[Owasp-board] 2006 End Financials

Dinis Cruz dinis at ddplus.net
Fri Jan 19 15:11:00 UTC 2007

On 1/19/07, Dave Wichers <dave.wichers at owasp.org> wrote:
>  I was not planning on providing any more details than I have already
> provided. So, in my opinion, the financials are ready for release. If you
> want to release this much detail, I think that would be OK. If less, that's
> fine too.

Ok, thanks, I will release this  info just like it is

I'm certainly OK with SpoC and Membership pack investments.


I'm not convinced that some investment in some permanent (maybe part time)
> support on the administrative level wouldn't be a good investment for OWASP
> because it would allow all four of us to lean on that person to help get
> things don't so we don't have to spend so much of our 'volunteer' time doing
> OWASP things or we could invest that saved time in other OWASP things that
> deserve attention too.
Could this administrative help come from one or two SpoC sponsorship (and
note that there is nothing wrong with giving a SpoC to an 6 month project)

  I think for the leadership energy level to be sustainable we need some
> more paid/reliable/continuous/year round help in this area.

Maybe in the future, but I think that we are doing Ok at the moment (one of
the things we might need to look in the future is where the board members
should receive some financial support (to justify the time spent) but since
at the moment all of us already benefit from OWASP growth, I think that it
is a discussion to have in 6 months time)

Re; SpoC
>    - No problem with the board not bidding on projects.
>    - I think you are being aggressive in the amount of SpoC projects we
>    can handle. You are essentially tripling+ the size of the pool for this next
>    round. I'd recommend we not accelerate so quickly. Going from 8 to 40
>    projects since VERY ambitious. I would recommend we stick to just a 50%
>    increase in funds and try to limit us to adding only 2-4 additional
>    projects. [We also want to leave some $ for the AoC 2007 so we shouldn't
>    spend it all now. Of course your membership drive might fix that problem
>    J Hopefully it will.]
> Well that is why I wanted to have a SpoC project just to managed SpoC
projects :)

If we have the money we should spend it, note that as per your numbers $100k
still leaves us in well into the comfort zone, and we are not taking into
account that we will have two conferences this year (one potentially huge),
more new Members and (let's see what happens with the) renew of existing

>    - Regarding the payments to Open Source projects, that's an
>    interesting idea. Are existing OWASP projects eligible? Seems like WebGoat
>    and WebScarab should be 2 of the top ten (if I was voting).
That is a very good question, and I would say yes! If they are voted they
should receive (that said if more 50% go to OWASP projects, then we might
organize it a bit differently)

>  ------------------------------
> *From:* owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org]
> *On Behalf Of *Dinis Cruz
> *Sent:* Friday, January 19, 2007 8:59 AM
> *To:* owasp-board at lists.owasp.org
> *Subject:* Re: [Owasp-board] 2006 End Financials
> Thanks Dave for these numbers.
> Can I publish them? Also when will we have the final accounts ready
> (similar to wikipedia's http://upload.wikimedia.org/wikipedia/foundation/2/28/Wikimedia_2006_fs.pdf
> )
> I am still wrapping up the AoC stuff (I want to write a proper review for
> each project), but we can really say that it was a massive success and a
> great way to spend our funds.
> So to spend the money available, I would like to propose the following
> plan:
>    - In the short term we should only spend non-operational money (i.e.
>    excluding hosting costs, etc..) on two things: SpoC (Spring of Code) and the
>    'Membership Pack'
>    - Unless the employee to hire is to do administrative stuff, i am
>    now convinced that the last thing OWASP needs at the moment is a manager.
>    The current structure (owasp-board, owasp-leaders,chapter-leaders, etc..) is
>    working very well and OWASP continues to grow at a fast but manageable
>    speed, so we should keep it that way. And for administrative stuff, we can
>    get those resources under the SpoC (OWASP Spring of Code)
>    - So, for the SpoC I would like to propose this:
>       - First very important rule (which I think will make this much
>       more transparent), no member of the OWASP board is allowed to apply to a
>       SpoC sponsorship (i.e . the four of us :) )
>       - We encourage Owasp project leaders to submit proposals and
>       keep the current selection criteria (http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection
>       ) which favours them
>       - Initial Budget will be $100,000 (but note that I will do a
>       membership drive (probably between 15th February and 15th March) using the
>       argument 'every member fee that joins between this period will be added to
>       the SpoC initial 100k funds (so we might actually get more that 100k))
>       - For the projects to be sponsored I would like to propose the
>       following numbers as an initial guideline (of course that depending on the
>       proposals we can reorganize this)
>          - $40,000 on Big projects - 8 projects @ $5,000 each
>          - $30,000 on Medium projects - 12 projects @ $2,500 each
>          - $20,000 on Small projects - 20 projects @ $1,000 each
>          - $10,000 on Donations to Open Source projects: 10
>          donations of $1,000 each
>       - Give the possible size of SpoC projects probably one Big (or
>       one Medium or two Small)  will be allocated to somebody to help manage the
>       whole process
>       - (note: I was event thinking of using the concept of
>       'micro-credit' here, and have $100 mini-projects (which are perfect for
>       students outside high GNI countries, but I will put that as an idea for a
>       Medium project (for example: 'Manage the distribution of $100 sponsorships
>       to specific projects' (this is still an early-days idea, so we might have to
>       wait for the SmoC or AoC2 for that ))
>       - I don't think we should normalize these sponsorship numbers
>       by GNI (although we might take into account the location of the applicant).
>       This at the moment favours lower rating GNI applicants, but on the AoC that
>       wasn't really an issue.
>       - The 10 'Donations to Open Source projects' ($1,000 each) is
>       an idea that I REALLY would like you guys to accept since it is win-win all
>       over the place:
>          - The idea is to get OWASP Members (and only the
>          members) to vote of the top 10 Open Source projects they use in their
>          companies (we might need to make each corporate member worth 10 points and
>          individual members 1 point)
>          - Naturally the payment would be made to the top 10
>          voted projects
>          - The payment would be a no-strings attached "Thanks for
>          the hard work in creating this tool (which is widely used and appreciated in
>          the OWASP community) and please keep working on the next version"
>          - This would be another 'unique benefit to OWASP
>          members'
>          - And the PR/Media coverage should be great. We can even
>          make announce and present them at OWASP conferences (to make it a bit more
>          official)
>        - We also need to talk about how the money for local chapters
>    will work, and I am temped to say (in the short term) there that will be NO
>    model or money distribution from OWASP's mothership to the chapters (which
>    could get really messy). If a chapter wants funds, it can apply to them the
>    via SpoC
>    - The 'Membership Pack' pack should be created by an SpoC project
>    and its production funded separately (would $10,000 do?)
> What do you guys think?
> Dinis
> On 1/18/07, *Dave Wichers* <dave.wichers at aspectsecurity.com> wrote:
> Here's our end of FY2006 financials on a Cash basis. We still owe about
> $15K for the rest of the AoC but we still have LOTS left over. Lets figure
> out the best way to invest this $, including another AoC round, Spring of
> Code?, hiring some interns, and maybe hiring an employee??
> Where do you think we would be best investing?
> -Dave
> --
> Dinis Cruz
> Chief OWASP Evangelist, Are you a member yet?
> http://www.owasp.org
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070119/a8497039/attachment-0002.html>

More information about the Owasp-board mailing list