[Owasp-board] FW: [Owasp-leaders] What do you want OWASP to become?

Dave Wichers dave.wichers at owasp.org
Fri Nov 9 16:21:04 UTC 2007


What do you think about Ivan's proposal to create some smaller/cheaper
corporate membership categories for very small companies that want to join,
but won't because it's too expensive.

-Dave

-----Original Message-----
From: Ivan Ristic [mailto:ivan.ristic at gmail.com] 
Sent: Friday, November 09, 2007 9:32 AM
To: Dave Wichers
Subject: Re: [Owasp-leaders] What do you want OWASP to become?

Speaking from experience (when I was the only employee in my company),
I would have paid $500 essentially without thinking. (By the way, I
did pay for my personal membership then but I didn't think it would be
ethical to associate my business with OWASP just because I paid $100.)
But there was no way I could justify spending $3000. Even $1000 would
be too much. But I imagine 1-person companies are relatively rare, no?
I think having a $1000 membership would be a significant improvement.
We could have something like $500 (1-3 people) $1000 (<= 9), $3000 (<=
24), and $8000 (25+). I think this would make it easier for smaller
organisations to support OWASP. Just my 2 cents.

BTW, vendors that want to pay $9000 would probably pay $10000 too :)

See you at the conference!

On Nov 9, 2007 1:44 AM, Dave Wichers <dave.wichers at owasp.org> wrote:
> Ivan,
>
> Do you think adding in a $1K or maybe only $500 level for independent
> consultants makes sense? Would be helpful? I would think that such people
> would simply sign up as an individual member for $100. I wouldn't expect
an
> independent consultant to expect to get his logo listed at OWASP as a
> corporate member. You can always donate if you want to pay more than the
> $100.
>
> -Dave
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
>
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Ivan Ristic
> Sent: Thursday, November 08, 2007 6:22 PM
> To: Dinis Cruz
> Cc: OWASP Leaders
> Subject: Re: [Owasp-leaders] What do you want OWASP to become?
>
> Some random thoughts:
>
> * I think we should continue along the path we are on right now and
> strengthen our positions. Continue to grow the network of Chapters,
> work on our conferences, and so on. Increase quality before expanding
> to new venues.
>
> * I also very much like the organisation of the Apache Foundation.
>
> * We need to introduce concept of project incubation, minimal criteria
> required for a project to officially become an OWASP project.
>
> * I like the idea of certification but I don't think we are ready at
> this point. Also, this is an effort that needs to be handled
> professionally by full-time staff.
>
> * As I said before, I think whoever wants to be called a member needs
> to pay for it. Perhaps we could waive the fees for certain individuals
> after the first year. Also, the last time I looked the entry level
> fees for organisations were too high for very small business (e.g.
> independent security consultants).
>
>
> On Nov 1, 2007 12:34 AM, Dinis Cruz <dinis at ddplus.net> wrote:
> > Taking Adam's question head on (Adam's original email is included at the
> > end),
> >
> > OWASP Leaders, please answer these questions:
> >
> > As it grows: what do you want OWASP to become?
> >
> > A certifying and CBK type pseudo-company like (ISC)2?
> > An open source project organized along the lines of Debian, Apache, or a
> > similar group that owns a set of projects?
> > Does OWASP want to certify apps, testers, both or none? (I've seen all
POV
> > advocated)
> > Who will be required to pay what kind of dues, if any?
> > How formal of an organization will OWASP become?
> > Is the status quo preferable to the proposed change?
> > Other?For the newer members of this list, here are some pages from our
> > www.owasp.org website which you might find interesting:
> >
> > https://www.owasp.org/index.php/About_OWASP
> >  https://www.owasp.org/index.php/How_OWASP_Works
> >
>
https://www.owasp.org/index.php?title=How_OWASP_Works&diff=22690&oldid=15689
> > (this is a previous version of the 'How OWASP Works' page which contains
> > some ideas about the future)
> > https://www.owasp.org/index.php/OWASP_brand_usage_rules
> > https://www.owasp.org/index.php/Chapter_Rules
> > https://www.owasp.org/index.php/Chapter_Leader_Handbook
> > https://www.owasp.org/index.php/Category:Chapter_Resources
> > http://www.owasp.org/index.php/Tutorial#Editing_OWASP And finally, if
you
> > haven't seen this amazing page created by Sebastien a while back with
> > descirptions and links to past OWASP presentations, you must check it
out
> > now: http://www.owasp.org/index.php/OWASP_Education_Presentation
> >
> > Back to the topic at hand. Now is the time to present and defend your
> ideas
> > and vision for OWASP (if you not are comfortable in sending them to the
> > list, send them to me directly on dinis.cruz at owasp.net)
> >
> > Thanks Adam for kickstarting this conversation :)
> >
> > Dinis Cruz
> >
> >
> > On 10/31/07, Adam Muntner <adam.muntner at quietmove.com> wrote:
> > > There is a lot of conversation about how to best organize OWASP -
> > > interesting discussion but if we take that approach we may end up with
> > >  an OWASP that doesn't meet anyone's needs goal-wise, just
> > > structure-wise. Which doesn't mean much.
> > >
> > > It sounds like more fundamantally theres a debate going on about the
> > > direction of OWASP -as it grows, what's it to become?
> > >
> > > - A certifying and CBK type pseudo-company like (ISC)2?
> > > - An open source project organized along the lines of Debian, Apache,
or
> > > a similar group that owns a set of projects?
> > > - Does OWASP want to certify apps, testers, both or none? (I've seen
all
> > > POV advocated)
> > > - Who will be required to pay what kind of dues, if any?
> > > - How formal of an organization will OWASP become?
> > > - Is the status quo preferable to the proposed change?
> > >
> > > These are some of the more basic questions I've seen bubble to
> > > the surface... IMO better to address these big questions and then
> > > figure out how the structure could best support it... rather than end
up
> > > with a bunch of rules and regs that don't fit anyone in particular.
> > >
> > > Just my .02!
> > >
> > >
> > >
> > >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
>
>
>
> --
> Ivan Ristic
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>



-- 
Ivan Ristic





More information about the Owasp-board mailing list