Sunday 8 February 2015

On the current OWASP Project Summit efforts (in Feb 2015)

It's really hard to create an OWASP Project Summit with the current model (with little funding, with no dedicated team, attached to a conference, etc..)

The formula that worked in the past was to start with a set budget (lets say 50k to 100k) and :
  • use those funds to make sure the key players (in this case project leaders and 'new players') are going to attend (by offering to cover all travel and accommodation expenses (while asking them if they can get their employee to pay instead))
  • hire a dedicated summit team (for that period)
  • secure dedicated venue and summit resources
  • generate a huge amount of energy about the summit sessions (starting by inventing all sorts of sessions, until the real sessions become solid) 
  • cast a very wide net of 'invitations to attend the summit' (with the vision that 'the summit is THE place to be, where all the key players will be in the same location, and  where REAL work can be done')
The hard part is making people 'believe' in the Summit. The objective is for our leaders (and attendees) to create the sessions that THEY want to attend (on top of the infrastructure provided by the Summit). By definition those sessions will be interested to others, and eventually a virtuous cycle will start to occur.

Back to the Project Summit, the interesting question is: should OWASP invest 50k or 100k on its projects? 

I think the answer is YES since Owasp's projects are critical part of OWASP (which deserves solid investment)

Here are some of my blog posts about my views on OWASP Summits and OWASP Projects