Question: What do programmers, security specialists and other IT nerds do on Valentine's Day? Answer: they get together for the CRS Community Summit in Ireland. As in previous years, we used the OWASP Global AppSec Conference, which this year was held in Ireland's capital, as an opportunity to call for our Community Summit on February 14, 2023.
The plan was that two of the three co-leads would be present on site. Unfortunately, Christian Folini was caught out at short notice - the poor sap turned back just before boarding the plane - so Felipe Zipitria had to represent the project lead alone. From the CRS core team, Andrew Howe, Manuel Spartan and Ervin Hegedüs were also on hand, as well as Juan Pablo Tosso and Matteo Pace from Coraza. Unfortunately, compared to past Summits, only a few members from the extended community were in attendance. What that was due to is hard to say. Possibly an after-effect of the COVID-related interruption. Or maybe more IT nerds have a girlfriend than we thought ...
Felipe started the summit with a welcome and gave an update on the status of CRSv4. Then Andrew delivered a tought provoking presentation on how CRS can help integrators with proposed ways of integrating their products, Ervin talked about a new ModSecurity log parser he created for his company, and Juan Pablo and Felipe presented about Coraza as an alternative open source WAF "with a modern approach". The Summit ended officially with a round-up on the 2022 bug bounty program, what it meant for the project and the lessons we learned from doing it. You can watch all community summit talks on our new YouTube channel.
But of course, the real ending for the CRS Community Summit 2023 was done after the official meeting in an Irish pub where until late WAF problems were discussed and other world-saving plans were hatched.
It was great to see at least parts of the community again after the hiatus. Hope to meet all of you at the next summit!