Chapter Leader Meeting AppSec Europe 2007

Chapter Leader Meeting AppSec Europe 2007
Meeting Minutes Chapter Leader Meeting AppSec Europe 2007 Date 16-May-2007, 18h00-19h00 CET Organized by Dinis & Sebastien Present: Boris Hemkemeier (Germany) Mikko Saario (Helsinki) Kare Presttun & Harald Oygard (Norway - to be started) Sven Vetsch (Switzerland) Matteo Meucci (Italy) Ofer Shezaf (Israel) Lieven Desmet & Sebastien Deleersnyder (Belux) Dinis Cruz (London)

Minutes
There was the question of setting op a chapter contact list? I.e. possibly including more than e-mails.

Harald had the question on what to start the chapter with: Norway or Oslo. There are not really guidelines for this: it depends on the local (geographical) situation and chapter radius ambitions.

Then there was the topic: "Can we collect all our successful experiences with local organization such as ISACA, ISSA, etc, and try to duplicate these experiences on other Chapters?" Local contacts with ISSA/ISACA or regional security organisations are of course encouraged to have a broader communication reach.

It is important to repeat the official policy on OWASP brand protection and to guard the OWASP 'open' community preventing commercial take-overs. It is e.g. important to prevent and/or expose local abuse of OWASP domain name hijacking and to protect the OWASP trademark.

Likewise we should continously generate interest, present OWASP success case studies (like: not directly paid: but being recognized as local authority on the subject, etc...)and repeat message to increase local involvement / blogs entries ...

To support chapters the following stuff is needed:
 * Have marketing material: e.g. high-res logo, stuff (posters / flyers) to put on conference boots. Top10 Book.
 * Content: Have financial support for 'flying OWASP presenters' to do OWASP related topics at other chapters / mini-conferences
 * A mentoring program by experienced chaper leaders for new chapters to aid in the first phases of starting it up and growing the chapter.

There is the idea to test out to organize regular miniconferences at the European level to support local chapers. It is agreed to try this out in September with pure OWASP topics (possibly 2 tracks: Newbies and technical/experience sharing). This could be done at a university with some local sponsorship.

It is a good idea to have a local debriefing of the EU conference: a slide-deck compilation can be created and it would be nice to support this with maybe one speaker (with support of the 'flying OWASP presenters' idea: we need a better name for this).

It would be nice to have chapter leader doing a debriefing (summary: what went well, what needs improvement) on chapter meetings through a dedicated chapter leader mailing list, besides the online meeting minutes. Preferably this is separated from the project leaders mailing list?

A list of inactive chapters (i.e. no sign of activity during 6 months) should be made available so that interested people can jump in and kick some life into it.

How do we finances local chapters? A list should be compiled of what OWASP could pay for centrally if the need occurs: Policy and procedures to be set up for this.
 * Catering
 * Liability insurance - normally to be covered by the premise host sponsor!
 * PR
 * Marketing material

Actions
1) Set up Chapter Leaders Contact / Mailing list. (Seba) 2) Ask Jeff to have a policy / follow-up on (local) OWASP trademark and DNS protection. (Seba) 3) Put focus on the chapter resources by turning it into an OWASP project (Seba) 4) Start up the first OWASP mini-conference in September (Matteo - with support of the other European chapter leaders) 5) EU Conference slide-deck compilation for local chapter debriefing (anybody?) 6) Set up policies, procedures and list of local finance support (board)

These rough notes have been entered by Seba