[Global_chapter_committee] [Global_membership_committee] FW: OWASP and JPMC

Tin Zaw tin.zaw at owasp.org
Thu Dec 2 16:53:42 EST 2010


I think Matthew has good points. We should stick to the principles.


On Thu, Dec 2, 2010 at 11:32 AM, Matthew Chalmers <
matthew.chalmers at owasp.org> wrote:

> I may not have all the background info just from the below thread, but I
> don't understand how this has been construed as "a way to bring into OWASP
> 15,000 developers." How is it they will be excluded if either we don't give
> JPMC a deal or JPMC doesn't pay for their membership? OWASP is open and any
> of those 15,000 developers can participate now--and some probably are. Is
> JPMC agreeing to make some participation compulsory for them? If so is that
> what we really want?
>
> The costs and benefits of organizational and individual supporters are
> clearly stated at http://www.owasp.org/index.php/Membership. If we change
> it for JPMC we should change it for everyone because we are an open
> organization and other organizations will become aware if/when we make a
> special deal for them or any other organization. As an aside, I encourage
> the board members to visit
> http://www.cvent.com/EVENTS/Info/Summary.aspx?e=c6554982-632d-4218-8c77-636ee772baff and
> ensure its information matches the previous link's, otherwise we are
> confusing potential members/supporters. Note well that neither page mentions
> voting privileges. I did a quick search using the wiki search tool for
> 'vote' and 'voting' and found nothing obvious that would state or explain
> voting privileges.
>
> I also see no advantage to giving all the JPMC developers tee shirts if
> they're getting more than perhaps a 10% discount (which would be $45/person,
> not $10). A tee shirt is a real cost and not any more free promotion of the
> OWASP brand when worn by a JPMC developer than it is when worn by any random
> person because 1) it won't be worn to work because they don't dress that
> casually and 2) even if it was everyone there who would be driven to our
> portal by seeing it already has one. (Polos would be a slightly different
> case because they could be worn to work and may remind the other developers
> who have them to re-visit the portal, however, the cost would be
> significantly higher.)
>
> I think we should reconsider the question, "is it about the money." Unless
> the fee schedule is entirely arbitrary having had no thought put into its
> meaning at all. Anyone can participate in and benefit from OWASP for free.
> Becoming an individual member is a personal choice to help OWASP with money,
> whether or not the individual (or organization) helps with time/effort.
> Monetary contribution does not guarantee time/effort contribution. So I
> question the non-monetary value of an organization purchasing bulk
> individual memberships. They should just contribute the requisite amount to
> become an organizational supporter, and encourage their developers to
> participate in OWASP. If they want to provide tee shirts to their
> developers, we can offer to sell them at cost; but they should not all get
> membership cards/certificates or any other membership privileges without
> paying the full amount, unless we get some committment from them as to
> individual and/or corporate participation/promotion/etc. above and beyond
> what's expected from an ordinary organizational contribution.
>
> Matt
>
>
> On Thu, Dec 2, 2010 at 11:51 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:
>
>> In a separate email sent to Jeff, Pete, and Alison, I indicated that the
>> long term benefits of including 15,000 developers far outweighs the up-front
>> cost of registration and membership.  So, Is it about the money?  No – it is
>> not.
>>
>>
>>
>> The membership committee has already discussed the possible “rules of
>> engagement” for organizations purchasing bulk memberships.  Voting rights is
>> definitely one of the parameters that had come up.
>>
>>
>>
>> Are there other circumstances that I’m not aware of?  Probably,
>> considering your email.
>>
>>
>>
>> My purpose is to find out how to make this a reality and help find a way
>> to bring into OWASP 15,000 developers.  Similar requests have surfaced
>> (albeit, not on this scale) so I think this is something we need to discuss.
>>
>>
>>
>> Local chapters would benefit from the support of the corporate membership
>> (40/60) as well as the increase in meeting attendance and outreach.  I don’t
>> think there needs to be a financial split on a $10 membership.
>>
>>
>>
>> Kate Hartmann
>>
>> Operations Director
>>
>> 301-275-9403
>>
>> www.owasp.org
>>
>> Skype:  Kate.hartmann1
>>
>>
>>
>> *From:* Tom Brennan [mailto:tomb at owasp.org]
>> *Sent:* Thursday, December 02, 2010 12:39 PM
>> *To:* Kate Hartmann
>> *Cc:* global_membership_committee at lists.owasp.org; OWASP Foundation Board
>> List; global_chapter_committee at lists.owasp.org
>> *Subject:* Re: [Global_membership_committee] FW: OWASP and JPMC
>>
>>
>>
>> Membership has a voting right to elections and direction of OWASP
>> Foundation and it a elective item of a individual to self associate with
>> OWASP.  YES or NO?
>>
>> A corporate sponsor $5k can certainly donate more time, more money and
>> more resources in support of OWASP mission but should not be allowed to
>> INFLUENCE OWASP to reduced membership fees or obtain special perks that
>> break the membership model and equality around the world.
>>
>> I do not feel that there is alignment of JPMC and our principals on this
>> one...  membership to owasp is not a regulatory compliance, auditor
>> requirement of a developer training program for ABC company at a discounted
>> price.  I am VERY close to this as well as other members of OWASP Board so
>> we need to measure twice here before cutting once and setting a game
>> changing adjustment and I suggest a discussion on this item.
>>
>> 15,000 people (aka:JMPC developer worldwide) = 750,000 in membership fees
>> got it -- if you don't share with the local chapters the agreed 40% of a
>> membership fee then your at $450,000 (and breaking the membership current
>> model)  snowball effect starts.
>>
>> Is it about the money - I hope not.
>>
>> On Thu, Dec 2, 2010 at 12:09 PM, Kate Hartmann <kate.hartmann at owasp.org>
>> wrote:
>>
>> Committee, as previously discussed, we need to define the model that will
>> help Pete in this situation as well as others.
>>
>>
>>
>> Kate Hartmann
>>
>> Operations Director
>>
>> 301-275-9403
>>
>> www.owasp.org
>>
>> Skype:  Kate.hartmann1
>>
>>
>>
>> *From:* Peter Dean [mailto:peter.dean at aspectsecurity.com]
>> *Sent:* Thursday, December 02, 2010 12:08 PM
>> *To:* Kate Hartmann; Jeff Williams
>> *Cc:* alison.shrader at owasp.org; peter.dean at owasp.org
>> *Subject:* RE: OWASP and JPMC
>>
>>
>>
>> All,
>>
>>
>>
>> I spoke with JPMC and they are pushing back on the $10 per developer
>> cost.  There are 15,000 developers and while they do not expect everyone to
>> register, he feels it will be close to that number.
>>
>>
>>
>> They do want a membership card and t-shirt for all so I’m not sure how we
>> can do this at much less than $10,especially if we have to ship materials
>> globally.
>>
>>
>>
>> A suggestion he made was to increase the corporate sponsor fee to say $10K
>> and then charge something like $5 for every individual membership.  Some
>> quick math;
>>
>>
>>
>> $10,000 + $75,000 ($5 * 15,000) = $85,000
>>
>>
>>
>> VS
>>
>>
>>
>> $5,000 + $150,000 ($10 * 15,000) = $155,000
>>
>>
>>
>> We would need to create a special code for anyone registering as a JPMC
>> employee that will show the discount.  Let me know your thoughts.
>>
>>
>>
>> Pete
>>
>>
>>
>>
>>
>> *Peter Dean*  Sr. Account Executive
>>
>> (973) 668-5595 (office)  | (201) 960-8265 (cell)
>>
>> [image: Description: Description: cid:image001.png at 01CB5FCF.EDF29C40]
>>
>>
>>
>>
>>
>> *From:* Kate Hartmann [mailto:kate.hartmann at owasp.org]
>> *Sent:* Tuesday, November 02, 2010 11:01 AM
>> *To:* Jeff Williams; Peter Dean
>> *Cc:* alison.shrader at owasp.org; peter.dean at owasp.org
>> *Subject:* RE: OWASP and JPMC
>>
>>
>>
>> I am copying Dan Cornell and Michael Coats on this idea as well.  One of
>> the items the Membership committee has frequently discussed is including
>> individual membership with corporate membership.
>>
>>
>>
>> The main concern would really be the opportunity for companies to “stack a
>> vote” should one arise since membership is the main criteria for voting
>> rights.   I am all for giving individuals who are part of a corporate
>> supporter the “benefits” of membership, however, I would want to make sure
>> that the voting privelages are limited to paying individual members or the
>> “honorary” members.
>>
>>
>>
>> This leads down an administrative path since we would need to
>> differentiate among all the different types.
>>
>>
>>
>> So, in short, I’m for it and yes, it would work.  I would not give them
>> any “swag” but provide the company ways to help us recognize individual
>> members.
>>
>>
>>
>> Administrative challenges will be worked out.
>>
>>
>>
>> Kate Hartmann
>>
>> Operations Director
>>
>> 301-275-9403
>>
>> www.owasp.org
>>
>> Skype:  Kate.hartmann1
>>
>>
>>
>> *From:* Jeff Williams [mailto:jeff.williams at aspectsecurity.com]
>> *Sent:* Tuesday, November 02, 2010 10:40 AM
>> *To:* Peter Dean
>> *Cc:* Kate Hartmann; alison.shrader at owasp.org; peter.dean at owasp.org
>> *Subject:* Re: OWASP and JPMC
>>
>>
>>
>> Kate/Allison, is this going to work?  We need to respond.  It wouldn't
>> have to bs the whole normal starter kit.  ID Card and sticker would be a
>> minimum.
>>
>> --Jeff
>>
>>
>>
>> Jeff Williams
>>
>> Aspect Security
>>
>> work: 410-707-1487
>>
>> main: 301-604-4882
>>
>>
>>
>>
>>
>>
>> On Nov 2, 2010, at 10:26 AM, "Peter Dean" <peter.dean at aspectsecurity.com>
>> wrote:
>>
>> Can I offer JMPC the $10 per developer offer?
>>
>>
>>
>> Pete
>>
>>
>>
>>
>>
>> *Peter Dean*  Sr. Account Executive
>>
>> (973) 668-5595 (office)  | (201) 960-8265 (cell)
>>
>> <image001.png>
>>
>>
>>
>>
>>
>> *From:* Jeff Williams
>> *Sent:* Monday, October 25, 2010 2:45 PM
>> *To:* Peter Dean; Kate Hartmann; 'alison.shrader at owasp.org'
>> *Subject:* RE: OWASP and JPMC
>>
>>
>>
>> I think we’re talking about 10-15,000 developers total.  We might be able
>> to give them a more cost-effective membership package too.  There are no
>> constraints on what we offer here, but what could we do for $5-7 per
>> developer (final cost to us including any labor/shipping/etc…) and then we
>> charge them $10?
>>
>>
>>
>> --Jeff
>>
>>
>>
>>
>>
>> *From:* Peter Dean
>> *Sent:* Monday, October 25, 2010 2:39 PM
>> *To:* Kate Hartmann (kate.hartmann at owasp.org); alison.shrader at owasp.org
>> *Cc:* Jeff Williams
>> *Subject:* OWASP and JPMC
>>
>>
>>
>> Kate and Alison,
>>
>>
>>
>> JP Morgan Chase is interested in OWASP sponsorship from both a corporate
>> and individual perspective.  The corporate sponsorship is easy but we need
>> to discuss the individual sponsorships.
>>
>>
>>
>> Jim Routh, VP AppSec would like every JPMC developer to become an
>> individual member.  While we do not have a final headcount, it is safe to
>> say this is somewhere around 75,000 – 100,000 people.  The typical $50 fee
>> is not realistic so I was hopeful we can come up with a solution.
>>
>>
>>
>> Perhaps we charge just enough to cover the expense of on-boarding them
>> (bag, T-shirt, ball, shipping) and add $1 - $2.  Do you have an idea of what
>> our cost would be?  I’m sure this will need OWASP Board approval but they
>> are anxious to get started so let me know your thoughts.
>>
>>
>>
>> Pete
>>
>>
>>
>>
>>
>> *Peter Dean*  Sr. Account Executive
>>
>> (973) 668-5595 (office)  | (201) 960-8265 (cell)
>>
>> peter.dean at aspectsecurity.com
>>
>> <image001.png>
>>
>>           Need information on Application Security?  Check out *OWASP.ORG
>> *
>>
>>
>>
>>
>> _______________________________________________
>> Global_membership_committee mailing list
>> Global_membership_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>
>>
>>
>>
>> --
>> Tom Brennan | OWASP Foundation
>> Global Board of Directors
>> Direct: 973-202-0122
>> Fax: 973-506-1517
>> Url: http://www.owasp.org
>>
>>
>>
>> _______________________________________________
>> Global_chapter_committee mailing list
>>
>> Global_chapter_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>
>>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>


-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101202/edd2c0e2/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 5712 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101202/edd2c0e2/attachment-0001.png 


More information about the Global_chapter_committee mailing list