[Global_chapter_committee] [Global_membership_committee] FW: OWASP and JPMC

Matthew Chalmers matthew.chalmers at owasp.org
Thu Dec 2 14:32:51 EST 2010


I may not have all the background info just from the below thread, but I
don't understand how this has been construed as "a way to bring into OWASP
15,000 developers." How is it they will be excluded if either we don't give
JPMC a deal or JPMC doesn't pay for their membership? OWASP is open and any
of those 15,000 developers can participate now--and some probably are. Is
JPMC agreeing to make some participation compulsory for them? If so is that
what we really want?

The costs and benefits of organizational and individual supporters are
clearly stated at http://www.owasp.org/index.php/Membership. If we change it
for JPMC we should change it for everyone because we are an open
organization and other organizations will become aware if/when we make a
special deal for them or any other organization. As an aside, I encourage
the board members to visit
http://www.cvent.com/EVENTS/Info/Summary.aspx?e=c6554982-632d-4218-8c77-636ee772baff
and
ensure its information matches the previous link's, otherwise we are
confusing potential members/supporters. Note well that neither page mentions
voting privileges. I did a quick search using the wiki search tool for
'vote' and 'voting' and found nothing obvious that would state or explain
voting privileges.

I also see no advantage to giving all the JPMC developers tee shirts if
they're getting more than perhaps a 10% discount (which would be $45/person,
not $10). A tee shirt is a real cost and not any more free promotion of the
OWASP brand when worn by a JPMC developer than it is when worn by any random
person because 1) it won't be worn to work because they don't dress that
casually and 2) even if it was everyone there who would be driven to our
portal by seeing it already has one. (Polos would be a slightly different
case because they could be worn to work and may remind the other developers
who have them to re-visit the portal, however, the cost would be
significantly higher.)

I think we should reconsider the question, "is it about the money." Unless
the fee schedule is entirely arbitrary having had no thought put into its
meaning at all. Anyone can participate in and benefit from OWASP for free.
Becoming an individual member is a personal choice to help OWASP with money,
whether or not the individual (or organization) helps with time/effort.
Monetary contribution does not guarantee time/effort contribution. So I
question the non-monetary value of an organization purchasing bulk
individual memberships. They should just contribute the requisite amount to
become an organizational supporter, and encourage their developers to
participate in OWASP. If they want to provide tee shirts to their
developers, we can offer to sell them at cost; but they should not all get
membership cards/certificates or any other membership privileges without
paying the full amount, unless we get some committment from them as to
individual and/or corporate participation/promotion/etc. above and beyond
what's expected from an ordinary organizational contribution.

Matt


On Thu, Dec 2, 2010 at 11:51 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> In a separate email sent to Jeff, Pete, and Alison, I indicated that the
> long term benefits of including 15,000 developers far outweighs the up-front
> cost of registration and membership.  So, Is it about the money?  No – it is
> not.
>
>
>
> The membership committee has already discussed the possible “rules of
> engagement” for organizations purchasing bulk memberships.  Voting rights is
> definitely one of the parameters that had come up.
>
>
>
> Are there other circumstances that I’m not aware of?  Probably, considering
> your email.
>
>
>
> My purpose is to find out how to make this a reality and help find a way to
> bring into OWASP 15,000 developers.  Similar requests have surfaced (albeit,
> not on this scale) so I think this is something we need to discuss.
>
>
>
> Local chapters would benefit from the support of the corporate membership
> (40/60) as well as the increase in meeting attendance and outreach.  I don’t
> think there needs to be a financial split on a $10 membership.
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* Tom Brennan [mailto:tomb at owasp.org]
> *Sent:* Thursday, December 02, 2010 12:39 PM
> *To:* Kate Hartmann
> *Cc:* global_membership_committee at lists.owasp.org; OWASP Foundation Board
> List; global_chapter_committee at lists.owasp.org
> *Subject:* Re: [Global_membership_committee] FW: OWASP and JPMC
>
>
>
> Membership has a voting right to elections and direction of OWASP
> Foundation and it a elective item of a individual to self associate with
> OWASP.  YES or NO?
>
> A corporate sponsor $5k can certainly donate more time, more money and more
> resources in support of OWASP mission but should not be allowed to INFLUENCE
> OWASP to reduced membership fees or obtain special perks that break the
> membership model and equality around the world.
>
> I do not feel that there is alignment of JPMC and our principals on this
> one...  membership to owasp is not a regulatory compliance, auditor
> requirement of a developer training program for ABC company at a discounted
> price.  I am VERY close to this as well as other members of OWASP Board so
> we need to measure twice here before cutting once and setting a game
> changing adjustment and I suggest a discussion on this item.
>
> 15,000 people (aka:JMPC developer worldwide) = 750,000 in membership fees
> got it -- if you don't share with the local chapters the agreed 40% of a
> membership fee then your at $450,000 (and breaking the membership current
> model)  snowball effect starts.
>
> Is it about the money - I hope not.
>
> On Thu, Dec 2, 2010 at 12:09 PM, Kate Hartmann <kate.hartmann at owasp.org>
> wrote:
>
> Committee, as previously discussed, we need to define the model that will
> help Pete in this situation as well as others.
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* Peter Dean [mailto:peter.dean at aspectsecurity.com]
> *Sent:* Thursday, December 02, 2010 12:08 PM
> *To:* Kate Hartmann; Jeff Williams
> *Cc:* alison.shrader at owasp.org; peter.dean at owasp.org
> *Subject:* RE: OWASP and JPMC
>
>
>
> All,
>
>
>
> I spoke with JPMC and they are pushing back on the $10 per developer cost.
> There are 15,000 developers and while they do not expect everyone to
> register, he feels it will be close to that number.
>
>
>
> They do want a membership card and t-shirt for all so I’m not sure how we
> can do this at much less than $10,especially if we have to ship materials
> globally.
>
>
>
> A suggestion he made was to increase the corporate sponsor fee to say $10K
> and then charge something like $5 for every individual membership.  Some
> quick math;
>
>
>
> $10,000 + $75,000 ($5 * 15,000) = $85,000
>
>
>
> VS
>
>
>
> $5,000 + $150,000 ($10 * 15,000) = $155,000
>
>
>
> We would need to create a special code for anyone registering as a JPMC
> employee that will show the discount.  Let me know your thoughts.
>
>
>
> Pete
>
>
>
>
>
> *Peter Dean*  Sr. Account Executive
>
> (973) 668-5595 (office)  | (201) 960-8265 (cell)
>
> [image: Description: Description: cid:image001.png at 01CB5FCF.EDF29C40]
>
>
>
>
>
> *From:* Kate Hartmann [mailto:kate.hartmann at owasp.org]
> *Sent:* Tuesday, November 02, 2010 11:01 AM
> *To:* Jeff Williams; Peter Dean
> *Cc:* alison.shrader at owasp.org; peter.dean at owasp.org
> *Subject:* RE: OWASP and JPMC
>
>
>
> I am copying Dan Cornell and Michael Coats on this idea as well.  One of
> the items the Membership committee has frequently discussed is including
> individual membership with corporate membership.
>
>
>
> The main concern would really be the opportunity for companies to “stack a
> vote” should one arise since membership is the main criteria for voting
> rights.   I am all for giving individuals who are part of a corporate
> supporter the “benefits” of membership, however, I would want to make sure
> that the voting privelages are limited to paying individual members or the
> “honorary” members.
>
>
>
> This leads down an administrative path since we would need to differentiate
> among all the different types.
>
>
>
> So, in short, I’m for it and yes, it would work.  I would not give them any
> “swag” but provide the company ways to help us recognize individual members.
>
>
>
> Administrative challenges will be worked out.
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* Jeff Williams [mailto:jeff.williams at aspectsecurity.com]
> *Sent:* Tuesday, November 02, 2010 10:40 AM
> *To:* Peter Dean
> *Cc:* Kate Hartmann; alison.shrader at owasp.org; peter.dean at owasp.org
> *Subject:* Re: OWASP and JPMC
>
>
>
> Kate/Allison, is this going to work?  We need to respond.  It wouldn't have
> to bs the whole normal starter kit.  ID Card and sticker would be a minimum.
>
> --Jeff
>
>
>
> Jeff Williams
>
> Aspect Security
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>
>
>
>
>
> On Nov 2, 2010, at 10:26 AM, "Peter Dean" <peter.dean at aspectsecurity.com>
> wrote:
>
> Can I offer JMPC the $10 per developer offer?
>
>
>
> Pete
>
>
>
>
>
> *Peter Dean*  Sr. Account Executive
>
> (973) 668-5595 (office)  | (201) 960-8265 (cell)
>
> <image001.png>
>
>
>
>
>
> *From:* Jeff Williams
> *Sent:* Monday, October 25, 2010 2:45 PM
> *To:* Peter Dean; Kate Hartmann; 'alison.shrader at owasp.org'
> *Subject:* RE: OWASP and JPMC
>
>
>
> I think we’re talking about 10-15,000 developers total.  We might be able
> to give them a more cost-effective membership package too.  There are no
> constraints on what we offer here, but what could we do for $5-7 per
> developer (final cost to us including any labor/shipping/etc…) and then we
> charge them $10?
>
>
>
> --Jeff
>
>
>
>
>
> *From:* Peter Dean
> *Sent:* Monday, October 25, 2010 2:39 PM
> *To:* Kate Hartmann (kate.hartmann at owasp.org); alison.shrader at owasp.org
> *Cc:* Jeff Williams
> *Subject:* OWASP and JPMC
>
>
>
> Kate and Alison,
>
>
>
> JP Morgan Chase is interested in OWASP sponsorship from both a corporate
> and individual perspective.  The corporate sponsorship is easy but we need
> to discuss the individual sponsorships.
>
>
>
> Jim Routh, VP AppSec would like every JPMC developer to become an
> individual member.  While we do not have a final headcount, it is safe to
> say this is somewhere around 75,000 – 100,000 people.  The typical $50 fee
> is not realistic so I was hopeful we can come up with a solution.
>
>
>
> Perhaps we charge just enough to cover the expense of on-boarding them
> (bag, T-shirt, ball, shipping) and add $1 - $2.  Do you have an idea of what
> our cost would be?  I’m sure this will need OWASP Board approval but they
> are anxious to get started so let me know your thoughts.
>
>
>
> Pete
>
>
>
>
>
> *Peter Dean*  Sr. Account Executive
>
> (973) 668-5595 (office)  | (201) 960-8265 (cell)
>
> peter.dean at aspectsecurity.com
>
> <image001.png>
>
>           Need information on Application Security?  Check out *OWASP.ORG*
>
>
>
>
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>
>
>
>
> --
> Tom Brennan | OWASP Foundation
> Global Board of Directors
> Direct: 973-202-0122
> Fax: 973-506-1517
> Url: http://www.owasp.org
>
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101202/0a259055/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 5712 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101202/0a259055/attachment-0001.png 


More information about the Global_chapter_committee mailing list