owasp / owasp-summit-2017 Goto Github PK

check with laura for template
add in the mutual agreements
sign

@DinisCruz and @DevSecCon to add their names to the wish list of attendees.
Preferably by Thursday, the latest by the week-end?
This is important input for sending the doodle to check which week will attract most participants.

What should it be called?

• OWASP-DevSecCon
• OWASP-DevSecCon-Summit (this feels to big)
• OWASP-DSC-Summit (this loses the DevSec reference)

Tasks:

• Create twitter account
• Add links to home page

Bletchley Park: 'Codebreakers school' planned for site

Btw, one of the venues under consideration is close to it

https://twitter.com/owaspsummit was mainly used on the last Summit

Who controls this account?

At the moment it doesn't show up on Google searches

I think one of the solutions will be to submit the http://owaspsummit.org site to google

First chapter presentation to occur on the 27 of Jan in London

This will be a great way to remind the great stuff that happened at the last Summit, and provide ideas for what to do at the next Summit

We have plenty of material on the OWASP Outcomes document (created by Sarah Baso)

(from emails to Johanna and Claudia)

one the best ways OWASP can support the projects, is to help them to participate at next OWASP Summit.

OWASP projects have been a massive success story of the last Summits, since the Project leaders not only do a lot of work for their own project (before and during the Summit), they also participate heavily in other Project's Workshops.

There are already some projects at https://github.com/OWASP/owasp-devseccon-summit/tree/master/Workshops but we need a LOT more (key focus is on objectives and deliverables, since the idea of the Summit is to WORK HARD and collaborate)

What about if we find 50k USD dedicated to OWASP projects at the Summit? This would get 25 tickets to allow 25 project leaders (and key contributors) to participate at the Summit? The ticket allocation and invitation would be managed by Claudia (as OWASP Project Coordinator).

Of course that we will ask everybody to get their company to pay for it. The idea is that we will only allocate one of those tickets for the cases when the leader/contributor can't get that kind of financial support (which means that we should end up with 70 or 100+ Owasp project leaders and core contributors going to the Summit)

This is something that could be funded from OWASP Board and from Projects and chapters that have funds available (for example there is already the idea of using some of OWASP London chapter funds to sponsor a number of tickets for ZAP)

The idea for the OWASP Summit budget (which is exactly what we did for the last two in 2008 and 2011) is to have a price that includes ALL project leaders/contributors expenses (since they are already donating their time and it is not fair for them to have a financial cost to go there and work for OWASP, unless .... their company is able to cover those costs, which in that case we can use the funds allocated into another OWASP Leader/Contributor and acknowledge that company as a sponsor)

The amount we are currently planning to use is $2000 USD per participant which covers travel (flight, train), accommodation and food.

That is how we get to the 50k USD amount for 25 OWASP Leaders/Contributors (we usually call this the 'golden ticket' ).

Note that it is absolutely fine to use the 150k that we are currently asking the OWASP board to support the Summit to fund these 50k dedicated to OWASP projects.

What we need from you is:

• official support for this idea
• list of Projects that should be at the Summit (based on their recent activity and potential to deliver amazingness at the Summit)
• list of Project leaders and key active Project contributors that should be invited and offered an 'golden ticket'
• topics for Workshops (see https://github.com/OWASP/owasp-devseccon-summit/tree/master/Workshops )
• who else should be invited to participate in those Workshops, but will not be offered an 'golden ticket' (for example active OWASP project users)

What do you think?

Thanks

My view is that the solution we need will be based on the content being hosted on this GitHub Repo

A good option is to use GitHub pages and jekyll https://help.github.com/articles/using-jekyll-as-a-static-site-generator-with-github-pages

But we can explore other ideas and technologies

This is an operational problem we have and a Summit Workshop in its own right

Sarah asked me today that we should answer the 'Why'

• Why do the Summit in 2017?
• Why OWASP and DevSecCon?
• Why it is needed?

For reference see https://www.startwithwhy.com/ and https://www.ted.com/talks/simon_sinek_how_great_leaders_inspire_action?language=en
(it would be amazing if we were able to get Simon to participate in the Summit)

i.e. @DevSecCon you need to configure your git client to use GPG , note the lack of 'Verified' on your commit. How do I know that that commit was made by you :)

See http://www.slideshare.net/DinisCruz/gpg-signing-git-commits for more details and for instructions on how to set it up

done at http://owaspsummit.org/Logistics/Tickets.html

The 2008 version looks better: https://www.owasp.org/index.php/OWASP_EU_Summit_2008

see https://www.owasp.org/index.php/Summit_2011 which looks like this

It broke in one of the last OWASP wiki style updates

I also just added the https://www.owasp.org/index.php/Summit_2008 and https://www.owasp.org/index.php/Summit_2017 pages so that they are consistent with https://www.owasp.org/index.php/Summit_2011 (it redirects to https://www.owasp.org/index.php/Owasp-DevSecCon-Summit)

Achim noted: "BTW, would be nice to find/see a description for the "properties" in the
user's github file."

using event-point theme (see http://preview.themeforest.net/item/event-point-event-conference-meetup-html-template/full_screen_preview/19393910?_ga=1.235128449.1463808881.1487374093)

Other themes considered

http://preview.themeforest.net/item/xpo-a-theme-for-conferences-expos-events-and-meetups/full_screen_preview/19305722?_ga=1.194183469.1463808881.1487374093

http://preview.themeforest.net/item/evemat-responsive-html-event-template/full_screen_preview/19327878?_ga=1.235128449.1463808881.1487374093

http://preview.themeforest.net/item/matrix-multipurpose-responsive-html-landing-pages/full_screen_preview/19379130?_ga=1.235128449.1463808881.1487374093

https://trello.com/owaspdevsecconsummit2017

Need to email participants for participation in responsible disclosure workshop

• Create folder
• Create pages using content from https://github.com/OWASP/owasp-devseccon-summit/blob/master/session%20topics
• add #4 workshop idea

Here is a screenshot we could use

https://owasp.slack.com/archives/owasp-dsc-summit/

• owasp wiki page : https://www.owasp.org/index.php?title=Owasp-DevSecCon-Summit
• Slack channel https://owasp.slack.com/archives/owasp-dsc-summit

Here http://owaspsummit.org/new/participants.html

Maybe to help we could create a special logistic pages which lists participants by specific filters:

• no image
• no descriptions
• no ticket status

See for example what GitHub did with https://github.com/blog/2273-incident-report-inadvertent-private-repository-disclosure

10 villas - Done
Main conference hall - to do this week

• owasp connected note was done

This should be a separate page which shows the workshops inside a specific track

Example of tracks

• ZAP
• OWASP Projects
• Mobile
• Threat Modeling
• Education

For example what it was done with http://localhost:4000/Workshops/OWASP-Project-Summit.html

This should help to group Workshops around specific themes

Now that we are happy with the new template, we can move the old files and refactor the new files into a better folder structure

https://2017.appsec.eu/program/call-for-papers

Achim noted:

There is a typo for link "these pages"
https://github.com/OWASP/owasp-summit-2017/tree/master/Participants'
(trailing quote)

For general announcements and one-to-many communications

General discussions will occur on the OWASP Slack

some pages contain the property <type: all-content> but the usage in _layouts/all-content.html checks for

Is this intended behaviour?

Similar to the one I created forhttps://github.com/DinisCruz/keynote-bsideslisbon which can be seen at https://diniscruz.github.io/keynote-bsideslisbon/

• Create PoC Jekyll site
• email owasp-leaders asking for help with design

To send the email as defined in this page https://github.com/OWASP/owasp-devseccon-summit/blob/master/Logistics/emails/ask-for-summit-date.md

That is a better name to represent what will happen and it is the name we used at the last Summit

This would be used on the website and to be shown OWASP Chapter meetings
See https://twitter.com/jonathanmarcil/status/832733228251230208

• we should ask past summit participants to create a quick video (recorded on phone of computer) about their experiences and what they look for in the next Summit
• try to make it as a professional as the Kickstarter intro videos (use same format)

Here is the You Tube video for the OWASP Summit 2017 presentation delivered at OWASP London Chapter (on 9th Jan 2017)

I'm starting to think that between GitHub pages, GitHub issues, Slack and Twitter we have a good way to communicate

What do you think?

@DinisCruz to create a central page with this information

We also need to create a standard way to format those pages so that they are easy to read and consume

It shouldn't be that hard. I just needs a bit of CSS love

http://localhost:4000/Logistics/Participants-need-support.html

http://lanyrd.com/2017/owaspsummit

• Event created on Lanyrd
• Venue created on Lanyrd
• Added Twitter handle and official hashtag #owaspsummit
• Add workshop schedule (workshop organizers might be set up as "speakers"?)
• add subtasks here

This needs to be automatically created using Jeklyy

This should include links to the registration page and details on how to fork the site and edit it

This will check for common probs (like broken links) and for issues created with refactoring

I wonder if we can use ZAP for some of the tests

At the moment this is the main page from Google and it doesn't have the latest info or point to the current site