[Owasp-board] Proposal: OWASP 'Discounts' and promotion of such on OWASP

Dave Wichers dave.wichers at owasp.org
Thu Jan 25 20:12:00 UTC 2007

Jeff and I talked about this briefly and this is what I propose:

1) If someone wants to offer a discount to OWASP members, and
2) That organization also contributes something of specific benefit to OWASP
itself, then we should do the following, and ONLY the following:

What we will do:

We should list the event/item/etc. as a single bullet under the ' Discounted
conference registration fees ...' bullet #4 on the Benefits of Membership
page. This bullet will include the minimum necessary to understand what the
thing/event is, what the discount is, and a link to that organization's site
for more info.

I would be happy to be the conduit through which all such updates are done,
for consistency reasons. If this discount list gets large enough, we could
make it a separate page.

What we won't do:

Mention or promote this anywhere else on the OWASP site, or allow it to be
broadcast over OWASP mailing lists. It would be OK to mention it verbally at
OWASP chapter meetings, I would think.

What qualifies as a specific benefit to OWASP:

Things like:
  Some revenue share arrangement with OWASP
  Providing some goods/services/licenses to OWASP
  Joining OWASP as a corporate member (this is important)

What do you guys think about this limited / controlled model to allow OWASP
to 'promote' the existence of such discounts.

I like the idea, but do share Jeff's concern and I hope this provides enough
constraints so it doesn't get out of hand.

I also like the idea of expanding the member benefits in this way as it
might encourage more people to join.



-----Original Message-----
From: Dave Wichers [mailto:dave.wichers at owasp.org] 
Sent: Wednesday, January 24, 2007 10:45 AM
To: 'owasp-board at lists.owasp.org'
Subject: RE: [Owasp-board] FW: Motivation to attend OWASP meetings


I agree with the concern but what do you consider a direct and specific
benefit? If the organization joins OWASP (which is a direct $) benefit, and
then offers a discount to something like a conference or some training, does
that qualify? I kind of think it should, but I could be convinced otherwise.


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: Wednesday, January 24, 2007 10:40 AM
To: OWASP Board
Subject: [Owasp-board] FW: Motivation to attend OWASP meetings


We're getting a number of requests from people to make special deals to
OWASP members.  While it seems like a 'no-harm' kind of thing, I'm a little
concerned about the long-term effect here.  It is really misusing OWASP for
a little cheap marketing.  I'm sure nobody here has a malicious intent, but
over the long term, it makes OWASP look a little shady.

My recommendation is that we never let anyone do this kind of advertising at
OWASP (outside the banner ad), unless there is a direct and specific benefit
to OWASP itself, and not just a corollary benefit to the members.


Jeff Williams, Chair
The OWASP Foundation
work: 410-707-1487
main: 301-604-4882
"Dedicated to finding and fighting the causes of insecure software"

-----Original Message-----
From: Nish Bhalla [mailto:nish at securitycompass.com] 
Sent: Wednesday, January 24, 2007 10:35 AM
To: 'Jeff Williams'
Cc: dinis at ddplus.net
Subject: Motivation to attend OWASP meetings

Hi Guys,

We in the Toronto OWASP chapter are having very very few people (non
organizers 2 may be 3) attend OWASP monthly meetings, so we were planning to
do a raffle to give out seats in Security Compass public class (Haven't
decided which one yet but possibly a one day source code review or hacking
basics class). 

We wanted to extend this to other chapters as well, we would like to do it
in an manner that is acceptable per OWASP and organized in such a manner
that there is not a whole lot of misuse of giving this seat out.

Please let me know what you guys think of this option and how you think we
should proceed with this.


Owasp-board mailing list
Owasp-board at lists.owasp.org

More information about the Owasp-board mailing list