[Owasp-board] FW: [Owasp-leaders] What do you want OWASP to become?

Dinis Cruz dinis at ddplus.net
Fri Nov 9 16:27:53 UTC 2007


I think is a good idea since it would also work for non US/UK companies
(eventually we should do the GNP international adjustment)

We should sit down on Tuesday night and have a board meeting to discuss
issues like these, so that we can announce them at the conference

Dinis

On 11/9/07, Dave Wichers <dave.wichers at owasp.org> wrote:
>
> What do you think about Ivan's proposal to create some smaller/cheaper
> corporate membership categories for very small companies that want to
> join,
> but won't because it's too expensive.
>
> -Dave
>
> -----Original Message-----
> From: Ivan Ristic [mailto:ivan.ristic at gmail.com]
> Sent: Friday, November 09, 2007 9:32 AM
> To: Dave Wichers
> Subject: Re: [Owasp-leaders] What do you want OWASP to become?
>
> Speaking from experience (when I was the only employee in my company),
> I would have paid $500 essentially without thinking. (By the way, I
> did pay for my personal membership then but I didn't think it would be
> ethical to associate my business with OWASP just because I paid $100.)
> But there was no way I could justify spending $3000. Even $1000 would
> be too much. But I imagine 1-person companies are relatively rare, no?
> I think having a $1000 membership would be a significant improvement.
> We could have something like $500 (1-3 people) $1000 (<= 9), $3000 (<=
> 24), and $8000 (25+). I think this would make it easier for smaller
> organisations to support OWASP. Just my 2 cents.
>
> BTW, vendors that want to pay $9000 would probably pay $10000 too :)
>
> See you at the conference!
>
> On Nov 9, 2007 1:44 AM, Dave Wichers <dave.wichers at owasp.org> wrote:
> > Ivan,
> >
> > Do you think adding in a $1K or maybe only $500 level for independent
> > consultants makes sense? Would be helpful? I would think that such
> people
> > would simply sign up as an individual member for $100. I wouldn't expect
> an
> > independent consultant to expect to get his logo listed at OWASP as a
> > corporate member. You can always donate if you want to pay more than the
> > $100.
> >
> > -Dave
> >
> > -----Original Message-----
> > From: owasp-leaders-bounces at lists.owasp.org
> >
> > [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Ivan Ristic
> > Sent: Thursday, November 08, 2007 6:22 PM
> > To: Dinis Cruz
> > Cc: OWASP Leaders
> > Subject: Re: [Owasp-leaders] What do you want OWASP to become?
> >
> > Some random thoughts:
> >
> > * I think we should continue along the path we are on right now and
> > strengthen our positions. Continue to grow the network of Chapters,
> > work on our conferences, and so on. Increase quality before expanding
> > to new venues.
> >
> > * I also very much like the organisation of the Apache Foundation.
> >
> > * We need to introduce concept of project incubation, minimal criteria
> > required for a project to officially become an OWASP project.
> >
> > * I like the idea of certification but I don't think we are ready at
> > this point. Also, this is an effort that needs to be handled
> > professionally by full-time staff.
> >
> > * As I said before, I think whoever wants to be called a member needs
> > to pay for it. Perhaps we could waive the fees for certain individuals
> > after the first year. Also, the last time I looked the entry level
> > fees for organisations were too high for very small business (e.g.
> > independent security consultants).
> >
> >
> > On Nov 1, 2007 12:34 AM, Dinis Cruz <dinis at ddplus.net> wrote:
> > > Taking Adam's question head on (Adam's original email is included at
> the
> > > end),
> > >
> > > OWASP Leaders, please answer these questions:
> > >
> > > As it grows: what do you want OWASP to become?
> > >
> > > A certifying and CBK type pseudo-company like (ISC)2?
> > > An open source project organized along the lines of Debian, Apache, or
> a
> > > similar group that owns a set of projects?
> > > Does OWASP want to certify apps, testers, both or none? (I've seen all
> POV
> > > advocated)
> > > Who will be required to pay what kind of dues, if any?
> > > How formal of an organization will OWASP become?
> > > Is the status quo preferable to the proposed change?
> > > Other?For the newer members of this list, here are some pages from our
> > > www.owasp.org website which you might find interesting:
> > >
> > > https://www.owasp.org/index.php/About_OWASP
> > >  https://www.owasp.org/index.php/How_OWASP_Works
> > >
> >
>
> https://www.owasp.org/index.php?title=How_OWASP_Works&diff=22690&oldid=15689
> > > (this is a previous version of the 'How OWASP Works' page which
> contains
> > > some ideas about the future)
> > > https://www.owasp.org/index.php/OWASP_brand_usage_rules
> > > https://www.owasp.org/index.php/Chapter_Rules
> > > https://www.owasp.org/index.php/Chapter_Leader_Handbook
> > > https://www.owasp.org/index.php/Category:Chapter_Resources
> > > http://www.owasp.org/index.php/Tutorial#Editing_OWASP And finally, if
> you
> > > haven't seen this amazing page created by Sebastien a while back with
> > > descirptions and links to past OWASP presentations, you must check it
> out
> > > now: http://www.owasp.org/index.php/OWASP_Education_Presentation
> > >
> > > Back to the topic at hand. Now is the time to present and defend your
> > ideas
> > > and vision for OWASP (if you not are comfortable in sending them to
> the
> > > list, send them to me directly on dinis.cruz at owasp.net)
> > >
> > > Thanks Adam for kickstarting this conversation :)
> > >
> > > Dinis Cruz
> > >
> > >
> > > On 10/31/07, Adam Muntner <adam.muntner at quietmove.com> wrote:
> > > > There is a lot of conversation about how to best organize OWASP -
> > > > interesting discussion but if we take that approach we may end up
> with
> > > >  an OWASP that doesn't meet anyone's needs goal-wise, just
> > > > structure-wise. Which doesn't mean much.
> > > >
> > > > It sounds like more fundamantally theres a debate going on about the
> > > > direction of OWASP -as it grows, what's it to become?
> > > >
> > > > - A certifying and CBK type pseudo-company like (ISC)2?
> > > > - An open source project organized along the lines of Debian,
> Apache,
> or
> > > > a similar group that owns a set of projects?
> > > > - Does OWASP want to certify apps, testers, both or none? (I've seen
> all
> > > > POV advocated)
> > > > - Who will be required to pay what kind of dues, if any?
> > > > - How formal of an organization will OWASP become?
> > > > - Is the status quo preferable to the proposed change?
> > > >
> > > > These are some of the more basic questions I've seen bubble to
> > > > the surface... IMO better to address these big questions and then
> > > > figure out how the structure could best support it... rather than
> end
> up
> > > > with a bunch of rules and regs that don't fit anyone in particular.
> > > >
> > > > Just my .02!
> > > >
> > > >
> > > >
> > > >
> > >
> > > _______________________________________________
> > > OWASP-Leaders mailing list
> > > OWASP-Leaders at lists.owasp.org
> > > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > >
> > >
> >
> >
> >
> > --
> > Ivan Ristic
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
>
>
>
> --
> Ivan Ristic
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071109/7137ce32/attachment-0002.html>


More information about the Owasp-board mailing list