Membership Committee

3. Membership Committee July 2009 Update

4. OWASP 2009 Membership Drive • OWASP Background • Video: Dan Cornell, Member, Global Membership Committee • What Does Membership Do For OWASP? • Membership Benefits • Individual Members • University Supporters • Organizational Supporters • Questions?

5. Video • Dan Cornell, Member, OWASP Global Membership Committee • http://www.owasp.org/index.php/Membership

6. What Does Membership Do For OWASP? • Funds OWASP Speakers via OWASP On the Move • Funds Season of Code projects • Helps Support Local Chapters • A portion of your membership fees helps fund your local chapter

7. Individual Members • Cost: $50/year • First Time Members Get A Membership Pack: • Membership card and certificate • OWASP DVD • Attractive OWASP t-shirt • OWASP tote bag • Pen • 10% discount on OWASP conferences

8. University Supporters • No cost (!) – Universities must agree to provide meeting space twice per year and to include OWASP in their curriculum • Must be an accredited University • Logo on OWASP website • OWASP briefings for University – students and staff

9. Organizational Supporters • Cost: $5000/year • Logo on OWASP website • Online job postings on OWASP website • Invitation to special OWASP events such as Industry Outreach • Two complimentary attendees to OWASP annual Summit • Employees get 10% discount on OWASP conferences • Onsite OWASP briefing

10. Questions? • Kate Hartmann (kate.hartmann@owasp.org) (OWASP) • OWASP Global Membership Committee • Tom Brennan (tomb@owasp.org) (Board rep) • Michael Coates (michael.coates@owasp.org) • Dan Cornell (dan.cornell@owasp.org) • Stephen Craig Evans (stephencraig.evans@gmail.com)

11. OWASP Global ConferenceCommittee (GCC) Committee Update SlidesJuly 1, 2009

12. Global Conference Committee The primary purpose of the Global Conference Committee is: to determine location, frequency and to oversee and direct global conferences, speakers, and training. Conference Committee Mark Bristow (U.S.), Wayne Huang (Asia), Steve Antoniewicz (U.S.), Dhruv Soi (India), Kate Hartmann (U.S.) 12

13. Posted Documents • Conference planner’s toolbox • Conference Budget planning tool • Sponsorship document (Updated) • Speaker Agreement • Presentation Template • CFP Template • CFT Proposal Template • Training Instructor Agreement (New) 13

14. Call For Conferences 2010 – Needs approval • In an effort to Coordinate and Promote our events for next year, the Global Conferences Committee is now accepting proposals for events to be held in 2010. • To be considered, planners must submit: • Dates of event • Location of event • Projected budget (using budget planning tool) • Event Type (using definitions from Conference page) • In order to be considered, please submit your proposals to the Global Conference Committee global_conference_committee@lists.owasp.org. • The deadline for consideration is August 30, 2009. Proposals received after this date may not be approved by the committee. 14

15. OWASP Global ProjectsCommittee Committee Update SlidesMay 19, 2009

16. Global Projects Committee • Dinis Cruz, Paulo Coimbra, Jason Li, Matt Tesauro, Leo Cavallari, Pravir Chandra, Brad Causey • Meeting weekly on Monday at 10 PM GMT • Organizing and documenting the “rules of engagement” for OWASP projects and the Season of Code • Launching the next Season of Code • Finalizing project setup and templates under Priteria v2 for projects & SoC 16

17. OWASP Season of Code 2009 • Announced at AppSec EU 2009 in Poland • Provisional budget of $90,000 • Focus: Improving quality in for key areas • OWASP Education Pack • Enterprise usability of OWASP Projects • Additional Source of Funding • Marketing and PR • Any project proposals are welcome including joint proposals up to 20K 17

18. OWASP Season of Code 2009 • Global Committees assist with areas: • Education Committee • OWASP Education Pack • Projects Committee • Enterprise usability of OWASP Projects • Membership & Chapters Committee • Additional Sources of Funding • Industry and Conference Committee • Marketing and PR • Projects will be assessed with Criteria v2 18

19. OWASP Season of Code 2009 – Prep work • Templates and informational “tab” created for projects • Allows easy setup of new projects and collection of meta-data on projects • Provides structure to evaluate project quality generally and for SoC • Sponsor-able projects list created • List projects which are open for sponsorship • “Rules of the Road” for sponsors • Orphaned projects list created http://www.owasp.org/index.php/Category:OWASP_Orphaned_Projects 19

20. Projects A – Projects launched recently (with the new 2.0 template) OWASP Content Validation using Java Annotations Project https://www.owasp.org/index.php/Category:OWASP_Content_Validation_using_Java_Annotations_Project OWASP Security Analysis of Core J2EE Design Patterns Projecthttp://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project B – Projects re-set up (with the new 2.0 template) OWASP Live CD Project http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP JBroFuzz https://www.owasp.org/index.php/Category:OWASP_JBroFuzz C – Projects launched recently (waiting for the new 2.0 template) OWASP JSReg Project https://www.owasp.org/index.php/Category:OWASP_JSReg_Project OWASP Cryttr - Encrypted Twitter Project http://www.owasp.org/index.php/Category:OWASP_Cryttr_-_Encrypted_Twitter_Project OWASP Encrypted Syndication Project http://www.owasp.org/index.php/Category:OWASP_Encrypted_Syndication_Project 20

21. Projects (Continuation) C – Projects launched recently (waiting for the new 2.0 template) OWASP CTF Project https://www.owasp.org/index.php/Category:OWASP_CTF_Project 21

22. OWASP Global ChaptersCommittee (GCC) Committee Update SlidesJuly 1, 2009

23. Global Chapter Committee The primary purpose of the Global Chapter Committee is: Provide support and guidance on regional and global issues. Chapter Committee (Board Member Rep: Seba *) • Puneet Mehta (India) • Ofer Shezaf (Israel) * • Matthew Chalmers (U.S.) • Kate Hartmann (U.S.) * * Present in conf call 23

24. Meeting notes • Welcome new member: Matthew Chalmers • Call for new members (Seba) • Proposal for monthly meeting at each last Tuesday of the month at 18h CET ? • Take on the chapters handbook (Ofer already started with it) • Next steps: • create an outline, • create stubs • ask for volunteers to help create content and review it. 24

25. Meeting notes • Start up a mentor program for new & inactive chapters • Driven by experienced chapter leaders • Create a pool of ‘owasp certified mentors’ • Create wiki landing page listing the mentors with pointers to the chapter handbook / supporting ppts • Identifying chapters that could need mentor help • Next steps: • Create page (Ofer) • Recruit mentors (Seba) • Identify chapters to start that with (Kate) 25

26. Other things to do (need volunteers) • Start survey (Matt?) • Podcast (check with Jim) /webcast • …

27. OWASP Global EducationCommittee (GEC) Committee Update SlidesJune 25, 2009

28. Global Education Committee The primary purpose of the Global Education Committee is: to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational institutions worldwide. Education Committee (Board Member Rep: Seba) Martin Knobloch (Netherlands),Mano Paul (U.S.), Eduardo Neves (Brazil), Kuai Hinjosa (U.S.), Cecil Su (Singapore), Fabio Cerullo (Ireland), Andrzej Targosz (Poland) Meeting monthly on last Thursday at 10 PM GMT 28

29. Meeting notes • Got support from • UCI, University of California Irvine • DSU Dakota State University • NKU Northern Kentucky University • Working on • Cornell • New York University • Columbia University • Syracuse University • First OWASP AppSec Symposium in the U.S. , sponsored by UCI participants  • AppSecEU10 will have a Research track – strenghten ties with the academic world • Working with Cornell using the OWASP Open Fortify for static analysis code used by Universities • Creating a list of University conference or events such as Ja-Sig where GEC can present and promote OWASP 29

30. Meeting notes • Education Material Categorized (add link) • Modules to be added to test structure and identify gaps & overlap • OWASP T10 to be added • Train the trainers – first material has to be created – dependencies on portal / scoring – ‘accredited’ trainer list (what criteria are necessary) 30

31. Meeting notes • Assessment portal – SOC proposal to be created? Could try out something based on http://www.expresscertifications.com/ content remains cc – scope of SOC proposal – based on http://www.owasp.org/index.php/Category:OWASP_Certification_Requirements • Boot camp material – to be based on project leaders input (part of the v2 criteria) and possibly on Andrew’s donation https://www.owasp.org/index.php/Education_Donated:_OWASP_ASVS_1.0_~2_day_training_deck (seba to help Martin) 31

32. Meeting notes • CTF – OWASP project to be created? Several versions available. How to have ‘secret’ challenges? – CTF EU09 could be reused for US09 • Speakers Buro – rating system – see trainers – how to manage evaluations – basic requirements to be captured • Internationalization of Materials: OTGv3 to • Chinese (simplified) from China • Chinese (traditional) from Taiwan • Indonesian • Vietnamese • Thai 32

33. Meeting notes • Education Committee slide deck to be created (Kuai – Martin) 33