main conference pages.


Questions?

Contact the OWASP Staff

Event Definitions

All OWASP events will fall into one of the following categories. If you are unsure as to what types of event you would like to plan contact us and for further clarification or to help define the scope of your event. Please also note that various types of events have some requirements set for them, see the policies/requirements tab for details

OWASP Global AppSec Conference

These conferences are the flagship of the OWASP outreach effort. This will be an international conference sponsored by OWASP and approved by the OWASP Staff along with a small group of community event reviewers. AppSec Conferences include multiple days of multi-track plenary sessions in addition to pre-conference training offerings. AppSec Conferences, schedules, and trainings must be reviewed by the OWASP Staff and will receive the full support of the OWASP Foundation. In any calendar year, there will be no more than 4 AppSec Conferences of this size. Locations will be determined the prior year and planning must begin at a minimum of 12 months in advance. The talent and services of volunteers are crucial to OWASP AppSec Conference success. That is the reason why it is important to establish standards and guidelines for volunteer so that both the volunteer and OWASP staff understand the parameters of the relationship up front. Volunteers that cancel at the last minute and produce limited results encumber OWASP mission, costing it money and preventing it from fulfilling its fundraising goals. A reliable volunteer with a strong work ethic can go a long way towards helping OWASP meet its goals. Before getting the approval to organize an OWASP AppSec Conference the Conference Organizers should: First, make a personal commitment to be there for OWASP. And second, read and fill out and sign the volunteer agreement.


OWASP Regional/Theme Conference

Regional/Theme conferences typically have lower attendance than AppSec conferences and typically include multiple days of single track plenary sessions. Training may or may not be offered at the discretion of the regional conference planning team. Regional conferences are not subject to the same rigor as AppSec conferences in terms of planning and only require the local planning team enter the event into the OWASP Conference Management System for review and approval by OWASP Staff and a small group of community reviewers. Regional conferences are encouraged to have a unique theme (development, Research, PHP, Government, Browsers...) to help differentiate them, although this is not required. Regional teams are free to brand their conference as they wish, as long as the OWASP affiliation is maintained, with the exception of the moniker "OWASP Global AppSec" which is reserved only for Global AppSec conferences.

OWASP Local Event

Events are typically single day or "OWASP Day" type events that are generally local in nature. Events typically have only one track and span anywhere from a half to a full day. Planning for these events is at the sole discretion of the event team and may be branded in any manner so long as the OWASP affiliation is maintained. In general, significant OWASP Foundation support will not be available for these events.

Project Summit

The purpose of our Project Summits is to focus dedicated time on collaboration & innovation of specific technical topics to help improve the quality and usefulness of our OWASP project tools. A Project Summit may be a standalone event or co-located with our Global AppSec conferences. Project Summits are classified as local or regional events and are eligible for the same level of support.

Partner/Promotional/Co-Marketing Events

Partner events are events of any type where OWASP partners with another non-profit organization to co-host an event. These events sometimes require close examination as the terms of the partnering agreement need to be reviewed to ensure OWASP integrity and reduce liability. These events also frequently will require both OWASP Staff and community review and may take many forms.

Many of our partnership & co-marketing agreements have the same standard deliverables, which may include but are not limited to:

  • Include the event under our Partner & Promotional section
  • Include the event in our monthly Connector up until the conclusion of the event
  • One (1) dedicated email invitation to the chapter leaders within the region of the event, asking them share the details and discounts with their community and chapter members. Email to be provided to OWASP for review/release by the partnering organization. Each chapter is run independently, so it is up to each chapter leaders discretion to promote the event.
  • Logo posted on our Supporting Partners page
  • Social Media - usually no more than 1x a month up until the start of the event.



Promotional Events are where OWASP has paid or in-kind sponsorship in a conference that is hosted by another organization. This sponsorship may take the shape of a booth, hosted competition, lanyards, bags, fliers and other promotional items and may or may not be a strictly financial transaction. These events require additional scrutiny as OWASP has a very limited marketing budget, however it is important for community members to have the support to "get the word out" at other events. These events will often provide OWASP with conference passes that can be distributed to volunteers who agree to represent OWASP at the OWASP booth.

Projects Module Types

Open Source Showcase
OSS.jpg The Open Source Showcase (OSS) is an event module that takes open source projects, and gives project leaders or contributors an opportunity to showcase their work in a demo type of environment. It is an event module where open source project leaders have an opportunity to demo their projects, and speak to attendees about what their project is about. There are usually 4 time slots available, and several projects can demo during one time slot depending on the space available. The local event organisers must provide tables, monitors, cables, etc.

The Open Source Showcase is open to any project - not just OWASP projects. The only requirement is that the project must be licensed under an approved Open Source License. The local event organisers must provide all OSS participants with a free full conference ticket as all showcase participants are expected to be ticketed conference attendees.


OWASP Projects Track
Project Track.jpg The OWASP Projects Track (OPT) gives OWASP project leaders the opportunity to speak about their project in a speaker type of format. Selected project leaders are expected to prepare their slide decks and present their project for 30-50 minutes during their designated time slot at the conference. The OPT event module is open to OWASP Projects only. The only two requirement are that the project must be licensed under an approved Open Source License, and the project must be a part of the OWASP Projects Infrastructure. The local event organisers must provide all OPT participants with a free full conference ticket as all OPT participants are expected to be ticketed conference attendees.


OWASP Project Leader Workshop
Project Leader Workshop.jpg The Project Leader Workshop is a one to three hour event module that brings together current and potential OWASP project leaders to discuss project related issues and topics. The Project Leader Workshop is an optional event module for our leaders that takes on a presentation, discussion, and workshop format. It is an interactive tool used to bring together project leaders from across the globe to share valuable insights and recommendations to their fellow members.



OWASP Project Summit
Project Summit.jpg The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This event module gives our project leaders the opportunity to showcase their project progress, and have attendees sit down and work on project tasks during the event. It is an excellent opportunity to engage the event attendees, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.


Planning

Each event module requires a different planning timeline, and different planning activities. Some require more volunteer staff to run, while others require minimal planning from the local event planning team. Below is a brief outline of the activities required to successfully plan each event module.

Open Source Showcase

The Open Source Showcase (OSS) requires quite a bit of pre-planning. The local event planners have to allocate a room, or space in a room, to set up tables where each project will be demoed during the conference days. Typically, there are a handful of demos running at the same time in a room for the OSS. The number of demos running during a particular shift depends on the room capacity, and the amount of applicants received during the call for entries. Below is an example of how shifts and demos are typically broken down for the OSS.

Conference Day 1

Shift 1: 9AM - 1PM

  • Demo Project 1
  • Demo Project 2
  • Demo Project 3

Shift 2: 2PM - 6PM

  • Demo Project 4
  • Demo Project 5
  • Demo Project 6

Note: All projects found underneath each shift all demo at the same time on different tables. Local event planners should provide each project a table, a monitor, internet access, cables, and power outlet accessibility.

OWASP Projects Track

The OWASP Project Track (OPT) is an event module that takes the form of a series of talks that is open to OWASP Project Leaders only. It requires less planning than the OSS on the day of, but there are still logistics that need to be taken into account if you are to have this module at your event. The planning for this event starts off with a call for entries as you would with any other talk or training. You must then promote the event module as much as possible to ensure you have quality applicants. Once you have a good amount of applicants from our OWASP Project Leader pool, you can start selecting your participants for the OPT.

The OPT is meant to take place during either one or two conference days. This depends on the organization and availability of your unique event. On the day of the activity, you must ensure that each speaker has an allocated time slot to talk about their project, 2-3 water bottles, and IT support to help with any technical difficulties that may arise during the talk.

OWASP Project Leader Workshop

The OWASP Project Leader Workshop is a one to three hour module that brings Leaders together to discuss project related topics. The amount of time the workshop lasts depends on the requirements of the local event planners. There is a standard workshop that is given by the OWASP Projects Manager, and you are more thank welcome to reach out to her if you would like her to give the workshop at your event. The typical outline of the standard workshop involves a short talk about OWASP Project Operations, a series of activities, and discussion time. For any questions, direct them either to our contact form or email OWASP Support.

OWASP Project Summit

The OWASP Project Summit requires the most planning out of all of the project related event modules. The Project Summit gives project leaders an opportunity to showcase their project, and encourage event attendees to sit down and help work on project milestones. The OWASP Projects selected to participate in the Summit depends on the local event planner's space availability, budget, and project relevance. It is at the local event planner's discretion what OWASP Projects get selected to participate in the Summit.

Planning usually revolves around the coordination of travel arrangements for each OWASP Project Leader selected to participate in the Summit, and allocating a space for them to work without too many distractions during conference days. Local event planners can either use a Call for Entries form, or hand select OWASP Projects to be involved in the Summit. However, it is the responsibility of the local event planners to reach out to project leaders if OWASP Projects are hand selected to participate in this module.

Roles and Responsibilities

OWASP Staff

The OWASP Staff is available to help with any and all questions you have regarding the planning and execution of your event. OWASP Staff can also help provide historical conference/event information. OWASP Staff must be involved for handling contracts and finances related to your event. Volunteers should not be signing or entering into any contract on behalf of the foundation. Volunteers also should not be collecting funds on behalf of the Foundation without pre-approval from the OWASP Staff.

Contact the OWASP Staff with any questions related to their role in planning your event.

Local Event Planners

The local event planners are the individuals ultimately responsible for the successful planning, implementation, and execution of the event module. As these event activities are optional, the local event planners have to assess whether they have the necessary resources available to successfully plan one of these activities. Local planners can choose to delegate the project management of each activity to a volunteer, but it is ultimately up to them to make sure the event module is executed successfully. Local planners must also make sure that the OWASP brand is represented appropriately.

Event Module Coordinator

The local event planners might choose to appoint a volunteer Event Module Coordinator or an Event Activity Coordinator. These volunteers can be made responsible for the planning of the event module on behalf of the Local Event Planners. The volunteer will be responsible for the end to end project planning and management of the module for the event.

Event Module Volunteers

Event Module Volunteers are individuals made responsible for a particular role on the day of the event. They are to be given roles and responsibilities by the Event Module Coordinator, and are to report to this role with any questions, issues, or concerns. These volunteers are generally not involved in the pre-planning of the event modules.

OWASP Resources

Please remember that the foundation does have personnel who can help with the project event module planning. Please direct your questions to either the Contact Form or email OWASP Support.


Content

It is absolutely imperative that all content presented in any one of these event modules is both Open Source Project related, and completely vendor neutral. It is absolutely unacceptable to have company sales pitches or commercial product talks as either all or part of any presentation given at one of our project event modules. If a local event planner find that a project event module participate has commercial sales or product pitches during a module activity, that presenter must be asked to stop. If he/she does not comply, then they must be asked to cease their presentation, and a report of the incident must be sent to the OWASP Projects Manager.

To avoid situations like these, we encourage you to ask for a copy of all speaker presentations prior to the event. This will help flag any unacceptable content, and will help minimise any possible violation of foundation policy during the event.


Call for Entries

The only project event modules that require a Call for Entries process are the Open Source Showcase and the OWASP Projects Track. It is recommended that the local event planners finalize the application form, and selection criteria before promotion efforts begin. This will help minimize a rush to agree on selection criteria for the event module. Below you will find 2 sample Call for Entries forms. Please feel free to create a copy of these forms and use them for your Call for Entries activity.

Sample Call for Entries for the Open Source Showcase

Sample Call for Entries for the OWASP Project Track

Note: Local event planners can choose to have a Call for Entries for the Project Summit. It is at the discretion of the local planners if they wish to select their project participants in this way.


Promotion

There are many different ways you can promote your event module within and outside of the OWASP community. Promotion initiatives are always at the discretion of the local event planners. We encourage local event planners to seek out marketing channels that are both appropriate, and effective for the country and region of the event location. If you wish to seek promotional assistance from the Foundation, please contact Samantha Groves, OWASP Projects Manager, for more information on how to spread the message on our foundation marketing channels.

As a rule, we recommend you communicate your call for entries, and your intent to host a projects event module on several different social media websites. Please reach out to us for more information on how to post your announcements on these sites on behalf of the foundation by either using the Contact Form or OWASP Support.


Travel and Accommodation

There is typically very limited funding for participants of our OWASP Projects event modules. The foundation usually sets aside $3,000.00 USD to cover travel and accommodation expenses for project event modules taking place at our Global AppSec Conferences. Our Global AppSec Conferences are the following: AppSec USA, AppSec Apac, and AppSec EU. These funds are set aside for project event module participants that are in need of travel an accommodation assistance to attend and participate in the event module. Preference is given to those participants that are within the region of the event. For example, if a project leader from Tokyo, Japan needs travel assistance to attend the AppSec Apac conference, then she will be given preference over a project leader wanting to attend the same conference coming from London, UK. Please reach out to us for support either through the Contact Form or OWASP Support.


Policies and Requirements

These are the requirements imposed on any event using the OWASP brand. All Events must be coordinated with the Foundation and receive pre-approval. Event requests should be submitted via the OWASP Conference Management System (OCMS) Portal.


If you have questions or require an exception to any of these please contact the OWASP Staff.


Policy Applicability
All content must be vendor neutral All Events - Core Value
All content must be made available to the public after the conference All Events - Core Value
All calls for papers, training and registration must be open and promoted to the public All Events - Core Value
Selecting Committee Members (Training or Papers) must not submit All Events
Use the conference website/wikipage to submit papers. It must supports blind paper submissions. All Events
All events must be conducted in a manner consistent with the OWASP Mission, Principles and Code of Ethics All Events - Core Value
OWASP Event Definitions All Events
OWASP Event Requirements All Events
Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. Policy Document
  • Global AppSec Conference - 10% of event profits up to Profit Goal set in annual Foundation Budget ($10,000 for multi-chapter events), 40 % of event profits in excess of Profit Goal. No profit cap.
  • Local and Regional Events - 90% of event profits. No profit cap.
All Events
All OWASP Events must be coordinated with OWASP Foundation Staff by submitting an events description via OCMS. An approval that the event will be posted on the OWASP Wiki and Event announcement webpage will be sent from the OCMS input. Any request for funding support must follow normal funding request procedures separate from the OCMS submission. All Events
Events must have an OWASP Wiki Page, or a webpage showing the OWASP logo and be linked to the OWASP wiki Events Pages All Events
Only OWASP Board members or their designates may enter into contracts on behalf of the foundation All Events
All finances must be handled by the OWASP Foundation All Events
Complimentary conference admissions are provided to speakers, volunteers, staff, Global Board members and active OWASP Leaders.

A “Leader” is defined as a chapter or project leader that is clearly identified on the chapter or project wiki page AND has been documented as a leader in the Foundation’s records. If a leader registers for a conference complimentary ticket but does not appear for the conference, the chapter will be charged 60% of the retail cost of a conference ticket.

All Events
OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee. All Events
A complete budget must be submitted if the event requires any funds from the OWASP Foundation and funding requests will be reviewed and approved by OWASP Executive Director. Please submit a requests via our Contact Us link on the OWASP Wiki homepage. Regional/Theme Conferences
An OWASP leader should be invited to provide welcome and state of the union. All Events
Global AppSec Conferences must include training Global AppSec Conferences
Global AppSec Conferences must charge an admission fee Global AppSec Conferences
Sessions must be recorded and posted to the public after the conference Global AppSec Conferences
There must be at least one networking event at the conference Global AppSec Conferences
All Training providers are required to sign a Training Instructor Agreement Training
Training revenue will be split 60/40 (OWASP/Training Provider) Training
Each training class allows for two complimentary seats to be made available to OWASP Leaders. This must be included in the Training Instructor Agreement. These are available on a first come basis. Only one training seat per session is allowed per chapter to allow for diversity in distribution of seats.

If a leader registers for a complimentary training seat but does not attend the full training session the chapter will be charged 60% of the retail cost of the training session and the leader will not be given a complimentary ticket (conference or training sessions) for any other Global AppSec events in the following year.

Training
Speakers must sign a Speaker Agreement Speakers
Speakers will not receive compensation for their speaking engagement Speakers
Event organizers must reach out to the WIA program to assist with the program committee and to help find suitable keynote and invited speakers. Global AppSec Conferences & Regional Events
Event organizers must send an open call for participation for volunteers, papers committee. Global AppSec Conferences & Regional Events
Event organizers should encourage all training and CFP proposals to go through the “Talk bootcamp” process. Global AppSec Conferences & Regional Events
WIA initiative should lead a search for women keynotes, featured, panel speakers. Global AppSec Conferences & Regional Events
Event organizers and WIA initiative should reach out to women speaker lists to encourage training proposals and speakers to submit through the normal CFP process. If there is to be a women in AppSec panels to be organized, the WIA initiative must be involved and feature predominantly women panelists. Global AppSec Conferences & Regional Events
These aren’t quotas, but a goal. Global events organizers are free to exceed these metrics. 
*At least 10% of the program committee must be women, and must include the WIA initiative members
*At least 50% of keynotes and featured speakers must be women
*At least 25% of panel participants must be women. If there are no women participants, the panel should be cancelled. 
*At least 10% of talks must be women

If these metrics cannot be reached, the organizing committee should reach out to the Conference Manager for assistance, and must apply for an exception if they can’t be reached after all avenues have been exhausted.

Global AppSec Conferences
These aren’t quotas, but an aspiration goal for regional events. Organizers are free to exceed these metrics. 
*At least one of the program / papers committee must be a woman, and should include the WIA initiative members
*At least one of keynotes, featured and invited speakers must be a woman
*At least 25% of panel participants should be women. If a panel has no women participants, it should be cancelled
*At least 10% of talks chosen should be women speakers
Regional Events


Retrieved from "https://wiki.owasp.org/index.php?title=How_to_Host_an_OWASP_Projects_Event_Module&oldid=155296"