[Global_education_committee] OWASP Local Government Supporters

Matt Tesauro mtesauro at gmail.com
Thu Feb 25 15:12:08 EST 2010

Based on reading the interchange between Fabio Cerullo and Dan Cornell
[1] and the Global Education Committee meeting we had yesterday where
this came up, I have a bit of input I'd like to throw into the mix.

For smaller entities like the national public health insurance
organization in Peru that Fabio mentioned, having a model where to
support OWASP means contributing $5,000 USD is basically like telling
them 'no'.

I work for a state agency which barely acknowledges the existence of
other US states (yeah, its Texas), let alone other countries.  For
example, I've failed several times to buy the commercial Burb Suite
since its priced in British Pounds.  Trying to get that though the
purchasing bureaucracy is fail from the word go.  I can't imagine how
painful it would be for a smaller agency in Peru to try to get $5,000 in
US _dollars_ into a budget let alone the equivalent in their native

I see this as very similar to the initiative we are doing for
Universities.  If there are government agencies of any size that want to
publicly pronounce their use and support of OWASP, then we should find a
vehicle for them to do so.  

I also have a hard time finding a downside for OWASP if government
agencies have a method to day "We use and recommend OWASP".  If we had
such a program, I'd bet I could get my agency on that list as well.  I
certainly would have an easier time doing so without having to find
budget for it.

Perhaps this isn't membership in the traditional sense.  Maybe this is a
matter of coming up with a different type/class/method for government
agencies to demonstrate their use and endorsement of OWASP.  

I also see the potential for some positive viral effects:
Suppose a government agency lists their endorsement of OWASP - both on
their site(s) and on the OWASP site.  Say you're a vendor trying to get
a contract with that agency.  Being an OWASP member company might just
help separate you from other vendors going for that contract.

That would be a great problem for OWASP to have.



-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download site

More information about the Global_education_committee mailing list