Chapter Leader Meeting AppSec Europe 2006

Chapter Leader Meeting AppSec Europe 2006

Meeting Minutes

Chapter Leader Meeting AppSec Europe 2006
Date 30-May-2006, 18h30-19h30 CET

Organized By Sebastien Deleersnyder, Belgium Chapter Lead

Present:
Lucien Fransman, The Netherlands chapter representation
Amit Klein, Israel chapter representation
Eoin Keary ,Ireland chapter Lead
Daniel Cuthbert ,London chapter Lead
Sebastien Deleersnyder, Belgium Chapter Lead
Andrew Van Der Stock, OWASP Director
Dinis Cruz, OWASP .Net Projects Lead

Agenda

• How to start and sustain a successful chapter?
• What does successful mean? Number of people subscribed to mailing lists? Number of people showing up at chapter meetings? Number of chapter meetings per year? ...
• How to organize your chapter? Do you work with a core group or do you do it alone? etc ...
• Do you locally affiliate with other InfoSec groups such as ISACA and ISSA?
• Can we think of a "starter package", identify "black" regions, and search for people who might be interested in doing this? ...
• How to revive "dead" chapters: do we make them "alive" again?
• Can we have some link to the OWASP leadership to get communication going between chapter leaders and OWASP leaders?
o Jeff: This is a really good idea. The OWASP leaders group doesn't have very regular communications and needs to be reorganized. That's something I need to get working on.
• Local OWASP funding? Can chapters "claim" part of the membership income for local working?
o Jeff: My understanding is that this is a fairly standard approach to handing chapter funding in other similar organizations. I think we discussed sometime in the past that some percentage of the membership fees generated by a particular chapter would go back to that chapter.
• Can we know of local company, personal or educational memberships to interact with these people from the chapter?

Minutes

Lots of the items touched were going to be presented by Andrew in the presentation on May 31st.

Andrew brought up that for some countries (it is the case in Australia) the organization that is organizing an event is liable for the people showing up. This should be covered by the party hosting the event.

In the future a board and/or executives/leaders should be elected instead of appointed.

Financial model: this must become transparent with at least a yearly presentation of the financials.
The $ 100 personal membership fee can maybe be indexed with the Big Mad Index.
Membership packages should be detailed for companies/persons and others.

Project deliverables must be better defined and timing managed. Financial support for this can be considered.
Academia: the summer of code idea should be further looked into to support OWASP projects
For development projects it should be considered to move the source control to OWASP infrastructure

Projects & ideas that should be focused on:
Certification
OWASP training program development
…

The webappsec mailing list moderation can not be accessed (?) anymore, this is the first mailing list to be moved to OWASP infrastructure
The other mailing lists can follow in the future.

For chapters
A repository of chapter presentation (possibly with taped audio) must be set up, fed by chapters and redistributed towards the chapter leaders.
One idea is to promote one theme per month?
A chapter starter package must be assembled
"Dead" chapters that show no activity should be revived and made available to other people that are interested in becoming Chapter Leader.
Chapter should be able to tap on part of income of members in their chapter to support chapter activity. To be further investigated how.

Priorities

1) Financial transparency
2) Member Pack - something physical like USB stick with all OWASP material on it + also more "fancy" membership certificates (personal: on paper, corporate: something like MS partnership - flashy to show off)
3) OWASP Top10: new version at the lates by Jan 2007, not to be abused as standard or by product vendors

These rough notes have been entered by Seba