[Esapi-user] OT: Questions/Comments on "OWASP Connector" and "Marketing Collateral"

Sarah Baso sarah.baso at owasp.org
Fri Aug 2 17:11:46 UTC 2013


Thanks Michael and Jeff -
Will review and follow up on this next week.

Sarah


On Fri, Aug 2, 2013 at 10:07 AM, Michael Coates <michael.coates at owasp.org>wrote:

>
>
> Jeff,
>
> Here is a link for the connector -
> http://owasp.blogspot.com/2013/08/owasp-global-connector-august-1-2013.html
>
> The section you're referring to "Marketing Collateral:  Seeking Community
> Input" is specifically looking for community feedback to identify positive
> items, areas of concern and also items that just need more clarification.
>
> Since we're reaching out to an audience of thousands a standardized input
> was generated so all the community feedback could be considered. The
> feedback system is google moderator. This allows you to both click a box to
> express support for or against the idea and also has a comment area. This
> is all transparent and allows others to read, consider and support or
> respond to your comments too.
>
> Would you be amenable to providing your feedback there so we can ensure it
> is captured along with others?
> https://www.owasp.org/index.php/Marketing/Community_Input
> https://www.google.com/moderator/#15/e=20a0d2&t=20a0d2.40
>
>
> Thanks!
> Michael
>
>
>
> --
> Michael Coates | OWASP | @_mwc
>
>
>
> On Fri, Aug 2, 2013 at 1:12 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>
>> Hi All,
>>
>> I have a few off-topic questions and comments since there does not
>> appear to be a "OWASP Members" mailing list that members can post to.
>> I don't want to submit it through the "Feedback Link" for the
>> Marketing Collateral project page because it appears to lack
>> transparency. I'm also including our board and other thought leaders.
>>
>> The August 1 OWASP Connector had a subtitle on "Marketing Collateral".
>> I can't provide a link to the Connector because none is offered in the
>> emailing and there is no OWASP Connector mailing list (some are
>> located in OWASP Summit 2013). Apparently, the recipients of OWASP
>> Connector are auto-generated from OWASP mailing list memberships.
>>
>> The "Marketing Collateral" is described as "... a marketing project we
>> have been working on with Sisterworks and Design Foundry...", and
>> provides a link to
>> https://www.owasp.org/index.php/Marketing/Community_Input. The wiki
>> page provides a link to a presentation at
>>
>> https://www.owasp.org/images/7/7c/OWASP_Background-Research_Phase1_Final_(1).pdf
>> .
>> There is a set of recommendations available at
>>
>> https://www.owasp.org/images/c/c5/OWASP_Recommendations-Presentation2-April24.pdf
>> .
>>
>> The Background Research PDF states:
>>
>>     The Open Web Application Security Project (OWASP) can be
>>     positioned for increased membership and organizational growth
>>     per the background research (phase 1) conducted by SisterWorks
>>     Publishing, LLC, (Sworks).
>>     ...
>>
>>     Project GOALS
>>     1. Educate members about the value of open, security related resources
>>     2. Engage new audiences to drive membership growth and retention
>>     3. Encourage global collaboration and marketing synergy across the
>>         OWASP community
>>
>> (1) What problem is trying to be solved?
>>
>>   - Do OWASP members really need to be the focus of the education efforts?
>>   - Is the organization in the budgetary red?
>>     * Form 990 and friends are not easy to locate. The last year
>> available on
>>       owasp.org appears to be from 2011.
>>   - Is membership on the decline?
>>   - What other problems exist?
>>
>> (2) Where is the growth expected to take the organization
>>
>>   - More chapters?
>>   - More projects?
>>
>> (3) Is growth needed at this point?
>>
>>   - The chapters I attend have experienced orthogonal results. They
>>     are growing faster than they can accommodate new members.
>>   - Should more projects be added just to grow the pool?
>>
>> (4) Can the growth be accommodated at the chapter level?
>>
>>   - The NoVA chapter had to turn away members for the June meeting
>>     covering "Security Automation at Twitter"
>>     * The AV equipment did not work, so the recorded session was lost,
>> too.
>>   - The MD chapter is being resurrected, and they barely have money for
>>      refreshments.
>>
>> (5) What growth will occur at the national level?
>>
>>   - What precisely is expected?
>>   - Is "growth" a guise for "increased revenue" for selected
>> organizational
>>     members?
>>
>> (6) What is being planned to better support the chapters during growth?
>>
>>   - I've been trying to make an out-of-cycle chapter donation to MD and
>>     NoVA chapters since last year, and I am absolutely befuddled at the
>>     complexity (it damn near required a conference call with Kate or
>> Jessica
>>     to figure out the steps)
>>     * Its noteworthy that the "donate" to OWASP proper (and not a chapter)
>>       is easy as one would expect.
>>   - Why are chapters purchasing their own Meetup memberships
>>   - The wiki template for chapter is broken
>>     * The "Paypal Donate" button leads to the broken donation (after
>>       nearly 10 steps and a number of emails explaining the process)
>>     * Both MD and NoVA appear to need more from the template, but no
>>        one has studied or addressed the gaps
>>   - The presentation did not mention the broken Paypal and Event
>>     donations
>>   - The presentation did not mention the lost conversions on
>>     donations
>>
>> (7) What is being planned to better support projects during growth?
>>
>>   - Last month (July 16), the OWASP Connector listed projects with broken
>>     home pages and no deliverables.
>>     *
>> https://www.owasp.org/index.php/OWASP_Windows_Binary_Executable_Files_Security_Checks_Project
>>     *
>> https://www.owasp.org/index.php/OWASP_Wordpress_Security_Checklist_Project
>>   - This month (August 1) OWASP Connector has another broken project
>> and homepage
>>     * https://www.owasp.org/index.php/OWASP_Security_Principles_Project
>>   - What's the point of highlighting broken projects with broken home
>> pages?
>>   - Where is the support (for example, documents and technical writers)
>>     to help produce quality deliverables?
>>
>> (8) What is being planned for infrastructure during growth?
>>
>>   - Are there plans for a web site design update?
>>     * Will it be limited to SEO enhancements?
>>   - As I understand it, OWASP uses Barracuda for spam filtering
>>     * It bounces legitimate legitimate messages when under load (for
>>       example, the replies to an OWASP connector mailing). Put another
>>      way, it DoS's itself.
>>     * This company is known to plant backdoors in their products. They
>>        don't even follow OWASP's guidance.
>>     * Why is OWASP business being conducted in Barracuda's cloud?
>>     * Legitimate emails are not approved when flagged by the system (I've
>> sent
>>       them personally)
>>   - Why is Meetup related fodder (the servers and data) being housed at
>> Meetup?
>>     Why are they not local where the data can be controlled?
>>   - Are there any plans to fix the broken Event system?
>>
>> (9) Website
>>
>>   - Some of the technical material in the wiki needs updating. What plans
>> are
>>     there to ensure up to date information?
>>     * Bring in more folks to stale and out of date information appears to
>>       present a large opportunity for improvement.
>>   - A previous suggestion to highlight pages for possible updates via the
>>     Connector was not acted upon
>>
>> (9) The organization lacks an identity
>>
>>   - I'd expect a marketing campaign to address identity and scope
>>   - Is OWASP still limited to web apps and services?
>>     * It appear so from https://www.owasp.org/index.php/About_OWASP:
>> "About
>>       The Open Web Application Security Project"
>>     * It appear so from the presentation, which only recognizes the
>> professional in
>>       the "web application security field"
>>   - Is it broader, like C and C++? I seem to recall Jack Mannino
>> telling us it was
>>     broader, and a mild name change was proposed or going to occur
>>
>> (10) Social Media
>>
>>   - I understand many folks want to thei 5 minutes of fame by press
>> releasing
>>     through the social networking experiments, but can't we give it a
>> break?
>>     * If you don't want your information grepped, fondled, aggregated,
>>      shared, abused, or mishandled, then you don't provide it in the
>> first place
>>     * Don't force it upon others who want no part of it.
>>     * Mailing lists are semi-anonymous and provide archives (unlike social
>>       media sites, which want to hold the data close to their chest)
>>   - Will each chapter have to purchase their Hootsuite Pro membership?
>>
>> (11) From "SEO & CONTENT AUDIT FOR OWASP MARKETING STRATEGY"
>> (
>> https://www.owasp.org/images/4/48/OWASP-SEO-Content-Audit-Final-6-7-2013.pdf
>> )
>>
>>   - I'm appalled the organization is considering spending money on cheap
>>     SEO tricks. Quality of content will ensure every search engine
>> returns an
>>     OWASP page for free.
>>   - I'm damn near appalled the organization is considering spending money
>>     on junk emails. That's just what my inbox needs. I hope OWASP manages
>>     these proposed junk mailing better than the OWASP Connector list (read
>>     the notice/disclaimer at the bottom).
>>   - I can't express what I think about swapping links with "partners" to
>> improve
>>     exposure and search results. I'm sure the standard disclaimers apply:
>> we're
>>     swapping links for exposure and revenue but we don't endorse our
>> partner
>>     or its products. Quality of content will ensure every search
>> engine returns an
>>     OWASP page without partnerships.
>>   - I hope the organization does not start selling ad space on its web
>> pages.
>>     Its bad enough we are subjected to tracking with companies like
>> ADZERK.
>>
>>   - Will the optimizations ensure those looking for services get
>> introduced to
>>     an OWASP member providing the service?
>>   - WIll the introductions be limited to select OWASP members, or can any
>>     member of OWASP use this for advertising and marketing at OWASP's
>>     expense?
>>
>> (12) Priorities
>>
>>   - Should this even be a priority with capitol expenditures?
>>     * Looping back to (1), what problem is it solving?
>>   - http://dilbert.com/strips/comic/2008-10-05/
>>
>> Finally, the new graphics look great.
>>
>> Jeffrey Walton
>> Baltimore, MD, US
>>
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130802/ce3d4d4a/attachment.html>


More information about the Esapi-user mailing list