[Owasp-board] 2006 End Financials
dave.wichers at owasp.org
Fri Jan 19 14:27:46 UTC 2007
I was not planning on providing any more details than I have already
provided. So, in my opinion, the financials are ready for release. If you
want to release this much detail, I think that would be OK. If less, that's
I'm certainly OK with SpoC and Membership pack investments.
I'm not convinced that some investment in some permanent (maybe part time)
support on the administrative level wouldn't be a good investment for OWASP
because it would allow all four of us to lean on that person to help get
things don't so we don't have to spend so much of our 'volunteer' time doing
OWASP things or we could invest that saved time in other OWASP things that
deserve attention too. I think for the leadership energy level to be
sustainable we need some more paid/reliable/continuous/year round help in
* No problem with the board not bidding on projects.
* I think you are being aggressive in the amount of SpoC projects we
can handle. You are essentially tripling+ the size of the pool for this next
round. I'd recommend we not accelerate so quickly. Going from 8 to 40
projects since VERY ambitious. I would recommend we stick to just a 50%
increase in funds and try to limit us to adding only 2-4 additional
projects. [We also want to leave some $ for the AoC 2007 so we shouldn't
spend it all now. Of course your membership drive might fix that problem :-)
Hopefully it will.]
* Regarding the payments to Open Source projects, that's an
interesting idea. Are existing OWASP projects eligible? Seems like WebGoat
and WebScarab should be 2 of the top ten (if I was voting).
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Friday, January 19, 2007 8:59 AM
To: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] 2006 End Financials
Thanks Dave for these numbers.
Can I publish them? Also when will we have the final accounts ready (similar
I am still wrapping up the AoC stuff (I want to write a proper review for
each project), but we can really say that it was a massive success and a
great way to spend our funds.
So to spend the money available, I would like to propose the following plan:
* In the short term we should only spend non-operational money (i.e.
excluding hosting costs, etc..) on two things: SpoC (Spring of Code) and the
* Unless the employee to hire is to do administrative stuff, i am now
convinced that the last thing OWASP needs at the moment is a manager. The
current structure (owasp-board, owasp-leaders,chapter-leaders, etc..) is
working very well and OWASP continues to grow at a fast but manageable
speed, so we should keep it that way. And for administrative stuff, we can
get those resources under the SpoC (OWASP Spring of Code)
* So, for the SpoC I would like to propose this:
* First very important rule (which I think will make this much more
transparent), no member of the OWASP board is allowed to apply to a SpoC
sponsorship (i.e . the four of us :) )
* We encourage Owasp project leaders to submit proposals and keep the
current selection criteria
which favours them
* Initial Budget will be $100,000 (but note that I will do a
membership drive (probably between 15th February and 15th March) using the
argument 'every member fee that joins between this period will be added to
the SpoC initial 100k funds (so we might actually get more that 100k))
* For the projects to be sponsored I would like to propose the
following numbers as an initial guideline (of course that depending on the
proposals we can reorganize this)
* $40,000 on Big projects - 8 projects @ $5,000 each
* $30,000 on Medium projects - 12 projects @ $2,500 each
* $20,000 on Small projects - 20 projects @ $1,000 each
* $10,000 on Donations to Open Source projects: 10 donations of $1,000
* Give the possible size of SpoC projects probably one Big (or one
Medium or two Small) will be allocated to somebody to help manage the whole
* (note: I was event thinking of using the concept of 'micro-credit'
here, and have $100 mini-projects (which are perfect for students outside
high GNI countries, but I will put that as an idea for a Medium project (for
example: 'Manage the distribution of $100 sponsorships to specific projects'
(this is still an early-days idea, so we might have to wait for the SmoC or
AoC2 for that ))
* I don't think we should normalize these sponsorship numbers by GNI
(although we might take into account the location of the applicant). This at
the moment favours lower rating GNI applicants, but on the AoC that wasn't
really an issue.
* The 10 'Donations to Open Source projects' ($1,000 each) is an idea
that I REALLY would like you guys to accept since it is win-win all over the
* The idea is to get OWASP Members (and only the members) to vote of
the top 10 Open Source projects they use in their companies (we might need
to make each corporate member worth 10 points and individual members 1
* Naturally the payment would be made to the top 10 voted projects
* The payment would be a no-strings attached "Thanks for the hard work
in creating this tool (which is widely used and appreciated in the OWASP
community) and please keep working on the next version"
* This would be another 'unique benefit to OWASP members'
* And the PR/Media coverage should be great. We can even make announce
and present them at OWASP conferences (to make it a bit more official)
* We also need to talk about how the money for local chapters will
work, and I am temped to say (in the short term) there that will be NO model
or money distribution from OWASP's mothership to the chapters (which could
get really messy). If a chapter wants funds, it can apply to them the via
* The 'Membership Pack' pack should be created by an SpoC project and
its production funded separately (would $10,000 do?)
What do you guys think?
On 1/18/07, Dave Wichers <dave.wichers at aspectsecurity.com> wrote:
Here's our end of FY2006 financials on a Cash basis. We still owe about $15K
for the rest of the AoC but we still have LOTS left over. Lets figure out
the best way to invest this $, including another AoC round, Spring of Code?,
hiring some interns, and maybe hiring an employee??
Where do you think we would be best investing?
Chief OWASP Evangelist, Are you a member yet?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board