Tuesday 25 October 2011

Mea culpa: How I abused the OWASP rules on presenter's slides

After I posted my presentation and slides the OWASP Brazil AppSec presentation on "Making Security Invisible by Becoming the Developer's Best Friends" , I was reminded that a couple slides on that presentation break the OWASP rules for conference presentations which are very well established.

In fact, they’re right in the speaker agreement, which I totally violated.

"...Speakers are encouraged to include their contact information when introducing themselves, but may NOT include their logo on any visual and handout materials. Speakers are to avoid any appearance of commercialism in their session and presentations are to be of a technical or solutions emphasis. Further, I understand that the program tracks of the conference/event/chapter are an educational event, not a sales or marketing platform. I agree that my presentation(s) will be an objective review of the topic on which I am presenting, and will not contain any content that is a sales or promotional pitch for any specific product(s) or company(ies). My materials will also be reflective of the current status of the topic(s) I am addressing...."

Clearly the initial slide about SI breaks this, and my mistake was in thinking that tagging it with an 'Advertising' tag made it better (the next slides, although covering Common Criteria content released free by SI, in hindsight are also, too much on the marketing/sales side).

And yes, although there have been worse offenders in the past, that is no excuse and I should know better.

Sorry for this...

(I'm currently in a location with slow internet connection, but once I'm back to land I will update the slides accordingly)