[Owasp-board] SpoC Financials

Dinis Cruz dinis at ddplus.net
Sun Mar 4 16:25:53 UTC 2007


Of course we can sponsor  PHP projects, in theory there are only two
limitations in SpoC: 1) none of us can apply and 2) the applicant must be
from a country OWASP can do business with (well the amount of money
available is also a limitation :)  )

What we need is good proposals for projects. So Andrew rattle up your PHP
contacts and use SpoC to sponsor them.

Regarding the match-funding of projects by other organizations, that is one
of the ideas that I want to put out in the membership drive. I will propose
multiple ideas for other companies (and non-profit organizations) to match
fund SpoC projects (as in OWASP puts in 5k and they put in 5k)

On the financials, the last number that I saw was that we had 180k in the
bank, so I don't think the 100k will hurt that much. Also remember that we
DON'T have to allocate the 100k if the level of proposals doesn't justify
it.

Dinis

On 3/4/07, Andrew van der Stock <vanderaj at owasp.org> wrote:
>
>  Dinis,
>
> Is there any way we could help (say) the PHP project itself? By far the
> worst offender is the lack of security architecture around PHP which leads
> to many apps re-doing the usual suspects (authC, authZ, session management
> (if they do it at all + php is a shared nothing language), data validation,
> output filtering, the works. It's too hard for a normal PHP app to be
> secure. Helping PHP 6.0 become secure by offering to pay someone (or some
> people) who is an acknowledged PHP security dude would really help. If we
> help fund good quality work like the Zend Framework, maybe we could ask Zend
> to match us dollar for dollar.
>
> Dave – is the money right and would it leave enough for you to do OWASP
> EU, especially since SPI aren't paying until later?
>
> Thanks,
> Andrew
>
>
> On 3/4/07 12:15 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:
>
> Ok, I want to take oportunity that I am in San Jose and will be
> participating in the San Francisco Chapter next tuesday to lauch SpoC.
>
> And what I need from you is to agree on the financials.
>
> Here are my ideas (this is a variation of the email I sent a while back):
>
>
>    - No member of the OWASP board is allowed to apply to a SpoC
>    sponsorship (i.e . the four of us :) )
>    -
>    -
>    - We encourage Owasp project leaders to submit proposals. I am
>    planing to have a variation of the
>    http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection
>    <http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection><http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection> which favours them
>    - Initial Budget will be $109,000 (100k from OWASP and 9 from Spy
>    Dinamics). And this is before the membership drive
>    -
>    -
>    - For 100k for projects sponsorships I would like to propose the
>    following numbers as an initial guideline (of course that depending on the
>    proposals we will reorganize this)
>    -
>    - $20,000 on 1 Large project
>       -
>       - $40,000 on Big projects - 8 projects @ $5,000 each
>       - $22,500 on Medium projects - 9 projects @ $2,500 each
>       - $7,500 on 1 internship (at Aspect's offices)
>       -
>       - $10,000 on Donations to Open Source projects: 10 donations
>       of $1,000 each
>       -
>       - I will want to allocated one Big or Medium sponsorship to
>    somebody to help manage the whole SpoC process
>    -
>    -
>    - I don't think we should normalize these sponsorship numbers by GNI
>    (although we might take into account the location of the applicant). This at
>    the moment favours lower rating GNI applicants, but on the AoC that wasn't
>    really an issue.
>    -
>    -
>    - The 10 'Donations to Open Source projects' ($1,000 each) is an
>    idea that I REALLY would like you guys to accept since it is win-win all
>    over the place:
>    -
>    - The idea is to get OWASP Members (and only the members) to vote of
>       the top 10 Open Source projects they use in their companies (we might need
>       to make each corporate member worth 10 points and individual members 1
>       point)
>       - This would exclude OWASP projects since they can apply to
>          SpoC
>          - Naturally the payment would be made to the top 10
>       voted projects
>       -
>       - The payment would be a no-strings attached "Thanks for the
>       hard work in creating this tool (which is widely used and appreciated in the
>       OWASP community) and please keep working on the next version"
>       - This would be another 'unique benefit to OWASP members'
>       - And the PR/Media coverage should be great. We can even make
>       announce and present them at OWASP conferences (to make it a bit more
>       official)
>       -
>       - For Timescales here are two versions
>    -
>    - Aggressive TimeScale (my preference):
>       -
>       - 6th March: SpoC lauch and request for proposals
>          -
>          - 22nd March: Submission Period is finished
>          - 1th April: SPoC Results are announced and SpoC
>          projects begin
>          -
>          - 30 June: SpoC ends
>          -
>          - More relaxedTimeScale:
>       - 6th March: SpoC lauch and request for proposals
>          -
>          - 1st April: Submission Period is finished
>          - 15th April: Results are announced
>          - 1st May: SpoC projects begin
>          -
>          - 31 July: SpoC ends
>
> Ok, guys what do you think?
>
> I will start working on the SpoC Press release now
>
> Dinis
>
> ------------------------------
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070304/61c38222/attachment-0002.html>


More information about the Owasp-board mailing list