Tuesday 29 September 2009

OWASP Internals: Guidelines for OWASP leaders’ attendance of OWASP Conferences and OWASP Memberships

Following the debate started by this thread OWASP Internals: Leaders participation at OWASP conferences I submitted today the proposal below to the OWASP Board which has just been approved :)

I'm really happy with this model and I hope that this will mean that we will see much more participation from our leaders at our conferences

Guidelines for OWASP leaders’ attendance of OWASP Conferences and OWASP Memberships

In recognition of the enormous value provided to OWASP by its leaders (projects, chapters, committee & board members) , and the fact that it is beneficial for all that these leaders actively participate on one or more OWASP-organized conferences (16 in 2009), OWASP would like to propose the following 'operation guidelines' for facilitating the leaders participation at OWASP conferences:

  • All leaders who currently enjoy an 'OWASP Honorary individual membership' (see details below) apply for a 'FREE' participation on as many Conferences he/she is able to attend
  • By 'FREE' we mean that there is NO (i.e. zero) cost for the OWASP leader, but internally OWASP is marking up this cost between $100 USD and $300 USD (depending on the conference) which cover the 'participation costs' of a conference attendee (venue, refreshments, lunch, etc..) .
  • In order to simplify the process and to remove the potential financial burden, this cost will NOT be allocated/paid by the Conference Organizers, but will be covered by (in order of preference):
    • a local chapter that has funds and wants to 'sponsor' a particular leader to attend a conference (in most cases this should be in 'exchange' of a chapter presentation of a debrief of what happened at the conference). See 'Notes for chapter with budgets' below
    • a direct sponsorship of the leader's main employer or 3rd party company that wishes to sponsor OWASP leaders
    • OWASP on the Move funds
  • In order to maximize OWASP resources and efforts, the following would be expected from the OWASP Leader:
    • Submit a presentation proposal with the conference RFP time period (note that a separate thread (& guidelines) will be required to define the recommended process (for conference organizers) to deal with these OWASP Leaders presentations)
    • Allow the conference to include the leader name in its marketing efforts, i.e.: "...come to the XYZ conference where you will be able to meet personally the following OWASP leaders: {name - project}, {name - project}, {name - project}, {name - project} .."
    • Help as much as possible the local organization team (conferences are a LOT of work, and extra pair of hands are always necessary)
    • If there is an OWASP-Stand, help with the 'manning the stand'
    • Actively promote the conference in Blogs, Tweets, local chapters and press
  • To help with the OWASP Leader participation, and if required, OWASP central (i.e. Kate) can send an 'official invitation letter' requesting that the leader's employer allows the conference participation under company's time (versus holiday time)
    • Depending on the level of sponsorship given to the leader by its employer, the conference organizers should add the leader's employer as a conference sponsor (note: at the moment there is no standard name for these type of sponsorships)

Notes for chapter with budgets:

The chapters that currently have budget available (see this document for the current list of funds available to local chapters), can and is encouraged (at the discretion of the chapter leader AND its local community) to use its funds to:

  • 'Pay' the OWASP internal conference participation cost (100 USD to 300 USD) of the current Chapter Leader(s)
  • Cover part of the current Chapter Leader(s) travel expenses to attend the conference (the current guidelines are 250 USD for local travel (in US or in Europe) and 500 for International Travel (Europe-> US, in Asia, etc)
  • 'Sponsor' a particular OWASP Project leader to attend the OWASP conference in exchange for a participation at their chapter (this could be a presentation, a training session, etc...)

Notes on "Who is eligible for OWASP Honorary individual membership'

Contributions to OWASP are highly valuable, so in order to recognize its effort OWASP is allocating 'Honorary Individual Memberships' (i.e. Free memberships) to:

  • OWASP Board Members
  • OWASP Committee Members
  • OWASP Chapter Leaders*
  • OWASP Projects Leaders*
  • Individuals with Special Contributions to OWASP*

* The allocation of 'Honorary Individual Memberships' is going to be implemented in two phases

  • 'pre AppSec DC conference' (i.e. now) - For historical reasons OWASP chapter and projects leaders were not made OWASP Members in the past. So in an effort to clean up the past and start with a clean state, the OWASP Projects and Membership Committees is currently creating a list of ALL active and past project and chapter leaders who will be given a Free 1 Year OWASP Individual Membership
  • 'post AppSec DC conference' - from Nov 09, and once a year there after, the OWASP Chapter and Project Committees will be expected to first create a criteria to allocate memberships (based on their contributions over the past year) and then use it to produce an annual list of Individuals who should be allocated an Free 1 Year 'Honorary Individual Membership'. This list should then be submitted for vote and approval

Honorary members will be given the opportunity, although not required to “donate” the annual dues to the Foundation.