[Owasp-board] (Request for [email protected] special item for OWASPmembers) Fwd: Carolina Blue Sweatshirt

Jeff Williams jeff.williams at aspectsecurity.com
Wed Nov 7 04:27:46 UTC 2007

I vote NO.  But the key issue isn't really financial *or* logistical.
It's a process issue.


It is true that many projects at OWASP have been last-minute
jam-them-through efforts.  But there is absolutely no reason why that
has to be the case.  It's frankly exhausting going through this process
every time Dinis has a good idea - and they are good ideas.  We need to
get to where we're planning these conferences a year out.


I do also agree with Andrew's financial point that we can
nickel-and-dime our way out of being able to do the things we really
want to do.  I basically evaluate every one of these proposals with
this: How does this expense get us closer to a world where I can make
informed decisions about the security of software I use.




From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Tuesday, November 06, 2007 6:04 PM
To: Andrew van der Stock; OWASP Board
Subject: Re: [Owasp-board] (Request for [email protected] special item for
OWASPmembers) Fwd: Carolina Blue Sweatshirt


Sorry Andrew, but there are numerous things on your email that I don't
agree at all (there are also some valid points (like the free shwag)
which we need of course to be sensitive too)

The main one is the financial, you are having a VERY conservative view
of OWASP's financial situation. I haven't looked at the last numbers
(still waiting for Dave who should have them ready by the conference)
BUT if 1200 USD could be an issue for OWASP then we have bigger

I really don't want to have a lengthy emails discussion here, since some
of these issues will be better debated in person next week, but here are
some extra comments:

*	I am approaching this issue as part of the 'OWASP member pack'
creation process, which is something that has been on the works for some
time, and in my view this would be another small step on that direction 
*	Two weeks ago I emailed you guys (namely Dave) and asked for the
possibility of having a special shirt or sweatshirt to give to OWASP
members, and the answer I got was 'good idea but I don't think that we
will have time to print and deliver it in time' 
*	So the problem was a logistic one, and not a financial nor
strategic, nor a 'free shawg' one
*	Since then I have tried two routes to get this done. I had
several email exchanges with Dan Cornell to see if we could do it via
CafePress, and I contacted Deb Brewer from LxStudios (a good friend who
owns a design company in Boston) to see if she had a supplier that could
handle this request. 
*	luckily Deb's supplier could (and can) still do it, so the only
issue was to get you guys to buy in the idea. There is still the 'small'
matter of converting our logo into a 2 color format so that it can be
printed which Deb will sort out for us 

Bottom line, I want to try this service, see how the SweetShirts will
look like and don't want to mess around with Deb who is going out of her
way to help us,

SO, what I will do is, I will order 25 SweetShirts with OWASP logos on
it, PAY for them with MY OWN card, and organize its distribution at the
conference. It's going to cust 600 USD, so it wont break my bank either.

Sorry, to be pushing so strongly on this one, but from experience, the
way we get to final products (like the OWASP member pack) is to go
though several mini-steps like this one (and like the DVD distribution
which only now is about to be distributed (I will send more details
about the issues we had with that one in another email)). 

Ok, so problem solved. Both parties got their way :)

I got the SweatShirts and you guys raised your issues and we didn't do
this via OWASP.


On 11/6/07, Andrew van der Stock <vanderaj at owasp.org> wrote:

I vote NO on the basis that the conference is just around the corner,
and it's another $1200 we didn't expect to spend this close to the
conference. I'm okay with this idea for future OWASP conferences
(Australia / EU) as long we have taken care to plan and budget for the
free shwag, and take into consideration those folks who will prohibited
from attending if we have any free shwag. And that last one isn't a red
herring, it stopped me attending things in the past, and it's a rule at
most of the larger organizations. 


For any future conferences, it's my view that shwag should be no more
than 5% of the gross income derived from attendees, capped at $30 for
those folks paying more (like sponsors etc).  If it's too much stuff,
many companies have anti-graft policies which prohibit gifts greater
than $10, and attendees can't come if it becomes well known that there's
major shwag. At the NAB, I was prohibited going to free Microsoft
launches for example, because they would give away full copies of
software worth several hundred dollars. Being a Mac dude simply didn't
cut the mustard as I might have sold the product on eBay and been
motivated to plug MS to continue getting more free shwag. Most
conferences, including the $1200 ones like Black Hat, give you nothing
beyond a badge and a CD and a bag full of marketing material.  


Whilst we are a non-profit, it doesn't mean everything we do must break
even. Members should not be getting 100% of the fees back in shwag and
other considerations. That's not how it works - we provide value to them
by doing member oriented stuff and promoting our mission and our field,
not returning their money to them in the form of t-shirts and books. If
we returned all the money in the past, we could never grow and never
have afforded to grow to the point where we can afford to do the grants.
We should be making money from the t-shirts and books, not giving them
away. People do not value "free". That is not to say we shouldn't have a
member pack with stuff useful to the members in it, but it should be a
minute percentage of the fee we get from them.  


Conferences are a major source of income over the entire year to pay for
things like our admin person, hosting, servers, software (like the copy
of Pagemaker), and obviously our core programs, such as the Grants and
so on. We can't keep on spending $1200 here and $5000 there - as soon
enough we don't have enough money to pay salaries and keep the link


The amount of stuff we can spend on an event should not be looked at as
a bottomless bag of money or a zero sum game, just because it might
raise $X amount or we get a sponsorship here or there. Far too often
recently, I've read "let's spend X sponsorship on this particular
thing". That is how you get into credit card debt - matching income to
specific purchases. We don't have credit, and must never get there for
operating expenses. Although I am not against progress, we must be
responsible, or otherwise we will have to become far smaller than we are
today and lose all the momentum we have built up.  


Dinis, you have great ideas, and please don't stop them. But let's get
into discussions about how we can best make use of the budget we have
for the next conference, balancing our needs to grow in our activities
versus "free" shwag for members. As I understand it, we have ribbons or
similar (a la Black Hat and most other conferences I've been to) to
differentiate speakers, etc. That's enough for this conference
considering that it is on in less than two week's time.  






On Nov 6, 2007, at 3:43 PM, Dinis Cruz wrote:


	Humm, I am not getting a warm feeling of support from you guys
on this idea. Remember that the objective is to give our members
something extra, and that I will help with the extra logistics. 
	The cost here is about 1200 USD with a unit cost (with shipping)
of about 24 USD, which since our non-individual membership starts at
2000 USD, so this is not really a cost issue. 
	Let make this simple: Yes or No? 
	I vote YES

	On 11/6/07, dave wichers < dave.wichers at owasp.org
<mailto:dave.wichers at owasp.org> > wrote:

	I think it will be difficult to ID members since many speakers
are also members but they didn't register as members.  Its also warm in
SJ  so people won't wear then there. I'm also concerned about the cost
relative to membership fee's. 
	People also don't wear sweatshirts to professional events /
offices which is where most people wear shirts and stuff with
professional logos. I can't imagine when I would wear one, for example.
	-----Original Message-----
	From: "Dinis Cruz" <dinis at ddplus.net>
	To: "Jeff Williams" < jeff.williams at aspectsecurity.com >
	Cc: "OWASP Board" < owasp-board at lists.owasp.org
<mailto:owasp-board at lists.owasp.org> >
	Sent: 11/6/2007 12:24 PM
	Subject: Re: [Owasp-board] (Request for [email protected] special item
for      OWASPmembers) Fwd: Carolina Blue Sweatshirt 
	I REALLY want to give our member something unique! Specially
something they 
	could wear on the day which 'differenciates' them from the
'other' non
	For now, my main focus are our members, so I would say that we
get 50, give 
	them to the members that are there (starting with the
non-individual ones), 
	and then figure out what to do with the rest (probably give them
to owasp
	leaders on a first come first server basis)
	Since the numbers are not that high (50), I can help with the
logistics on 
	this one :) since this activity falls into my OWASP evagelism
activities :) 
	So are you guys OK with it?
	On 11/6/07, Jeff Williams < jeff.williams at aspectsecurity.com
<mailto:jeff.williams at aspectsecurity.com> > wrote:
	>  Since everyone is already getting a shirt I think this may be
	> and one more logistical thing to deal with.  I do like the
idea of doing
	> this kind of thng to encourae the leaders.  We do have a
slight problem 
	> defining exactly who a leader is... Some chapters have
multiple people
	> signed up.
	> --Jeff
	> -----Original Message-----
	> From: "Dinis Cruz" < dinis at ddplus.net
<mailto:dinis at ddplus.net> >
	> To: "OWASP Board" <owasp-board at lists.owasp.org>
	> Sent: 11/6/2007 10:52 AM
	> Subject: [Owasp-board] (Request for [email protected] special item for
	> members) Fwd: Carolina Blue Sweatshirt
	> Hi guys
	> Using a good friend in the US (who is into design production)
we are able 
	> to get the following deal: a Carolina Blue Sweatshirt for
about 22 USD with 
	> an extra 75 USD delivery (if we order 50 it should be a total
of 1200 USD).
	> See below for a screenshot and some more details. 
	> Since we are going to have at the conference about 40
representatives from 
	> current OWASP members, I would like to propose that we give
each one them
	> and all participating OWASP leaders one of these Sweetshirts.
This would be 
	> a good 'kudos' item, and if the sweetshirts look ok, we could
even put them 
	> in the OWASP member pack.
	> What do you guys say? Are you OK to go ahead with this?
	> We really need the decision today 
	> Thanks
	> Dinis
	> ---------- Forwarded message ---------- 
	> From: Deb Brewer < deb at lxstudios.com
<mailto:deb at lxstudios.com> >
	> Date: Nov 6, 2007 2:14 PM
	> Subject: Re: Carolina Blue Sweatshirt
	> To: Dinis Cruz < dinis at ddplus.net <mailto:dinis at ddplus.net> >
	> Hi Dinis!
	> The first scenario you typed, one flat rush fee of 75, we
don't have a
	> rush fee on each shirt.
	> Are you cool with the 1-color rendition of the logo? 
	> On 11/6/07 8:17 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:
	>         Hi Deb
	>         Will the final price be something like ($20 * 50) +
$75    ( i.e.
	> 50 items at $20 each plus $75 for shipping)
	>         or
	>         ($20 + $75) * 50    ( i.e. $95 per item x 50)
	>         If we are talking about 50 t-shirts
	>         Regarding sizes I would say all XL (to make it simple)
	>         Dinis
	>         On 11/6/07, Deb Brewer <deb at lxstudios.com    <
	> mailto: deb at lxstudios.com <mailto:deb at lxstudios.com>
<deb at lxstudios.com>> <mailto: deb at lxstudios.com
<mailto:deb at lxstudios.com> < deb at lxstudios.com
<mailto:deb at lxstudios.com> >>
	> > wrote:
	>                 Hi Dinis, 
	>                 Here is rough pricing on the shirt below. I'll
have to
	> convert the art to one color (will print white underneath and
then a dark 
	> blue for the graphic) in order to make this deadline. What do
you think? Do 
	> you think you'll want to proceed ? Sorry I can't pull it off
in full color.
	> She'll need our order approval ASAP. I can firm up pricing
when I know what 
	> sizes you need. Talk soon! D
	>                 2-color left chest
	>                 S-XL: $20.43
	>                 XXL:  $25.04
	>                 Rush Charge: $75; Expedited shipping, UPS Red
to reach 
	> Californ. By Nov. 14 
	>                 Carolina Blue.
	>                 Qtys available are:
	>                 96 med; 120 XL; and 48 @XL.
	>                 Can  you let me know ASAP so we can place an
order and not 
	> lose the stock.
	>                 We will have to ship overnight as this vendor
is not
	> within a 1-day ship zone.
	>                 ------ End of Forwarded Message 


	Owasp-board mailing list
	Owasp-board at lists.owasp.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071106/7361b3a5/attachment-0002.html>

More information about the Owasp-board mailing list