[Owasp-board] OWASP Membership

Dinis Cruz dinis at ddplus.net
Fri Feb 23 17:10:03 UTC 2007


Great news

I think that the 'allocating membership money to OWASP projects' is a killer
idea :)

I'm sure it really help these guys to sell the membership internally

Dinis

On 2/23/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  Hi Jim,
>
>
>
> That's fantastic news.  Thanks!  Dave Wichers will contact you with tax
> and invoice information shortly.
>
>
>
> --Jeff
>
>
>
> Jeff Williams, Chair
>
> The OWASP Foundation <http://www.owasp.org/>
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>
>
> "Dedicated to finding and fighting the causes of insecure software"
>   ------------------------------
>
> *From:* Nopwaskey, Jim [mailto:jim.nopwaskey at eds.com]
> *Sent:* Friday, February 23, 2007 11:09 AM
> *To:* Dinis Cruz; Jeff Williams
> *Subject:* RE: OWASP Membership
>
>
>
> Jeff/Dinis-
>
>
>
> I have received approval from my leadership for EDS to join OWASP as a
> member. I wanted to begin discussions on the OWASP process to begin the
> membership registration. What are the next steps from the OWASP standpoint
> to begin this process?
>
>
>
> We will have to work through the process on our side to get the funding
> approved etc. As I am sure you know, EDS is a large organization and it may
> take some time to work through this and get everything in place. I know
> initially we will need a W-9 and invoice to get this thing rolling on our
> end.
>
>
>
> Also, as Dinis pointed out in his email we are definitely interested in
> allocating at least some of our membership fees to certain project(s) that
> we feel will benefit EDS. How does this work? Are there specific projects
> that could really use the funding that we can choose from or can we simply
> look at the projects that are listed on the OWASP website and go from there?
> Additionally, as we get more experienced in this space we are interested
> into contributing to the community directly by having some of our
> consultants and developers work on OWASP projects where we can help.
> Personally I am interested in seeing more activity from the local Pittsburgh
> chapter and working more closely with the leader of the Pittsburgh chapter
> to get some OWASP events/meeting setup. With the universities here in
> Pittsburgh there is a wealth of knowledge that the local Pittsburgh chapter
> should be able to take advantage of and contribute to OWASP.
>
>
>
> Thanks for your time and help. I think that EDS' involvement with OWASP
> will be positive for both organizations.
>
>
>
> Jim
>
>
>  ------------------------------
>
> *From:* Dinis Cruz [mailto:dinis at ddplus.net]
> *Sent:* Tuesday, February 13, 2007 1:22 PM
> *To:* Nopwaskey, Jim
> *Cc:* owasp-board at lists.owasp.org
> *Subject:* Re: OWASP Membership
>
> Hi Jim
>
> (note I started writing this email before Jeff's reponse so there is some
> repeated info :)
>
> Thanks for your interrest in joing OWASP as a member. Here are the answers
> to your questions:
>
>    1. Yes I can confirm that EDS falls into the 'Consulting
>    Organization Members Large organization' category, whose membership fees (as
>    you mentioned) are $8,000 USD per year.
>    2. Regarding the benefits of joining OWASP, here are a couple more
>    comments that might help you to justify the cost to your leadership
>
>
>     - First there are the benefits as described in the
>       http://www.owasp.org/index.php/Membership#Benefits_of_Membershippage
>
>
>     - OWASP commercial Licence  - Note that although this licence
>          doesn't give any additional rights some organizations are more comfortable
>          with it :)
>          - Visibility for your organization's tangible commitment
>          to application security
>          - The right to use the OWASP name and membership mark<http://www.owasp.org/images/f/f0/OWASP_Logo.gif>to show that you are an OWASP Member.
>          - Discounts to the OWASP AppSec and other security
>          conferences and events
>
>
>     - Then is the argument that although OWASP has achieved a lot in
>       the past years the quantity and quality of its delivererables are still
>       limited by the lack of financial support that OWASP is able to provide to
>       its projects.
>
>
>     - Starting the with OWASP Autumn of  Code 2006<http://www.owasp.org/index.php/Owasp_Autumn_Of_Code_2006>event (which sponsored 9 projects with several 5,000 USD and 3,500 USD
>          grants (see OWASP Autumn of Code 2006 - Selection<http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection>))
>          OWASP is now allocating all membership fees to similar sponsorships (we are
>          just about to launch the OWASP* Spring of Code 2007 *which
>          will sponsor a much larger number of projects)
>          - From a project delivery point of view the Autumn of
>          Code was a massive success where OWASP now has a Live CD with its tools, a
>          new version Testing Guide, new lessons for web goat, a new beta release of
>          the next generation of WebScarab and several major updates on the .Net
>          tools: OWASP Site Generator, OWASP Report Generator and OWASP Tiger.
>          - These sponsorships are a direct result of membership
>          fees, and something that you can show your managers as an real outcome.
>          - In fact you can even *pre-alocate* *your membership
>          fees to project(s) you are directly interested in (or benefit the most).
>          * For example lets say that EDS would really benefit
>          from a much improved version of the current OWASP Legal
>          Project<http://www.owasp.org/index.php/Category:OWASP_Legal_Project>or CLASP
>          (Comprehensive, Lightweight Application Security Process) Project
>          <http://www.owasp.org/index.php/Category:OWASP_CLASP_Project>.
>          EDS would be able to say I want my 8,000 USD membership money to go to
>          sponsorships for those projects (this way ensuring that they would be
>          further improved)
>
>
>     - Another good argument to support and participate in OWASP is that
>       is it cheaper to have certain types of development (documents or tools) done
>       at (or via) OWASP and its community than internally. Take for example the:
>
>
>     - OWASP Testing Project<http://www.owasp.org/index.php/Category:OWASP_Testing_Project>- very good document for Penetration testers and developers
>          - OWASP Report Generator<http://www.owasp.org/index.php/ORG_%2528Owasp_Report_Generator%2529>- time saving tool for Penetration testing teams since it dramatically
>          reduces the time spent on report generation and issue tracking
>          - OWASP Web Goat<http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project>and OWASP
>          Site Generator<http://www.owasp.org/index.php/Owasp_SiteGenerator>- Great learning resources for developers
>          - I could now continue since we have tons of projects
>          currentlly at OWASP :)
>
>           <http://www.owasp.org/index.php/Category:OWASP_Project>
>          - The cost of creating internally each of these
>          projects/documents would be much higher than the 8,000 USD membership fee :)
>
>           <http://www.owasp.org/index.php/Category:OWASP_Project>
>
>
>     - Finally it is with memberships like yours (and other major
>       companies) that OWASP gains the credibility to be able to really make a
>       difference in the current state of Web Application Security.
>
>
>    1. Coming back to EDS involvement in OWASP, as you can see by our
>    list of projects the financial support and membership should only be the
>    beginning of our relationship, since it would be mutually beneficial if EDS
>    allowed its security consultants and developers so spend some time on OWASP
>    projects.
>
> Hope this information helps.
>
> Let me know if you have any further questions or need additional details.
>
> Best regartds
>
> Dinis Cruz
> Chief OWASP Evangelist
> http://www.owasp.org
>
> On 2/9/07, *Nopwaskey, Jim* < jim.nopwaskey at eds.com> wrote:
>
> To whom it may concern-
>
> My name is Jim Nopwaskey and I am a Security Professional for EDS in
> Pittsburgh PA. The organization that I work for within EDS is Global
> Information Security - Threat Vulnerability Management and Response. Our
> group is responsible for delivering security services and consulting to EDS
> clients. Currently we provide CIRT (Computer Incident Response), Endpoint
> Security, and Security Event Management services to our clients and we are
> working to expand our security consulting services to include secure code
> analysis by providing web application penetration testing and static code
> analysis. Throughout the research and development of our processes to
> provide these services to our clients we have found the OWASP projects to be
> very helpful and valuable. We are hoping to become more active members of
> the OWASP community and I have been approved by my leadership to investigate
> the benefits/costs of EDS becoming an OWASP member.
>
> I have reviewed the membership page on your website and was looking for
> confirmation that we would fit into the Consulting Organization Members
> Large organization for $8,000 USD annually. Additionally, if there are any
> other benefits to membership that are not listed on your website that you
> think may help me justify this cost to my leadership please forward on that
> information.
>
> Thank you for your time.
>
> *Jim Nopwaskey*
> *Data Management*
> Global Information Security (GIS)
> Threat & Vulnerability Management
>
> 1187 Thorn Run Rd/Suite 310
> Coraopolis, PA 15108
>
> *phone*:  +1-412-893-1745
> *mobile*: +1-724-350-9063
> email: jim.nopwaskey at eds.com <:%20jim.nopwaskey at eds.com>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070223/61869cf0/attachment-0002.html>


More information about the Owasp-board mailing list