Friday, 6 April 2012

Summits must be part of OWASP's DNA

The last OWASP Summit 2011 represents the best of what OWASP can do, and nothing we did that year come even close in generating so much work, energy, serendipity and connections (not projects, chapters or conferences)

What you had there was a week of massive collaboration, relationship creation, work , brainstorming and planning (just look at this amazing picture Ofer , Carlos, Vlatko (can you fell the energy!!! :)  ).


That Summit was not a private/closed party, just take a look at the participants again (read it slowly paying attention to the name of the attendee , it's company and reason for attending: https://www.owasp.org/index.php/Summit_2011_Attendee (even better, read their bio here).

Also take a look at the planned tracks to see the wide range of topics that were on the agenda. For what actually ended up as a session, see the Fixed Schedule and the Dynamic Schedule

Just about everybody that went to the Summit really worked hard, and we showed that OWASP is the only organisation in the world that is able to put in the same place (working together) individuals that are from different companies, races, religions and politics.

THAT is spectacularly unique.

One of my favourite comments about the Summit was: 'Hey! This is just like the UN, but actually working!'

For example the crowd that John was able to assemble in the browser track had never meet before! (and some of them had even wrote a book together before). Also, they are not you typical OWASP crowd (ie we were reaching out)

Yes (on next summits) we need to be more focused on the deliverables, handle better the post-summit activities and bring (even more) developers/architects/business-reps/'non typical Owasp Contributor'. That said, if you haven't already please go and read now the Summit Outcomes and Final Report (if you looking for an area of OWASP to be involved, there are lots of opportunities still left in those outcomes)

BUT!!!! let's not confuse the problems with the failed Summit 2013 attempt with the need for Owasp to have more Summits.

I was publicly very critical of the Summit 2013 (namely when I stated that 'I want to vote for a Summit Team+Vision, NOT for a venue'), but that doesn't mean that we should abandon the Summit activities.

Summits should be key to OWASP's DNA since that is where we should regularly meet to work hard, collaborate, present recent developments and create action plans.

Inside that last post I presented a really interesting concept of what a 'Summit Proposal' should look like.

That is how (in my view) successful Summits are set-up and executed (that is what I tried to do the last two Summits), so please let's make another summit happen :)