[GPC] Fwd: Funding and or Resource Donation

Jason Li jason.li at owasp.org
Thu Apr 14 18:20:27 EDT 2011


It would certainly be a good problem to have.

The ability of anyone to donate towards an OWASP project is at least as old
as donating towards a specific OWASP chapter. If I recall correctly, when
the original membership fee foundation/chapter split was proposed, there was
also the ability to allocate towards a specific project instead of a
chapter. I doubt this has been promoted heavily as project leaders don't
have the same captive audience that chapter leaders have in soliciting
donations. In fact, if I recall the OSFT numbers correctly, only two
projects had any budget from membership fees.

The lack of consistency across OWASP project pages means that a "donate"
button does not always appear - though this is something we want to change
once we get the project hosting service setup. That will allow us to have
some forced consistency across projects where we can put infrastructure
things like "Donate to this project".

In terms of funding a non-existing initiative ("I want OWASP to build me a
JSF-based XSS filter"), that's a fair goal. We have done this to a limited
extent with past Season of Codes where a company will provide funding for a
specific project idea to be created. I believe SPI dynamics did so for
SiteGenerator back during the 2007 SoC (
https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007#SpoC_007_Budget)?

We could certainly create a model where OWASP just acts as a matchmaker -
company comes to us with a project idea and money, and we find an OWASP
community member that will take up the process.

-Jason

On Thu, Apr 14, 2011 at 1:36 PM, Tom Brennan <tomb at owasp.org> wrote:

> So I have 50k and want donate that to the OWASP volunteer cloud to build a
> security XYZ
>
> Now what?
>
> Had this raised last night in NYC meeting.  Thoughts?
>
> We answer that at the GPC and we will solve this thread too
>
> Sent from a mobile device
>
> On Apr 14, 2011, at 12:57 PM, Jason Li <jason.li at owasp.org> wrote:
>
> All,
>
> What kind of support exactly are we talking about?
>
> The Board made a very deliberate decision back in 2009, one that I did not
> initially support but now actually agree with, that OWASP should *not* be in
> the business of paying project leaders to work on projects (as we have in
> previous Seasons of Code). The reasons for this are many and *I don't want
> this email thread to be derailed in a philosophical debate on the merits of
> such a strategy*.
>
> I'd rather focus on what we *can* do.
>
> The direction of project funding is to provide support for projects to be
> better exposed, promoted and received. To that end, we can certainly send
> out messages to the OWASP community and highlight the project through all
> our normal means (Podcast, Newsletter, etc) to gain help it gain some
> visibility (which in turn may generate some interest). Long term, we're
> working out plans to have resources available for graphic design and
> technical writing review, but we do not yet have rules of engagement for
> such resources (let alone the actual human resources identified to provide
> those services). We're also working on getting a limited number of
> conference speaking slots reserved for OWASP project leaders to highlight
> their projects, but this effort is still underway (we are currently
> targeting AppSecUSA 2011).
>
> If there's something specific that you guys have in mind to support the
> project along similar lines of project support, we can review the request.
>
> -Jason
> OWASP Global Projects Committee Chair
>
> On Thu, Apr 14, 2011 at 12:12 PM, Kate Hartmann <<kate.hartmann at owasp.org>
> kate.hartmann at owasp.org> wrote:
>
>> Ask.
>>
>> How much, what for?  I've copied Jason, chair for the GPC, on this since
>> project budgets would fall under his committee's jurisdiction.
>>
>> Kate Hartmann
>> Operations Director
>> 301-275-9403
>>  <http://www.owasp.org>www.owasp.org
>> Skype:  Kate.hartmann1
>>
>>
>> -----Original Message-----
>> From: Jim Manico [mailto: <jim.manico at owasp.org>jim.manico at owasp.org]
>> Sent: Thursday, April 14, 2011 11:28 AM
>> To: Eric Sheridan; Kate Hartmann
>> Subject: Re: Fwd: Funding and or Resource Donation
>>
>> Kate,
>>
>> What can we do to get a little funding for the CSRFGuard project?
>>
>> Aloha,
>> Jim
>>
>>
>> > Jim,
>> >
>> > Can you help me obtain some funding (time/money/commits) from OWASP?
>> > Just enough so the project doesn't fall apart. All of my free time is
>> > going towards this other awesome project and CSRFGuard is suffering.
>> >
>> > -Eric
>> >
>> > -------- Original Message --------
>> > Subject: Funding and or Resource Donation
>> > Date: Thu, 14 Apr 2011 10:38:36 -0400
>> > From: Eric Sheridan < <eric.sheridan at owasp.org>eric.sheridan at owasp.org>
>> > To: <owasp-csrfguard at lists.owasp.org>owasp-csrfguard at lists.owasp.org
>> >
>> > List,
>> >
>> > CSRFGuard adoption is steadily increasing and I'm finding myself
>> > falling behind in terms of support. Many of you have identified valid
>> > bugs or valid features that need addressing in CSRFGuard.
>> > Unfortunately, I'm very low in "free time" these days and very much
>> > need support. Support can be in the form of funding
>> > ( <http://ericsheridan.blogspot.com/>http://ericsheridan.blogspot.com/,
>> see 'Donate' button in lower right
>> > hand side) or in the form of code contributions/support. If you are
>> > interested in donating to the project, whether it be in time or in
>> dollars, please let me know!
>> >
>> > A couple of problems that CSRFGuard faces today:
>> >
>> > - incomplete multi-part file upload support
>> > - dynamic javascript needs more testing/evaluation in internet
>> > explorer
>> > - javascript should inject tokens into dynamically created html
>> >       -> i.e. hook calls such as 'createElement'
>> > - general bugs that users have identified.
>> >
>> > -Eric
>>
>>
>>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110414/72053c9e/attachment-0001.html 


More information about the Global-projects-committee mailing list