Monday, April 30, 2018

Over the weekend, I received several inquiries regarding AppSec EU 2018 and AppSec USA which got me thinking about what do we (OWASP) need to do to ensure that the these two very special and focused conferences are a huge success.

Naturally, I thought about the basic elements of execution, logistics, the cities,  London and San Jose, the networking events, and the food.  I reviewed the training program and the conferences to understand more about the the event.  But at the end I came back to the same and most powerful component of the any and all OWASP events and conferences...and It's You! 

The OWASP foundation is built on a strong a community of committed and dedicated web security specialists who are diligent about what they do and how they do it.  These conferences are your conferences.  The very essence of the conferences is based on you the attendee.  Sharing your experiences during training sessions, speaking and talking about best practices and new trends in application and internet security, talking through ideas during coffee breaks and the lunch, spending time talking about the OWASP projects, and attending the Chapter leaders meeting;  all of these events will only truly be successful if you come to the conference.  

These are your conferences and training sessions, if you are there to contribute as a trainer or a student, as a speaker at a conference session or a conference attendee then AppSec EU 2018 and AppSec USA 2018 will be a success.
These Conferences are the ultimate meeting /gathering place for the application security professional.  

Join OWASP and register now for AppSec EU2018.  Submit your CFP or CFT for AppSec USA 2018.    Come to the conferences, create the experience - we want to see you there!  Make it the best AppSec Experience by being there!

Friday, April 27, 2018

AppSec EU 2018

OWASP is the premier foundation for Application Security.  The community of volunteers and colleagues working to protect and defend is vast and extremely dedicated.  The AppSec EU 2018 Training and Conference in London, England from 2-6 July 2018 is the premier gathering place for this devoted and passionate community to teach and share their experiences through the vast AppSec EU 2018 training program.  

The training program is developed through an open submission process and the training classes are selected through a committee of their peers. The program for this year's training at AppSec EU 2018 is exceptional with diverse opportunities for brilliant training in a wonderful location - London.  Join OWASP and join the application security community at AppSec EU 2018, register to take a class; you can choose from one day to three days of training!  

Take a look at the schedule on the AppSec EU 2018 website and select a course and register for the training.  The benefits of training are unlimited, expand your knowledge. 

This is a great opportunity for the community to come together; educate each other and share experiences in Application Security learning.  The experience improves as more community and colleagues gather.

We look forward to seeing you in London!

The OWASP Foundation Team!

Monday, April 16, 2018

AppSec-Eu 2018 - communication to the community

Dear OWASP community,

The OWASP Foundation board of directors has come to the understanding that previous information that was shared about the move of OWASP AppSec-Eu from Tel Aviv to London has not been received as being open and transparent enough.

As  mentioned in previous communications, we do recognize the communication has not been optimal and we are working hard to improve this. Nevertheless, the community has clearly articulated your desire to have more background information and the reasoning behind the move of the venue.

As we believe truly in the "O" of OWASP, I will hereby share more information about the justification for the move of AppSec-Eu away from Tel Aviv.

As with any foundation, OWASP needs to maintain sound financial health to empower our members and to achieve our mission goals. We do have many expenses and our financials are publicly available.

The OWASP Foundation's financial health does heavily lean on the two major annual conferences: AppSec-Eu and AppSec-US. In 2017, both conferences failed on meet financial goals, the first ending up negative and the latter making much less than expected. This was not due to any person or group, but was just a fact of what happened. The teams that put on these conferences did a fantastic job.

With this background, our new Executive Director did look into the proceedings of the upcoming global conference, AppSec-Eu, in Tel Aviv. Her analysis revealed several risk factors with this location that were cause for concern that the conference could have difficulties generating the required profit. This, on top of the the problems the Foundation experienced in 2017, discussed above, would put OWASP at too much financial risk.

Some factors that lead to the decision to move were:
  • The Israel chapter was planning to continue with its annual and very successful free AppSec-Il conference, potentially competing with AppSec EU.
  • The budget planning was estimating that 80% of the attendees to come from outside of Israel, in contrast to previous conferences, which  roughly 50% of the attendees where from the local community. We would lose the grass roots attendees.
  • Some global OWASP sponsors indicated an unwillingness to sponsor a conference in Israel, citing a poor ROI of sponsoring in that area.
  • There have been many discussions with the Israel chapter about the above issues. Their responses indicated that they did not have the statistics that would counter any of the above risks, as they have never organized a paid conference in Israel.
  • Some of the above is based on assumptions, as always when you are trying to predict the future.
  • Some points might have been negotiable, but seen the time-frame we just did not have the time
With the above considerations, and the financial problems with OWASP now, our ED felt that the only responsible course of action to guarantee the financial health of OWASP was to move the conference.

We hope that everyone understands the reasoning behind this difficult decision. We extend, once again, our sincere thanks to the Israel community for their efforts to date, but also our apologies, and hope of a future event in Israel. We also again apologize for not explaining all of this earlier. It would most certainly have avoided some of the frustration and disappointment that some community members have experienced.

On behalf of the OWASP Board of directors,
  Martin Knobloch
OWASP Chairman of the BOD

Board Statement about the AppSec-EU 2018 and related events

[From the OWASP Connector, Wednesday Feburary 14th 2018]

Dear OWASP community,
As there have been quite a number of changes over the last number of months, the Global OWASP Foundation has faced a number of challenges. As you may be aware, three of our staff members have left the foundation, leaving a big gap in our day to day operations. This is not an excuse, but a reason why some processes both slowing down or even came to a complete halt. We are very happy to have found an Executive Director (ED) in Karen Staley. Since joining, Karen has been working hard to turn these challenges into opportunities and to allow OWASP to increase our organizational maturity and professionalism. I think it’s safe to say that the four newly elected board members and new ED, have had the most memorable start in their new position.

We are all extremely passionate about OWASP and with this passion comes frustrations. Your frustration in relation to the lack of information/ communication is understandable. As most of you were celebrating the Christmas and New Year holidays, the board were blindsided by these events. To this end the newly elected and sitting board members, together with our ED, were busy with the matters at hand. Given the time of year and the nature of the matter at hand, it’s easy to forget to communicate. We understand that the lack of communication on our part can make you assume nothing is happening.
Even though there was no communication with the OWASP community at large, we want to ensure you that we were in constant communications with those involved and are working towards an acceptable path forward.

As per previous mailing list communications, the AppSec-EU 2018 conference will take place in the UK. Operational challenges are currently being resolved and information about the conference venue, location will be available as soon possible.

Volunteers who have been working hard on organizing the AppSec-EU 2018 conference in Tel Aviv and the OWASP Israel chapter especially, felt frustrated with the decision to move the conference and way it had been communicated. Those that have previously organized a global OWASP AppSec conference in the past know how much more complex it is to organize compared to a local event, even if the numbers of attendees are more of less the same. The decision to move the AppSec-EU 2018 conference to the UK has been made. We would like to acknowledge the effort of the organizing team, while realizing the required level of support from the foundation was not achieved.

As OWASP board and staff, we see the huge burden it puts on the local chapter and leading volunteers. The OWASP board and staff recognizes the necessity of providing more professional support to the local chapter and volunteers to justify the expectations of our community and sponsors. With her extensive experience in organizing international conferences, our ED is working hard to do so.

As you are aware, the board members are volunteers too and we do our best to act in the best interest of the OWASP community. OWASP is bigger than individuals or the board, OWASP is a community which is driven by it volunteers and we welcome your input in how we can improve OWASP to further our mission. Please be invited to the OWASP Board meetings, the first meeting of the current board is January 24th.

Many times, those who shout the loudest are perceived in representing the community’s opinion. In the succession of the announcement the AppSec-EU to be moved from Tel Aviv to the UK, and the public statement that has been made articulating the frustrations about this decision, people from inside and outside the OWASP community felt the need to vent their opinions. As we are an open organization, I appreciate how forthcoming our community was.

Nevertheless, in OWASP we have a clear policy of ethics, stating the expected professionalism in communication and respect towards each other. We as a community of professionals are required to set an example to the next generation and should therefore lead by example in respecting these ethics when communicating both privately and in the public domain.

We will endeavor to improve our communications going forward and hope that this has not deterred any of the great OWASP community that have spent a countless number of hours volunteering to improve software security as a whole.

On behalf of the OWASP Board of directors,
   Martin Knobloch
OWASP Chairman of the BOD

Friday, April 6, 2018

Meet OWASP Montreal!

Thursday, April 5, 2018

The OWASP AppSec conferences are planned for July and October 2018.  These conferences are the premier meeting places for the OWASP community and those working in information security.  

As OWASP members and countless volunteers already know; OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. The OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. OWASP advocates approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all these areas.

The core of OWASP's success is the community that works tirelessly ensuring that anyone working in information security has access to the best resources and knowledge in application security.  The best place to learn more, expand understanding and to meet up with the global community and contribute to its goal for improving application security is the AppSec Conferences.   

The conference training and seminars are managed and developed by the community for the community.  Join us in London, from 2-6 July or come to San Jose, CA from 8-12 October to train, learn and have a great conference experience with your colleagues.