[Owasp-board] OWASP Membership

Dinis Cruz dinis at ddplus.net
Tue Feb 13 18:22:24 UTC 2007

Hi Jim

(note I started writing this email before Jeff's reponse so there is some
repeated info :)

Thanks for your interrest in joing OWASP as a member. Here are the answers
to your questions:

   1. Yes I can confirm that EDS falls into the 'Consulting Organization
   Members Large organization' category, whose membership fees (as you
   mentioned) are $8,000 USD per year.
   2. Regarding the benefits of joining OWASP, here are a couple more
   comments that might help you to justify the cost to your leadership
   - First there are the benefits as described in the
         - OWASP commercial Licence  - Note that although this
         licence doesn't give any additional rights some organizations are more
         comfortable with it :)
         - Visibility for your organization's tangible commitment
         to application security
         - The right to use the OWASP name and membership
mark<http://www.owasp.org/images/f/f0/OWASP_Logo.gif>to show that you
are an OWASP Member.
         - Discounts to the OWASP AppSec and other security
         conferences and events
      - Then is the argument that although OWASP has achieved a lot in
      the past years the quantity and quality of its delivererables are still
      limited by the lack of financial support that OWASP is able to provide to
      its projects.
      - Starting the with OWASP Autumn of  Code
(which sponsored 9 projects with several 5,000 USD and 3,500 USD
         grants (see OWASP Autumn of Code 2006 -
         OWASP is now allocating all membership fees to similar
sponsorships (we are
         just about to launch the OWASP Spring of Code 2007 which
         will sponsor a much larger number of projects)
         - From a project delivery point of view the Autumn of Code
         was a massive success where OWASP now has a Live CD with its
tools, a new
         version Testing Guide, new lessons for web goat, a new beta
release of the
         next generation of WebScarab and several major updates on the
.Net tools:
         OWASP Site Generator, OWASP Report Generator and OWASP Tiger.
         - These sponsorships are a direct result of membership
         fees, and something that you can show your managers as an
real outcome.
         - In fact you can even pre-alocate your membership fees to
         project(s) you are directly interested in (or benefit the
most).For example lets say that EDS would really benefit from a much
         version of the current* *OWASP Legal
         (Comprehensive, Lightweight Application Security Process)
         EDS would be able to say I want my 8,000 USD membership money to go to
         sponsorships for those projects (this way ensuring that they would be
         further improved)
      - Another good argument to support and participate in OWASP is
      that is it cheaper to have certain types of development
(documents or tools)
      done at (or via) OWASP and its community than internally. Take
for example

      - OWASP Testing
very good document for Penetration testers and developers
         - OWASP Report
time saving tool for Penetration testing teams since it dramatically
         reduces the time spent on report generation and issue tracking
         - OWASP Web
         Site Generator<http://www.owasp.org/index.php/Owasp_SiteGenerator>-
Great learning resources for developers
         - I could now continue since we have tons of projects
         currentlly at OWASP :)

         - The cost of creating internally each of these
         projects/documents would be much higher than the 8,000 USD
membership fee :)

      - Finally it is with memberships like yours (and other major
      companies) that OWASP gains the credibility to be able to really make a
      difference in the current state of Web Application Security.

      3. Coming back to EDS involvement in OWASP, as you can see by
   our list of projects the financial support and membership should only be the
   beginning of our relationship, since it would be mutually beneficial if EDS
   allowed its security consultants and developers so spend some time on OWASP

Hope this information helps.

Let me know if you have any further questions or need additional details.

Best regartds

Dinis Cruz
Chief OWASP Evangelist

On 2/9/07, Nopwaskey, Jim <jim.nopwaskey at eds.com> wrote:
>  To whom it may concern-
> My name is Jim Nopwaskey and I am a Security Professional for EDS in
> Pittsburgh PA. The organization that I work for within EDS is Global
> Information Security - Threat Vulnerability Management and Response. Our
> group is responsible for delivering security services and consulting to EDS
> clients. Currently we provide CIRT (Computer Incident Response), Endpoint
> Security, and Security Event Management services to our clients and we are
> working to expand our security consulting services to include secure code
> analysis by providing web application penetration testing and static code
> analysis. Throughout the research and development of our processes to
> provide these services to our clients we have found the OWASP projects to be
> very helpful and valuable. We are hoping to become more active members of
> the OWASP community and I have been approved by my leadership to investigate
> the benefits/costs of EDS becoming an OWASP member.
> I have reviewed the membership page on your website and was looking for
> confirmation that we would fit into the Consulting Organization Members
> Large organization for $8,000 USD annually. Additionally, if there are any
> other benefits to membership that are not listed on your website that you
> think may help me justify this cost to my leadership please forward on that
> information.
> Thank you for your time.
> *Jim Nopwaskey*
> *Data Management*
> Global Information Security (GIS)
> Threat & Vulnerability Management
> 1187 Thorn Run Rd/Suite 310
> Coraopolis, PA 15108
> *phone*:  +1-412-893-1745
> *mobile*: +1-724-350-9063
> *email: jim.nopwaskey at eds.com * <:%20jim.nopwaskey at eds.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070213/7515e6f2/attachment-0002.html>

More information about the Owasp-board mailing list