[OWASP-Chapters] Membership plan update

Jeff Williams jeff.williams at aspectsecurity.com
Mon Jun 6 11:37:01 EDT 2005

Hi Ofer,

Thanks for the message.  I will think about how the plan can support very 
small consulting shops better. I like the early-bird and activity discount 
ideas a lot. I think we can investigate chapter fees and include them in the 

MANY organizations DO have problems with open-source licensed software. They 
want to use and customize OWASP materials, but worry that they might be 
violating the open source licenses when they redistribute internally. The 
commercial license is just an option for organizations that 1) have an 
aversion to open-source licenses, 2) need a single license instead of a 
collection of licenses, or 3) want a way to support OWASP but need something 
tangible in return.

Consulting organizations are not being forced to buy a membership and they 
could continue to free-ride on OWASP. But I think they should get a 
membership if they want to use the OWASP Materials in offering their 
services.  Participation in OWASP is a great way to build a reputation in 
the community and grow your consulting business.


----- Original Message ----- 
From: "Ofer Shezaf" <Ofer.Shezaf at breach.com>
To: "Jeff Williams" <jeff.williams at aspectsecurity.com>
Cc: "owasp-chapters" <owasp-chapters at lists.sourceforge.net>; 
<owasp-leaders at lists.sourceforge.net>
Sent: Monday, June 06, 2005 10:06 AM
Subject: RE: [OWASP-Chapters] Membership plan update

Hi Jeff,

As I see myself as one of the sales persons of the product, I have some
questions and issues to raise (sorry for sounding like my sales guys
which always ask for more and more marketing info).

I hope that the feedback will help in fine tuning the product to all

- Pricing:
A bit steep in Israeli terms - might be true also to other regions. Some
specific issues that might prove very beneficial:
1. We are a small country and companies are small. The price list lacks
a "small consulting company" status, which, seconding Ralf, would be
more suitable for most interested parties here.
2. You may consider an "early bird" pricing, to make it worth to join
early, while the risk of the idea not catching is still higher. If our
competitors are in, I'm sure my company will decide to join, otherwise -
it will be tougher.

- Chapters
I think that some thinking should be given to how to address chapters in
this model.

Actually to some extent this model hearts the chapters. The reason is
that for some being active in the chapter "marks" their commitment to
OWASP and now there is an easier way if you are willing to pay. For
example, to some extent, my company sees my leading of the OWASP Israeli
chapter as its contribution to OWASP, and may decide that $15K are
enough and it does not need to support the Israeli chapter further.

Some ideas as to how to include chapters in the model:
+ Chapter fees will make the chapters less dependable on commercial
sponsors. For example, ISSA enables people to pay chapter dues in
addition to their ISSA membership fees and each chapter sets the sum.

+ Discounts for activity. I'm sure that Dinis, Rogan, yourself and few
others should be designated members for life without paying just for
what you already did for OWASP. It would be beneficial if a companies
and individuals get a discount for contributing resources, especially on
the local front.

Other ideas?

- License
After reading the commercial license I don't see the difference from the
open source ones. I'm not a lawyer and I could use some specific
examples of what is not allowed under the open source licenses and would
be allowed under the commercial one. I need such examples for:
1. Why would an organizational member need a non open source license:
after all they don't have a problem with most dual license software
packages such as snort and mysql.
3. Why would a consulting company need the commercial license as it does
not seem to allow distribution of materials outside the organization
(actually seems to be slightly more restrictive than open source).

~ Ofer

Ofer Shezaf
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers at breach.com

> -----Original Message-----
> From: owasp-chapters-admin at lists.sourceforge.net
> admin at lists.sourceforge.net] On Behalf Of Jeff Williams
> Sent: Friday, June 03, 2005 4:34 AM
> To: owasp-chapters; owasp-leaders at lists.sourceforge.net
> Subject: [OWASP-Chapters] Membership plan update
> Folks, here is the updated OWASP membership plan.  This plan offers
> companies the option to become a member and get a single commercial
> license
> to all OWASP materials (among other things).  Anyone can continue to
> OWASP materials under the existing open source licenses.  This
> companies that wish to support OWASP a concrete way to do it that
> them
> some benefit.
> Many thanks to Dinis for his help in coming up with a plan that I
> will ensure that OWASP succeeds while remaining free, open, and
> Please send me your thoughts on the plan.  Raising enough money to
> some full-time staff for OWASP is extremely important to the future of
> organization.
> Thank you all for your continued support.
> --Jeff 

More information about the Owasp-chapters mailing list