This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP EU Summit 2008 Working Sessions"

From OWASP
Jump to: navigation, search
(WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS))
(WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS))
Line 87: Line 87:
 
* How to setup an OWASP Boot Camp?
 
* How to setup an OWASP Boot Camp?
 
* How to create lessons, classes, courses from OWASP project material?
 
* How to create lessons, classes, courses from OWASP project material?
'''Additional Details:'''...<br/>
+
'''Additional Details:'''
 
There is plenty of knowledge available inside the OWASP community. This is spread via the OWASP AppSec Conferences and the  
 
There is plenty of knowledge available inside the OWASP community. This is spread via the OWASP AppSec Conferences and the  
 
local chapter meetings, not to forget the books available now. Another, very important way to distribute the available knowledge is to teach! In plenty presentations knowledge is put into slides to share it.  
 
local chapter meetings, not to forget the books available now. Another, very important way to distribute the available knowledge is to teach! In plenty presentations knowledge is put into slides to share it.  
Line 93: Line 93:
  
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
* Project Outcome: proposal for the Winter of Code
+
* Educational Support on Winter of Code 2008
 
* Guildeline about creating training material
 
* Guildeline about creating training material
 
  |-
 
  |-
Line 99: Line 99:
 
  ! align="center" style="background:#4058A0; color:white" |
 
  ! align="center" style="background:#4058A0; color:white" |
  
==== <font color="white"> Winter Of Code 2009 </font>====
+
==== <font color="white"> Winter Of Code 2008 </font>====
  
 
  |-
 
  |-
Line 110: Line 110:
 
* Identify which areas should receive priority selection
 
* Identify which areas should receive priority selection
 
* Create 'virtual teams' from the attendees and allocate them to key projects
 
* Create 'virtual teams' from the attendees and allocate them to key projects
'''Additional Details:'''
+
* Discuss sponsoring models
...<br/>
 
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
 
* OWASP Winter of Code 08 plan
 
* OWASP Winter of Code 08 plan
Line 128: Line 127:
 
'''Objectives:'''  
 
'''Objectives:'''  
 
* Introduce everyone to the idea and cost-benefits of an ESAPI
 
* Introduce everyone to the idea and cost-benefits of an ESAPI
*
 
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
 
* A volunteer to lead the 'marketing' campaign for ESAPI
 
* A volunteer to lead the 'marketing' campaign for ESAPI
 
* Prioritized list of marketing ideas for the ESAPI concept
 
* Prioritized list of marketing ideas for the ESAPI concept
 
* Prioritized list of ideas for improving the API
 
* Prioritized list of ideas for improving the API
*
 
* {outcome 3}
 
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 186: Line 179:
 
* Discuss gaps and patterns in gaps in security coverage across frameworks
 
* Discuss gaps and patterns in gaps in security coverage across frameworks
 
* Discuss possible solutions for security areas
 
* Discuss possible solutions for security areas
*
 
 
'''Additional Details:'''
 
'''Additional Details:'''
 
ISWG = Intrinsic Security Working Group<br/>
 
ISWG = Intrinsic Security Working Group<br/>
Line 193: Line 185:
 
* Actionable advice for each individual frameworks
 
* Actionable advice for each individual frameworks
 
* Identify points-of-contact for frameworks
 
* Identify points-of-contact for frameworks
* {outcome 3}
 
 
 
<br/>
 
<br/>
 
'''Agenda:'''
 
'''Agenda:'''
Line 220: Line 210:
 
  | style="background:#F2F2F2" |  
 
  | style="background:#F2F2F2" |  
 
'''Working Session Lead:'''Mark Roxberry<br/>  
 
'''Working Session Lead:'''Mark Roxberry<br/>  
'''Working Session Team:''' To be selected at the working session.<br/>
+
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Objectives:'''  
 
'''Objectives:'''  
Line 227: Line 217:
 
* Discuss .NET and Mono SDL Best Practices and OWASP tools and documentation
 
* Discuss .NET and Mono SDL Best Practices and OWASP tools and documentation
 
* Discuss Vulnerability Research in the .NET and Mono Ecosystem
 
* Discuss Vulnerability Research in the .NET and Mono Ecosystem
* Prepare OWASP .NET Project Roadmap for 2009
 
 
 
'''Additional Details:'''<br/>
 
'''Additional Details:'''<br/>
 
* Objective 1: Establish purpose and audience of the OWASP .NET project.  There are lots of resources and tools, why do we need OWASP .NET, who are our audiences, how do we reach them.
 
* Objective 1: Establish purpose and audience of the OWASP .NET project.  There are lots of resources and tools, why do we need OWASP .NET, who are our audiences, how do we reach them.
 
* Objective 2: Statement to OWASP .NET's purpose.  As we work closely with Microsoft folks, they've discussed providing content, which is great, but we need to clearly state OWASP .NET's neutrality.  The Summit is a good place for this action.  I will have a draft for discussion prior to the working session
 
* Objective 2: Statement to OWASP .NET's purpose.  As we work closely with Microsoft folks, they've discussed providing content, which is great, but we need to clearly state OWASP .NET's neutrality.  The Summit is a good place for this action.  I will have a draft for discussion prior to the working session
 
* Objective 3: OWASP sponsored vulnerability research / web application review / guidance on .NET/Mono projects, like Sharepoint, Silverlight, Community Server,  Wikipedia Search (Mono), DekiWiki (Mono) etc.
 
* Objective 3: OWASP sponsored vulnerability research / web application review / guidance on .NET/Mono projects, like Sharepoint, Silverlight, Community Server,  Wikipedia Search (Mono), DekiWiki (Mono) etc.
* Objective 5: OWASP .NET Project Roadmap for 2009.  I will have a draft for discussion. 
 
 
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
* Public Statement for OWASP Summit of OWASP .NET purpose, vendor neutrality and audience
+
* OWASP .NET Project Roadmap for 2009
* OWASP Initiatives for OWASP .NET Project in 2009
 
 
 
  
 
  |-
 
  |-
Line 252: Line 236:
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Objectives:'''  
 
'''Objectives:'''  
* {objective 1}: Discuss next version of code review guide.
+
* Discuss next version of code review guide.
* {objective 2}: Discuss industry requirements for code review.
+
* Discuss industry requirements for code review.
* {objective 3}: Discuss academic versus practical rammifications of guide.
+
* Discuss academic versus practical rammifications of guide.
* {objective 4}: Brainstorm: Ideas for integration with other projects and tools.
+
* Brainstorm: Ideas for integration with other projects and tools.
* {objective 5}: Develop a roadmap for the code review guide: Technologies, approaches  
+
* Develop a roadmap for the code review guide: Technologies, approaches  
 
'''Additional Details:'''<br/>
 
'''Additional Details:'''<br/>
 
...<br/>
 
...<br/>
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
* {outcome 1}
+
* Develop a roadmap for the code review guide: Technologies,
* {outcome 2}
+
Approaches
* {outcome 3}
+
 
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 277: Line 261:
 
* Discuss whether there should be OWASP Awards
 
* Discuss whether there should be OWASP Awards
 
* Discuss options for undertaking an awards process
 
* Discuss options for undertaking an awards process
* {objective 3}
+
* Opportunities for public relations, marketing and sponsorship
 +
* Avail possible risks of running an award event
 
'''Additional Details:'''<br/>
 
'''Additional Details:'''<br/>
 
Should OWASP run an awards event?<br/>
 
Should OWASP run an awards event?<br/>
Line 288: Line 273:
 
* Identify actions to progress if decision is "yes" or "maybe"
 
* Identify actions to progress if decision is "yes" or "maybe"
 
* List of further information required
 
* List of further information required
* {outcome 4}
+
 
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 301: Line 286:
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Objectives:'''  
 
'''Objectives:'''  
* {objective 1}
+
* Identify top reasons and driving factors to work with Government of
* {objective 2}
+
different countries
* {objective 3}
+
* Identify potential areas where OWASP and Government can work
'''Additional Details:'''<br/>
+
together
...<br/>
+
* Discuss Measurable benefits
 +
* Identify possible ways on how to approach this initiative
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
* {outcome 1}
+
* Mission or goal statement
* {outcome 2}
+
* Prioritized list of potential areas where OWASP can work with
* {outcome 3}
+
Government
 +
* Roadmap / Model to approach this initiative
 +
* Identify Team / committee to lead this initiative
 
  |-
 
  |-
 
|}
 
|}
Line 323: Line 311:
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/>
 
'''Objectives:'''  
 
'''Objectives:'''  
* Resolve possible confusion over various Live CD projects
+
* Normalize possible confusion over various Live CD projects
* Determine the duration of OWASP branding for follow-on releases of older projects (Also applies to OWASP projects in general)
+
* Determine the duration of OWASP branding for follow-on releases of
* Discuss an OWASP Project Life Cycle for Live CDs (Also applies to OWASP projects in general)
+
older projects
 +
* Discuss an OWASP Project Life Cycle for Live CDs
 
'''Additional Details:'''<br/>
 
'''Additional Details:'''<br/>
 
Googling either "OWASP LiveCD" or "OWASP Live CD" leads to multiple projects both old and new.  For someone not familiar with the Live CD history, determining the "real" Live CD is confusing at best.  This topic arose from comments by a review of the current Live CD 2008 project  [http://www.owasp.org/index.php/Project_Information:template_Live_CD_2008_Project_-_Final_Review_-_Second_Reviewer_-_F here]<br/>
 
Googling either "OWASP LiveCD" or "OWASP Live CD" leads to multiple projects both old and new.  For someone not familiar with the Live CD history, determining the "real" Live CD is confusing at best.  This topic arose from comments by a review of the current Live CD 2008 project  [http://www.owasp.org/index.php/Project_Information:template_Live_CD_2008_Project_-_Final_Review_-_Second_Reviewer_-_F here]<br/>
Line 345: Line 334:
 
'''Working Sessions Organization Model''': Invited Participants + Attendees <br/>
 
'''Working Sessions Organization Model''': Invited Participants + Attendees <br/>
 
'''Objectives:'''  
 
'''Objectives:'''  
* {objective 1}
+
* Discuss project objectives for short and long term
* {objective 2}
+
* Interlink process to other projects
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
* {outcome 1}
+
* Project roadmap
* {outcome 2}
+
* Define potential contributors
* {outcome 3}
 
 
  |-
 
  |-
 
|}
 
|}

Revision as of 02:06, 30 September 2008

THIS IS STILL under heavy UPDATES (i.e. work in progress)

WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed)

Monday

  • OWASP ISWG: Browser Security (part 1) - 4h . . . (ISWG = Intrinsic Security Working Group)

Tuesday

  • Working Sessions Operational model - 1h , ALL to attend
  • OWASP Strategic Planning for 2009 - 3h
  • OWASP Tool's Projects (consolidation action-plan) - 3h
  • OWASP ISWG: Web Application Framework Security (part 1) - 3h . . . (ISWG = Intrinsic Security Working Group)
  • OWASP Documentation Projects (consolidation action-plan) - 3h
  • Winter Of Code 2009 - 4h
  • OWASP .NET Project - 2h
  • Two-way Internationalization of OWASP Content - 2h

Wednesday

  • OWASP Top 10 2009 - 2h
  • OWASP Education Project - 2h
  • ESAPI Project - 4h
  • Code Review (next version) - 2h
  • Testing Guide (next version) -2h
  • OWASP Certifications - 2h
  • OWASP Application Security Desk Reference (ASDR) - 4h
  • OWASP Intra Governmental Affairs - 2h
  • OWASP Awards - 2h
  • OWASP Website -2h
  • OWASP Advisory Board (private presentation) - 2h
  • OWASP CD/DVD - 2 h
  • OWASP Board Meeting (public session) - 3h

WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS)

OWASP Top 10 2009

Working Session Lead: Dave Wichers
Working Session Team: Jeff Williams
Working Sessions Organization Model: "Everybody is a Participant" or "Invited Participants + Attendees"
Objectives:

  • Discuss current Top10 structure and objectives
  • Define methodology to collect attacks statistics

Projected Outcomes:

  • Propose the revised OWASP Top 10 for 2009

OWASP Strategic Planning

Working Session Lead: OWASP Board
Working Session Team: OWASP Board, Kate & Paulo
Working Sessions Organization Model: "Everybody is a Participant" or "Invited Participants + Attendees"
Objectives:

  • OWASP Governance
  • Projects organization and rating
  • Procedures for OWASP Standardization
  • Chapter Governance
  • OWASP Past, Present and Future
  • Global Community Outreach (PR Issues, Pro Bono opportunities)

Projected Outcomes:

  • Action Plan for 2009
  • Strategies and recommendation for current projects

OWASP Education Project

Working Session Lead: Sebastien Deleersnyder
Working Session Team: Martin Knobloch + TBD
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • How to improve knowledge transfer from OWASP projects towards the community
  • How to create training material (lessons, classes, courses) from OWASP project material?
  • How to set up an OWASP education baseline
  • How to setup an OWASP Boot Camp
  • How to connect to organisation to promote OWASP education content: e.g. universities, other non-profit (or profit?) education organisations
  • How to organize the OWASP / Conference trainings to make them the best in the world?
  • Can we integrate this into OWASP certification projects?
  • How to setup an OWASP Boot Camp?
  • How to create lessons, classes, courses from OWASP project material?

Additional Details: There is plenty of knowledge available inside the OWASP community. This is spread via the OWASP AppSec Conferences and the local chapter meetings, not to forget the books available now. Another, very important way to distribute the available knowledge is to teach! In plenty presentations knowledge is put into slides to share it. The next step is to reuse the information of those presentations and create training material. In a Boot Camp for example, it's not only about telling how to break stuff, but let the attendees break it themselves. Also let them fix the problems, with guidance of the experienced!

Projected Outcomes:

  • Educational Support on Winter of Code 2008
  • Guildeline about creating training material

Winter Of Code 2008

Working Session Lead: Paulo Coimbra
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • Define the operation model for the next OWASP Season of Code (the Winter of Code 08)
  • Identify which areas should receive priority selection
  • Create 'virtual teams' from the attendees and allocate them to key projects
  • Discuss sponsoring models

Projected Outcomes:

  • OWASP Winter of Code 08 plan
  • # of projects for immediate approval (assuming the delivery team is all set)

Enterprise Security API Project

Working Session Lead: Jeff Williams
Working Session Team: Arshan Dabirsiaghi
Working Sessions Organization Model: "Invited Participants + Attendees"
Objectives:

  • Introduce everyone to the idea and cost-benefits of an ESAPI

Projected Outcomes:

  • A volunteer to lead the 'marketing' campaign for ESAPI
  • Prioritized list of marketing ideas for the ESAPI concept
  • Prioritized list of ideas for improving the API

ISWG: Browser Security

Working Session Lead: Arshan Dabirsiaghi
Working Session Team: TBD
Working Sessions Organization Model: "Invited Participants + Attendees"
Objectives:

  • Discuss ongoing HTML5 security research
  • Discuss further ramifications of HTML5 (cross-site XHR, Access-Control, client storage, etc.)
  • Take a look at security critical areas and discuss possible browser improvements

Additional Details: ISWG = Intrinsic Security Working Group
Browsers to invite: IE, FF, Safari, Opera and Chrome
Projected Outcomes:

  • OWASP Top 10 Browser Wishlist
  • Actionable advice and technical arguments for HTML5 featureset
  • Establish OWASP points-of-contact for W3C


Agenda: 

Time: 30 mins
Introduction

Time: 2 hrs 30 mins
Action Item: Identify 5 Key Browser Risks and select the top 3 

Time: 2 hrs 30 mins
Address issues in the current HTML 5 specifications

Time: 1 hr 30 mins
Build a proposal to target key players in the industry and ask for their support
 
Time: 30  mins 
Assign point leads, roles and responsibilities

ISWG: Web Application Framework Security

Working Session Lead:Arshan Dabirsiaghi
Working Session Team: TBD
Working Sessions Organization Model: "Invited Participants + Attendees"
Objectives:

  • Discuss gaps and patterns in gaps in security coverage across frameworks
  • Discuss possible solutions for security areas

Additional Details: ISWG = Intrinsic Security Working Group
Frameworks to invite: .NET, J2EE, Spring, Struts, ASP.NET MVC, RoR, PHP, etc.
Projected Outcomes:

  • Actionable advice for each individual frameworks
  • Identify points-of-contact for frameworks


Agenda: 

Time: 30 mins
Introduction

Time: 2 hrs 30 mins
Action Item: Discuss current security issues with common Web Programming Languages such as:

PHP, Java,  Ruby ...

Time: 2 hrs 30 mins
Action Item: Discuss current security issues with common Web Programming Frameworks such as:

Spring, Struts, Cake, RoR ...

Time: 2 hrs 
Build a matrix of all the security features and possible solutions
 
Time: 30 mins 
Assign point leads, roles and responsibilities to contact leaders of the communities involved and 
work with them to address gaps and patterns discussed.

OWASP .NET Project

Working Session Lead:Mark Roxberry
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • Discuss audience and purpose of the OWASP .NET project
  • Prepare OWASP .NET neutrality statement
  • Discuss .NET and Mono SDL Best Practices and OWASP tools and documentation
  • Discuss Vulnerability Research in the .NET and Mono Ecosystem

Additional Details:

  • Objective 1: Establish purpose and audience of the OWASP .NET project. There are lots of resources and tools, why do we need OWASP .NET, who are our audiences, how do we reach them.
  • Objective 2: Statement to OWASP .NET's purpose. As we work closely with Microsoft folks, they've discussed providing content, which is great, but we need to clearly state OWASP .NET's neutrality. The Summit is a good place for this action. I will have a draft for discussion prior to the working session
  • Objective 3: OWASP sponsored vulnerability research / web application review / guidance on .NET/Mono projects, like Sharepoint, Silverlight, Community Server, Wikipedia Search (Mono), DekiWiki (Mono) etc.

Projected Outcomes:

  • OWASP .NET Project Roadmap for 2009

Code Review (next version)

Working Session Lead:Eoin Keary
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • Discuss next version of code review guide.
  • Discuss industry requirements for code review.
  • Discuss academic versus practical rammifications of guide.
  • Brainstorm: Ideas for integration with other projects and tools.
  • Develop a roadmap for the code review guide: Technologies, approaches

Additional Details:
...
Projected Outcomes:

  • Develop a roadmap for the code review guide: Technologies,

Approaches

OWASP Awards

Working Session Lead:Colin Watson
 Working Session Team: TBD
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • Discuss whether there should be OWASP Awards
  • Discuss options for undertaking an awards process
  • Opportunities for public relations, marketing and sponsorship
  • Avail possible risks of running an award event

Additional Details:
Should OWASP run an awards event?
What are the opportunities for public relations, marketing and sponsorship?
What categories should there be to honour people, projects and products?
Should the swards be a separate event or be part of another event?
What are the risks of running an awards event?
Projected Outcomes:

  • Decision whether to progress with OWASP Awards
  • Identify actions to progress if decision is "yes" or "maybe"
  • List of further information required

OWASP Intra Governmental Affairs

Working Session Lead:Dhruv Soi
 Working Session Team: Puneet Mehta
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • Identify top reasons and driving factors to work with Government of

different countries

  • Identify potential areas where OWASP and Government can work

together

  • Discuss Measurable benefits
  • Identify possible ways on how to approach this initiative

Projected Outcomes:

  • Mission or goal statement
  • Prioritized list of potential areas where OWASP can work with

Government

  • Roadmap / Model to approach this initiative
  • Identify Team / committee to lead this initiative

OWASP CD/DVD

Working Session Lead:Matt Tesauro
 Working Session Team: TBD
Working Sessions Organization Model: "Everybody is a Participant"
Objectives:

  • Normalize possible confusion over various Live CD projects
  • Determine the duration of OWASP branding for follow-on releases of

older projects

  • Discuss an OWASP Project Life Cycle for Live CDs

Additional Details:
Googling either "OWASP LiveCD" or "OWASP Live CD" leads to multiple projects both old and new. For someone not familiar with the Live CD history, determining the "real" Live CD is confusing at best. This topic arose from comments by a review of the current Live CD 2008 project here
Projected Outcomes:

  • A graceful method to handle current and future OWASP Live CD releases
  • Determine the duration of OWASP branding for Live CDs (possibly better scoped for general OWASP projects discussion)
  • Determine an OWASP Project Life Cycle for Live CDs (possibly better scoped for general OWASP projects discussion)

OWASP ASDR

Working Session Lead:Leonardo Cavallari Militelli
Working Session Team: {name}
Working Sessions Organization Model: Invited Participants + Attendees
Objectives:

  • Discuss project objectives for short and long term
  • Interlink process to other projects

Projected Outcomes:

  • Project roadmap
  • Define potential contributors

Draft notes

Note: there needs to be a 1h session on the 1st day of working sessions (Tue) to explain the rules of the game, how everything will work and what is expected from each WS (Working Session)

  • Working Sessions can meet simultaneously or by some method of time allotment (depends on scheduling and priority)
  • Open membership, first order of business is to confirm chair and secretary of group (We can get this setup and discuss on the lists now, so we are running when we get to the Summit)
  • Dinis, Paulo suggested that working groups will produce OWASP Initiatives, Statements, Decisions.
  • OWASP Initiatives, Statements and Decisions can be distributed in electronic form prior to the Summit or a Working Group assembly.
    • Additionally, time should be allocated for anything new at the actual Working Group assembly. (Again, we can get the ball rolling on this now and have discussion and motion at Summit).
    • Simple Majority to Pass Motions (I can distribute a Roberts Rules of Order - Lite prior to the meeting to the chair)
  • Board Reserves Veto and Tabling Authority at the Summit
  • Working Groups:
    • OWASP Top 10 2009
    • OWASP Governance (e.g. International guidelines, Board member confirmation)
    • Projects (e.g. Organize and rate projects, Development plans,Documentation
    • Chapter Governance (e.g. Budgets, Activities)
    • OWASP Future (e.g. Action Plan for 2009, Investment recommendation, 5 year Outlook)
    • Web Vulnerability Assessment (Code Review/Testing)
    • Global Community Outreach (PR Issues, Pro Bono opportunities)
    • Web Technology (e.g. Browser security wishlist, architectural recommendations, technology recommendations)

Agenda

  • Opening Statement
  • Motions on the table (1st, 2nd, Vote)
  • New Business (new motions, statements for record)
  • Closing Statement
  • As the first ever of this format, we should invite working group chairs and discuss a potential list of motions to get them started (specifically for

financially related motions, e.g. Dinis mentioned $200K USD investment plan as an example in an earlier e-mail). What kinds of things to start with. Then they can put the ideas to a list or lists for discussion prior to the meeting.


Working Sessions outcomes

  • OWASP Initiates: "Spend xyz on Project yyy" , "Plan to organize all OWASP tools / books" , "Stategy to organize and rate ALL OWASP projects", "6 month Development plan for EASPI"
  • Public Statements: "Here is the OWASP Top 10 2009", "This is what OWASP's position is on xxx" , "Browser security wish-list for Browsers (IE, Mozilla, Safari and Opera)"
  • OWASP Decisions: "Action plan for OWASP in 2009", "Hire x developers to support projects", "next 200k USD investment plan", "OWASP governance and vote of 6th Board Member", "Internaltional OWASP non-profit organizations guidelines",

Summit

  • Should a Board Member chair?
  • Agenda
    • Opening Statement (this is the first Summit, so this is a special thing)
    • Overall Summit meeting can be an informational meeting about Working group motions. Board can approve, veto or table motions from Working

Groups. However, if doing this at the Summit, there may be controversial issues where the Board rejects a motion. Each working group has a spot on this agenda.

    • OWASP Motions not from Working Groups, allocate time for this.
    • Closing Statement
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_EU_Summit_2008_Working_Sessions&oldid=41418"