[Owasp-board] SpoC Financials

Dinis Cruz dinis at ddplus.net
Mon Mar 5 19:00:00 UTC 2007


Cool, I think that it would be great to be able to a make a good difference
in the PHP world.

So talk to them and ask for proposals. I am happy for you to present the
SpoC 007 details since that will give them a bigger picture of what is going
on.

The problem with that graph is that is reflects more on Sourceforge usage
and not on open source/development trends (for example there are tons of
.net projects in gotdotnet)

Dinis

On 3/5/07, Andrew van der Stock <vanderaj at owasp.org> wrote:
>
>  I am meeting at the Columbia PHP User Group tonight. Two core folks will
> be there: Chris Shiflett and Wez Furlong. I will bring it up and get them to
> submit an application. Let's score it as if it were any other submission,
> but let's also keep in mind if PHP went from the way ASP was to how
> relatively good ASP.NET is, we'd see far fewer things in the open source
> world.
>
> These are the real world statistics from SourceForge:
>
> http://www.cs.berkeley.edu/~flab/languages.html<http://www.cs.berkeley.edu/%7Eflab/languages.html>
>
>

18% of all projects are in Java, but not all of these are web apps. 13% of
> all apps are PHP, and I'd say nearly 100% of those would be web apps. Only
> 0.58% are ASP, and 3.29% are in C#.
>
> Thanks,
> Andrew
>
>
> On 3/4/07 11:54 PM, "Jeff Williams" <jeff.williams at owasp.org> wrote:
>
> I don't have a problem with this at all, although I think that projects
> that are not OWASP projects will have a difficult time getting high scores
> using the current criteria (which I think are right).  So let's see how it
> comes out?
>
>
> --Jeff
>
>
>
>
>   ------------------------------
>
> *From:* owasp-board-bounces at lists.owasp.org [
> mailto:owasp-board-bounces at lists.owasp.org]<owasp-board-bounces at lists.owasp.org%5D>
> *On Behalf Of *Dave Wichers
> *Sent:* Sunday, March 04, 2007 1:09 PM
> *To:* 'OWASP Board'
> *Subject:* Re: [Owasp-board] SpoC Financials
>
> This seems interesting/weird to me. Are we saying that people can propose
> a project that is not an OWASP project and still get OWASP to fund it? That
> seems somewhat odd to me. That said, I think helping other efforts like PHP
> wouldn't be a bad idea.
>
> We have to be careful about match funding, because we only have so much.
> Maybe we can say that we'll work on getting match funding for projects, and
> the match might come from OWASP, and it might come from another sponsor. Why
> would they care where the match $ came from, as long as it leverages their
> $. In fact, we might be able to get multiple matches to one sponsor's
> pledge, which would be cool, since then we'd get 3 or more times the
> original amount pledged.
>
> -Dave
>
>
> ------------------------------
>
> *From:* owasp-board-bounces at lists.owasp.org [
> mailto:owasp-board-bounces at lists.owasp.org]<owasp-board-bounces at lists.owasp.org%5D>
> *On Behalf Of *Dinis Cruz
> *Sent:* Sunday, March 04, 2007 11:26 AM
> *To:* Andrew van der Stock
> *Cc:* OWASP Board
> *Subject:* Re: [Owasp-board] SpoC Financials
>
> Of course we can sponsor  PHP projects, in theory there are only two
> limitations in SpoC: 1) none of us can apply and 2) the applicant must be
> from a country OWASP can do business with (well the amount of money
> available is also a limitation :)  )
>
> What we need is good proposals for projects. So Andrew rattle up your PHP
> contacts and use SpoC to sponsor them.
>
> Regarding the match-funding of projects by other organizations, that is
> one of the ideas that I want to put out in the membership drive. I will
> propose multiple ideas for other companies (and non-profit organizations) to
> match fund SpoC projects (as in OWASP puts in 5k and they put in 5k)
>
> On the financials, the last number that I saw was that we had 180k in the
> bank, so I don't think the 100k will hurt that much. Also remember that we
> DON'T have to allocate the 100k if the level of proposals doesn't justify
> it.
>
> Dinis
>
> On 3/4/07, *Andrew van der Stock* <vanderaj at owasp.org> wrote:
>
> Dinis,
>
> Is there any way we could help (say) the PHP project itself? By far the
> worst offender is the lack of security architecture around PHP which leads
> to many apps re-doing the usual suspects (authC, authZ, session management
> (if they do it at all + php is a shared nothing language), data validation,
> output filtering, the works. It's too hard for a normal PHP app to be
> secure. Helping PHP 6.0 become secure by offering to pay someone (or some
> people) who is an acknowledged PHP security dude would really help. If we
> help fund good quality work like the Zend Framework, maybe we could ask Zend
> to match us dollar for dollar.
>
> Dave – is the money right and would it leave enough for you to do OWASP
> EU, especially since SPI aren't paying until later?
>
> Thanks,
> Andrew
>
>
> On 3/4/07 12:15 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:
> Ok, I want to take oportunity that I am in San Jose and will be
> participating in the San Francisco Chapter next tuesday to lauch SpoC.
>
> And what I need from you is to agree on the financials.
>
> Here are my ideas (this is a variation of the email I sent a while back):
>
>    - No member of the OWASP board is allowed to apply to a SpoC
>    sponsorship (i.e . the four of us :) )
>    -
>    -
>    - We encourage Owasp project leaders to submit proposals. I am
>    planing to have a variation of the
>    http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection
>    <http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection><http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection>
>    <http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection><http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection>  which favours them
>    - Initial Budget will be $109,000 (100k from OWASP and 9 from Spy
>    Dinamics). And this is before the membership drive
>    -
>    -
>    - For 100k for projects sponsorships I would like to propose the
>    following numbers as an initial guideline (of course that depending on the
>    proposals we will reorganize this)
>    -
>    - $20,000 on 1 Large project
>       -
>       - $40,000 on Big projects - 8 projects @ $5,000 each
>       - $22,500 on Medium projects - 9 projects @ $2,500 each
>       - $7,500 on 1 internship (at Aspect's offices)
>       -
>       - $10,000 on Donations to Open Source projects: 10 donations
>       of $1,000 each
>       -
>       - I will want to allocated one Big or Medium sponsorship to
>    somebody to help manage the whole SpoC process
>    -
>    -
>    - I don't think we should normalize these sponsorship numbers by GNI
>    (although we might take into account the location of the applicant). This at
>    the moment favours lower rating GNI applicants, but on the AoC that wasn't
>    really an issue.
>    -
>    -
>    - The 10 'Donations to Open Source projects' ($1,000 each) is an
>    idea that I REALLY would like you guys to accept since it is win-win all
>    over the place:
>    -
>    - The idea is to get OWASP Members (and only the members) to vote of
>       the top 10 Open Source projects they use in their companies (we might need
>       to make each corporate member worth 10 points and individual members 1
>       point)
>       - This would exclude OWASP projects since they can apply to
>          SpoC
>          - Naturally the payment would be made to the top 10
>       voted projects
>       -
>       - The payment would be a no-strings attached "Thanks for the
>       hard work in creating this tool (which is widely used and appreciated in the
>       OWASP community) and please keep working on the next version"
>       - This would be another 'unique benefit to OWASP members'
>       - And the PR/Media coverage should be great. We can even make
>       announce and present them at OWASP conferences (to make it a bit more
>       official)
>       -
>       - For Timescales here are two versions
>    -
>    - Aggressive TimeScale (my preference):
>       -
>       - 6th March: SpoC lauch and request for proposals
>          -
>          - 22nd March: Submission Period is finished
>          - 1th April: SPoC Results are announced and SpoC
>          projects begin
>          -
>          - 30 June: SpoC ends
>          -
>          - More relaxedTimeScale:
>       - 6th March: SpoC lauch and request for proposals
>          -
>          - 1st April: Submission Period is finished
>          - 15th April: Results are announced
>          - 1st May: SpoC projects begin
>          -
>          - 31 July: SpoC ends
>
> Ok, guys what do you think?
>
> I will start working on the SpoC Press release now
>
> Dinis
>
> ------------------------------
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070305/f7f86f39/attachment-0002.html>


More information about the Owasp-board mailing list