[Esapi-user] OT: Questions/Comments on "OWASP Connector" and "Marketing Collateral"

Michael Coates michael.coates at owasp.org
Fri Aug 2 17:07:20 UTC 2013


Here is a link for the connector -

The section you're referring to "Marketing Collateral:  Seeking Community
Input" is specifically looking for community feedback to identify positive
items, areas of concern and also items that just need more clarification.

Since we're reaching out to an audience of thousands a standardized input
was generated so all the community feedback could be considered. The
feedback system is google moderator. This allows you to both click a box to
express support for or against the idea and also has a comment area. This
is all transparent and allows others to read, consider and support or
respond to your comments too.

Would you be amenable to providing your feedback there so we can ensure it
is captured along with others?


Michael Coates | OWASP | @_mwc

On Fri, Aug 2, 2013 at 1:12 AM, Jeffrey Walton <noloader at gmail.com> wrote:

> Hi All,
> I have a few off-topic questions and comments since there does not
> appear to be a "OWASP Members" mailing list that members can post to.
> I don't want to submit it through the "Feedback Link" for the
> Marketing Collateral project page because it appears to lack
> transparency. I'm also including our board and other thought leaders.
> The August 1 OWASP Connector had a subtitle on "Marketing Collateral".
> I can't provide a link to the Connector because none is offered in the
> emailing and there is no OWASP Connector mailing list (some are
> located in OWASP Summit 2013). Apparently, the recipients of OWASP
> Connector are auto-generated from OWASP mailing list memberships.
> The "Marketing Collateral" is described as "... a marketing project we
> have been working on with Sisterworks and Design Foundry...", and
> provides a link to
> https://www.owasp.org/index.php/Marketing/Community_Input. The wiki
> page provides a link to a presentation at
> https://www.owasp.org/images/7/7c/OWASP_Background-Research_Phase1_Final_(1).pdf
> .
> There is a set of recommendations available at
> https://www.owasp.org/images/c/c5/OWASP_Recommendations-Presentation2-April24.pdf
> .
> The Background Research PDF states:
>     The Open Web Application Security Project (OWASP) can be
>     positioned for increased membership and organizational growth
>     per the background research (phase 1) conducted by SisterWorks
>     Publishing, LLC, (Sworks).
>     ...
>     Project GOALS
>     1. Educate members about the value of open, security related resources
>     2. Engage new audiences to drive membership growth and retention
>     3. Encourage global collaboration and marketing synergy across the
>         OWASP community
> (1) What problem is trying to be solved?
>   - Do OWASP members really need to be the focus of the education efforts?
>   - Is the organization in the budgetary red?
>     * Form 990 and friends are not easy to locate. The last year available
> on
>       owasp.org appears to be from 2011.
>   - Is membership on the decline?
>   - What other problems exist?
> (2) Where is the growth expected to take the organization
>   - More chapters?
>   - More projects?
> (3) Is growth needed at this point?
>   - The chapters I attend have experienced orthogonal results. They
>     are growing faster than they can accommodate new members.
>   - Should more projects be added just to grow the pool?
> (4) Can the growth be accommodated at the chapter level?
>   - The NoVA chapter had to turn away members for the June meeting
>     covering "Security Automation at Twitter"
>     * The AV equipment did not work, so the recorded session was lost, too.
>   - The MD chapter is being resurrected, and they barely have money for
>      refreshments.
> (5) What growth will occur at the national level?
>   - What precisely is expected?
>   - Is "growth" a guise for "increased revenue" for selected organizational
>     members?
> (6) What is being planned to better support the chapters during growth?
>   - I've been trying to make an out-of-cycle chapter donation to MD and
>     NoVA chapters since last year, and I am absolutely befuddled at the
>     complexity (it damn near required a conference call with Kate or
> Jessica
>     to figure out the steps)
>     * Its noteworthy that the "donate" to OWASP proper (and not a chapter)
>       is easy as one would expect.
>   - Why are chapters purchasing their own Meetup memberships
>   - The wiki template for chapter is broken
>     * The "Paypal Donate" button leads to the broken donation (after
>       nearly 10 steps and a number of emails explaining the process)
>     * Both MD and NoVA appear to need more from the template, but no
>        one has studied or addressed the gaps
>   - The presentation did not mention the broken Paypal and Event
>     donations
>   - The presentation did not mention the lost conversions on
>     donations
> (7) What is being planned to better support projects during growth?
>   - Last month (July 16), the OWASP Connector listed projects with broken
>     home pages and no deliverables.
>     *
> https://www.owasp.org/index.php/OWASP_Windows_Binary_Executable_Files_Security_Checks_Project
>     *
> https://www.owasp.org/index.php/OWASP_Wordpress_Security_Checklist_Project
>   - This month (August 1) OWASP Connector has another broken project
> and homepage
>     * https://www.owasp.org/index.php/OWASP_Security_Principles_Project
>   - What's the point of highlighting broken projects with broken home
> pages?
>   - Where is the support (for example, documents and technical writers)
>     to help produce quality deliverables?
> (8) What is being planned for infrastructure during growth?
>   - Are there plans for a web site design update?
>     * Will it be limited to SEO enhancements?
>   - As I understand it, OWASP uses Barracuda for spam filtering
>     * It bounces legitimate legitimate messages when under load (for
>       example, the replies to an OWASP connector mailing). Put another
>      way, it DoS's itself.
>     * This company is known to plant backdoors in their products. They
>        don't even follow OWASP's guidance.
>     * Why is OWASP business being conducted in Barracuda's cloud?
>     * Legitimate emails are not approved when flagged by the system (I've
> sent
>       them personally)
>   - Why is Meetup related fodder (the servers and data) being housed at
> Meetup?
>     Why are they not local where the data can be controlled?
>   - Are there any plans to fix the broken Event system?
> (9) Website
>   - Some of the technical material in the wiki needs updating. What plans
> are
>     there to ensure up to date information?
>     * Bring in more folks to stale and out of date information appears to
>       present a large opportunity for improvement.
>   - A previous suggestion to highlight pages for possible updates via the
>     Connector was not acted upon
> (9) The organization lacks an identity
>   - I'd expect a marketing campaign to address identity and scope
>   - Is OWASP still limited to web apps and services?
>     * It appear so from https://www.owasp.org/index.php/About_OWASP:
> "About
>       The Open Web Application Security Project"
>     * It appear so from the presentation, which only recognizes the
> professional in
>       the "web application security field"
>   - Is it broader, like C and C++? I seem to recall Jack Mannino
> telling us it was
>     broader, and a mild name change was proposed or going to occur
> (10) Social Media
>   - I understand many folks want to thei 5 minutes of fame by press
> releasing
>     through the social networking experiments, but can't we give it a
> break?
>     * If you don't want your information grepped, fondled, aggregated,
>      shared, abused, or mishandled, then you don't provide it in the first
> place
>     * Don't force it upon others who want no part of it.
>     * Mailing lists are semi-anonymous and provide archives (unlike social
>       media sites, which want to hold the data close to their chest)
>   - Will each chapter have to purchase their Hootsuite Pro membership?
> (
> https://www.owasp.org/images/4/48/OWASP-SEO-Content-Audit-Final-6-7-2013.pdf
> )
>   - I'm appalled the organization is considering spending money on cheap
>     SEO tricks. Quality of content will ensure every search engine returns
> an
>     OWASP page for free.
>   - I'm damn near appalled the organization is considering spending money
>     on junk emails. That's just what my inbox needs. I hope OWASP manages
>     these proposed junk mailing better than the OWASP Connector list (read
>     the notice/disclaimer at the bottom).
>   - I can't express what I think about swapping links with "partners" to
> improve
>     exposure and search results. I'm sure the standard disclaimers apply:
> we're
>     swapping links for exposure and revenue but we don't endorse our
> partner
>     or its products. Quality of content will ensure every search
> engine returns an
>     OWASP page without partnerships.
>   - I hope the organization does not start selling ad space on its web
> pages.
>     Its bad enough we are subjected to tracking with companies like ADZERK.
>   - Will the optimizations ensure those looking for services get
> introduced to
>     an OWASP member providing the service?
>   - WIll the introductions be limited to select OWASP members, or can any
>     member of OWASP use this for advertising and marketing at OWASP's
>     expense?
> (12) Priorities
>   - Should this even be a priority with capitol expenditures?
>     * Looping back to (1), what problem is it solving?
>   - http://dilbert.com/strips/comic/2008-10-05/
> Finally, the new graphics look great.
> Jeffrey Walton
> Baltimore, MD, US
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130802/630599cb/attachment-0001.html>

More information about the Esapi-user mailing list