[Owasp-board] SpoC Financials

Andrew van der Stock vanderaj at owasp.org
Sun Mar 4 13:50:50 UTC 2007


Dinis,

Is there any way we could help (say) the PHP project itself? By far the
worst offender is the lack of security architecture around PHP which leads
to many apps re-doing the usual suspects (authC, authZ, session management
(if they do it at all + php is a shared nothing language), data validation,
output filtering, the works. It¹s too hard for a normal PHP app to be
secure. Helping PHP 6.0 become secure by offering to pay someone (or some
people) who is an acknowledged PHP security dude would really help. If we
help fund good quality work like the Zend Framework, maybe we could ask Zend
to match us dollar for dollar.

Dave ­ is the money right and would it leave enough for you to do OWASP EU,
especially since SPI aren¹t paying until later?

Thanks,
Andrew


On 3/4/07 12:15 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:

> Ok, I want to take oportunity that I am in San Jose and will be participating
> in the San Francisco Chapter next tuesday to lauch SpoC.
> 
> And what I need from you is to agree on the financials.
> 
> Here are my ideas (this is a variation of the email I sent a while back):
> 
> * No member of the OWASP board is allowed to apply to a SpoC sponsorship (i.e
> . the four of us :) )
> * 
> * 
> * We encourage Owasp project leaders to submit proposals. I am planing to have
> a variation of the
> http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection
> <http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection>  which
> favours them 
> * Initial Budget will be $109,000 (100k from OWASP and 9 from Spy Dinamics).
> And this is before the membership drive
> * 
> * 
> * For 100k for projects sponsorships I would like to propose the following
> numbers as an initial guideline (of course that depending on the proposals we
> will reorganize this)
> * 
>> * $20,000 on 1 Large project
>> * 
>> * $40,000 on Big projects - 8 projects @ $5,000 each
>> * $22,500 on Medium projects - 9 projects @ $2,500 each
>> * $7,500 on 1 internship (at Aspect's offices)
>> * 
>> * $10,000 on Donations to Open Source projects: 10 donations of $1,000 each
>> * 
> * I will want to allocated one Big or Medium sponsorship to somebody to help
> manage the whole SpoC process
> * 
> * 
> * I don't think we should normalize these sponsorship numbers by GNI (although
> we might take into account the location of the applicant). This at the moment
> favours lower rating GNI applicants, but on the AoC that wasn't really an
> issue. 
> * 
> * 
> * The 10 'Donations to Open Source projects' ($1,000 each) is an idea that I
> REALLY would like you guys to accept since it is win-win all over the place:
> * 
>> * The idea is to get OWASP Members (and only the members) to vote of the top
>> 10 Open Source projects they use in their companies (we might need to make
>> each corporate member worth 10 points and individual members 1 point)
>>> * This would exclude OWASP projects since they can apply to SpoC
>> * Naturally the payment would be made to the top 10 voted projects
>> * 
>> * The payment would be a no-strings attached "Thanks for the hard work in
>> creating this tool (which is widely used and appreciated in the OWASP
>> community) and please keep working on the next version"
>> * This would be another 'unique benefit to OWASP members'
>> * And the PR/Media coverage should be great. We can even make announce and
>> present them at OWASP conferences (to make it a bit more official)
>> * 
> * For Timescales here are two versions
> * 
>> * Aggressive TimeScale (my preference):
>> * 
>>> * 6th March: SpoC lauch and request for proposals
>>> * 
>>> * 22nd March: Submission Period is finished
>>> * 1th April: SPoC Results are announced and SpoC projects begin
>>> * 
>>> * 30 June: SpoC ends
>>> * 
>> * More relaxedTimeScale:
>>> * 6th March: SpoC lauch and request for proposals
>>> * 
>>> * 1st April: Submission Period is finished
>>> * 15th April: Results are announced
>>> * 1st May: SpoC projects begin
>>> * 
>>> * 31 July: SpoC ends
> Ok, guys what do you think?
> 
> I will start working on the SpoC Press release now
> 
> Dinis
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070304/9a8a7c3b/attachment-0002.html>


More information about the Owasp-board mailing list