[Owasp-board] OWASP Membership

Andrew van der Stock vanderaj at owasp.org
Fri Feb 23 18:52:47 UTC 2007

Fantastic news. :)


On 2/23/07 12:10 PM, "Dinis Cruz" <dinis at ddplus.net> wrote:

> Great news
> I think that the 'allocating membership money to OWASP projects' is a killer
> idea :)
> I'm sure it really help these guys to sell the membership internally
> Dinis
> On 2/23/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>> Hi Jim,
>> That's fantastic news.  Thanks!  Dave Wichers will contact you with tax and
>> invoice information shortly.
>> --Jeff
>> Jeff Williams, Chair
>> The OWASP Foundation <http://www.owasp.org/>
>> work: 410-707-1487
>> main: 301-604-4882
>> "Dedicated to finding and fighting the causes of insecure software"
>> From: Nopwaskey, Jim [mailto:jim.nopwaskey at eds.com]
>> Sent: Friday, February 23, 2007 11:09 AM
>> To: Dinis Cruz; Jeff Williams
>> Subject: RE: OWASP Membership
>> Jeff/Dinis-
>> I have received approval from my leadership for EDS to join OWASP as a
>> member. I wanted to begin discussions on the OWASP process to begin the
>> membership registration. What are the next steps from the OWASP standpoint to
>> begin this process?
>> We will have to work through the process on our side to get the funding
>> approved etc. As I am sure you know, EDS is a large organization and it may
>> take some time to work through this and get everything in place. I know
>> initially we will need a W-9 and invoice to get this thing rolling on our
>> end.
>> Also, as Dinis pointed out in his email we are definitely interested in
>> allocating at least some of our membership fees to certain project(s) that we
>> feel will benefit EDS. How does this work? Are there specific projects that
>> could really use the funding that we can choose from or can we simply look at
>> the projects that are listed on the OWASP website and go from there?
>> Additionally, as we get more experienced in this space we are interested into
>> contributing to the community directly by having some of our consultants and
>> developers work on OWASP projects where we can help. Personally I am
>> interested in seeing more activity from the local Pittsburgh chapter and
>> working more closely with the leader of the Pittsburgh chapter to get some
>> OWASP events/meeting setup. With the universities here in Pittsburgh there is
>> a wealth of knowledge that the local Pittsburgh chapter should be able to
>> take advantage of and contribute to OWASP.
>> Thanks for your time and help. I think that EDS' involvement with OWASP will
>> be positive for both organizations.
>> Jim
>>> From: Dinis Cruz [mailto:dinis at ddplus.net]
>>> Sent: Tuesday, February 13, 2007 1:22 PM
>>> To: Nopwaskey, Jim
>>> Cc: owasp-board at lists.owasp.org
>>> Subject: Re: OWASP Membership
>>> Hi Jim
>>> (note I started writing this email before Jeff's reponse so there is some
>>> repeated info :)
>>> Thanks for your interrest in joing OWASP as a member. Here are the answers
>>> to your questions:
>>> 1. Yes I can confirm that EDS falls into the 'Consulting Organization
>>> Members Large organization' category, whose membership fees (as you
>>> mentioned) are $8,000 USD per year.
>>> 2. Regarding the benefits of joining OWASP, here are a couple more comments
>>> that might help you to justify the cost to your leadership
>>>> * First there are the benefits as described in the
>>>> http://www.owasp.org/index.php/Membership#Benefits_of_Membership  page
>>>>> * OWASP commercial Licence  - Note that although this licence doesn't give
>>>>> any additional rights some organizations are more comfortable with it :)
>>>>> * Visibility for your organization's tangible commitment to application
>>>>> security 
>>>>> * The right to use the OWASP name and membership mark
>>>>> <http://www.owasp.org/images/f/f0/OWASP_Logo.gif>  to show that you are an
>>>>> OWASP Member.
>>>>> * Discounts to the OWASP AppSec and other security conferences and events
>>>> * Then is the argument that although OWASP has achieved a lot in the past
>>>> years the quantity and quality of its delivererables are still limited by
>>>> the lack of financial support that OWASP is able to provide to its
>>>> projects. 
>>>>> * Starting the with OWASP Autumn of  Code 2006
>>>>> <http://www.owasp.org/index.php/Owasp_Autumn_Of_Code_2006>  event (which
>>>>> sponsored 9 projects with several 5,000 USD and 3,500 USD grants (see
>>>>> OWASP Autumn of Code 2006 - Selection
>>>>> <http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection> ))
>>>>> OWASP is now allocating all membership fees to similar sponsorships (we
>>>>> are just about to launch the OWASP Spring of Code 2007 which will sponsor
>>>>> a much larger number of projects)
>>>>> * From a project delivery point of view the Autumn of Code was a massive
>>>>> success where OWASP now has a Live CD with its tools, a new version
>>>>> Testing Guide, new lessons for web goat, a new beta release of the next
>>>>> generation of WebScarab and several major updates on the .Net tools: OWASP
>>>>> Site Generator, OWASP Report Generator and OWASP Tiger.
>>>>> * These sponsorships are a direct result of membership fees, and something
>>>>> that you can show your managers as an real outcome.
>>>>> * In fact you can even pre-alocate your membership fees to project(s) you
>>>>> are directly interested in (or benefit the most). For example lets say
>>>>> that EDS would really benefit from a much improved version of the current
>>>>> OWASP Legal Project
>>>>> <http://www.owasp.org/index.php/Category:OWASP_Legal_Project>  or CLASP
>>>>> (Comprehensive, Lightweight Application Security Process) Project
>>>>> <http://www.owasp.org/index.php/Category:OWASP_CLASP_Project> . EDS would
>>>>> be able to say I want my 8,000 USD membership money to go to sponsorships
>>>>> for those projects (this way ensuring that they would be further improved)
>>>> * Another good argument to support and participate in OWASP is that is it
>>>> cheaper to have certain types of development (documents or tools) done at
>>>> (or via) OWASP and its community than internally. Take for example the:
>>>>> * OWASP Testing Project
>>>>> <http://www.owasp.org/index.php/Category:OWASP_Testing_Project>  - very
>>>>> good document for Penetration testers and developers
>>>>> * OWASP Report Generator
>>>>> <http://www.owasp.org/index.php/ORG_%2528Owasp_Report_Generator%2529>  -
>>>>> time saving tool for Penetration testing teams since it dramatically
>>>>> reduces the time spent on report generation and issue tracking
>>>>> * OWASP Web Goat
>>>>> <http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project>  and OWASP
>>>>> Site Generator <http://www.owasp.org/index.php/Owasp_SiteGenerator>  -
>>>>> Great learning resources for developers
>>>>> * I could now continue since we have tons of projects currentlly at OWASP
>>>>> :) 
>>>>> *  
>>>>> *   <http://www.owasp.org/index.php/Category:OWASP_Project>
>>>>> * The cost of creating internally each of these projects/documents would
>>>>> be much higher than the 8,000 USD membership fee :)
>>>>> *  
>>>>> *   <http://www.owasp.org/index.php/Category:OWASP_Project>
>>>> * Finally it is with memberships like yours (and other major companies)
>>>> that OWASP gains the credibility to be able to really make a difference in
>>>> the current state of Web Application Security.
>>> 3. Coming back to EDS involvement in OWASP, as you can see by our list of
>>> projects the financial support and membership should only be the beginning
>>> of our relationship, since it would be mutually beneficial if EDS allowed
>>> its security consultants and developers so spend some time on OWASP
>>> projects. 
>>> Hope this information helps.
>>> Let me know if you have any further questions or need additional details.
>>> Best regartds
>>> Dinis Cruz
>>> Chief OWASP Evangelist
>>> http://www.owasp.org
>>> On 2/9/07, Nopwaskey, Jim < jim.nopwaskey at eds.com
>>> <mailto:jim.nopwaskey at eds.com> > wrote:
>>> To whom it may concern-
>>> My name is Jim Nopwaskey and I am a Security Professional for EDS in
>>> Pittsburgh PA. The organization that I work for within EDS is Global
>>> Information Security - Threat Vulnerability Management and Response. Our
>>> group is responsible for delivering security services and consulting to EDS
>>> clients. Currently we provide CIRT (Computer Incident Response), Endpoint
>>> Security, and Security Event Management services to our clients and we are
>>> working to expand our security consulting services to include secure code
>>> analysis by providing web application penetration testing and static code
>>> analysis. Throughout the research and development of our processes to
>>> provide these services to our clients we have found the OWASP projects to be
>>> very helpful and valuable. We are hoping to become more active members of
>>> the OWASP community and I have been approved by my leadership to investigate
>>> the benefits/costs of EDS becoming an OWASP member.
>>> I have reviewed the membership page on your website and was looking for
>>> confirmation that we would fit into the Consulting Organization Members
>>> Large organization for $8,000 USD annually. Additionally, if there are any
>>> other benefits to membership that are not listed on your website that you
>>> think may help me justify this cost to my leadership please forward on that
>>> information. 
>>> Thank you for your time.
>>> Jim Nopwaskey 
>>> Data Management
>>> Global Information Security (GIS)
>>> Threat & Vulnerability Management
>>> 1187 Thorn Run Rd/Suite 310
>>> Coraopolis , PA 15108
>>> phone :  +1-412-893-1745
>>> mobile : +1-724-350-9063
>>> email: jim.nopwaskey at eds.com  <mailto::%20jim.nopwaskey at eds.com>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070223/675a2fbb/attachment-0002.html>

More information about the Owasp-board mailing list