1. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org OWASP Global Conferences Committee Dave Wichers dave.wichers@owasp.org dave.wichers@owasp.org Mark Bristow mark.bristow@owasp.org mark.bristow@owasp.org Kate Hartmann kate.hartmann@owasp.org kate.hartmann@owasp.org Wayne Huang wayne.huang@owasp.org wayne.huang@owasp.org Dhruv Soi dhruv.soi@owasp.org November 11, 2009

2. OWASP Conferences: Mission and Purpose  Why host an event?  Make web application security visible  Expand contacts in region  Raise awareness in region  “We can’t hack ourselves secure” Jeff Williams  OWASP events are levels above other hacker conferences  Attendees gain understanding of remediation, not just threats 2

3. OWASP 3 Definition of events:  OWASP AppSec Conference  These conferences are the flagship of the OWASP outreach effort. This will be an international conference sponsored by OWASP and approved by the Global Conferences Committee. AppSec Conferences include multiple days of multi-track plenary sessions in addition to pre-conference training offerings. AppSec Conferences, schedules, and trainings must be approved by the OWASP Global Conference Committee and will receive the full support of the OWASP Foundation. In any calendar year, there will be no more than 4 AppSec Conferences of this size. Locations will be determined the prior year and planning must begin at a minimum of 12 months in advance.  OWASP Regional Conference  Regional conferences typically have lower attendance than AppSec conferences and typically include multiple days of single track plenary sessions. Training may or may not be offered at the descression of the regional conference planning team. Regional conferences are not subject to the same rigor as AppSec conferences in terms of planning and only require the local planning team deconflict scheduling with the Global Conferences Committee. Regional teams are free to brand their conference as they wish, as long as the OWASP affiliation is maintained. OWASP Foundation support may be available for large expenses at the discression of the Global Conference Committee.  OWASP Events  Events are typically single day or "OWASP Day" type events that are generally local in nature. Events typically have only one track and span anywhere from a half to a full day. Planning for these events are at the sole discression of the event team and may be branded in any manner so long as the OWASP affiliation is maintained. In general, significant OWASP Foundation support will not be available for these events.

4. OWASP Conference Planning – How to Host a Conference http://www.owasp.org/index.php/How_to_Host_a_Confere nce http://www.owasp.org/index.php/How_to_Host_a_Confere nce  Budget worksheet - NEW  Venue  Registration  CFP and CFT templates - NEW  Promotion  Catering  Social events  Sponsorship Documents - NEW  Speaker Agreements  Trainer Agreements - NEW  AV  And on and on and on and on 4

5. OWASP Funding and Finance  To facilitate the funding of up front costs and to protect the conference organizers conferences and events’ finances need to be run through the foundation.  Conferences and events are primary source of funding for the Foundation  AppSec events require a year to plan 5

6. OWASP Funding and finance (cont.)  Events: local, regional, and global, should be executing a profit sharing model with the foundation. A 70/30 split (negotiable based on expenditure mapping by the local chapter) should be the norm. This will encourage local chapters to prepare budgets to the Foundation to justify future spending.  ALL local events should be run through the foundation. This would include registrations, accounting, contracts, etc. 6

7. OWASP Looking Forward  Relationships with other organizations  CoSponsorship  2010 Call For Conferences  Sponsorship/membership packages for corp.  Be a part of the solution – volunteer for the Conferences Committee! 7