[Owasp-board] Non-Profit to Non-Profit

Sebastien Deleersnyder Sebastien.Deleersnyder at telindus.be
Fri Jun 6 13:50:38 UTC 2008


If I understand the question below, it is more a PR question than a technical one.
I see the point doing this with infosec or development organisations. 
What audience are we targetting reaching out to ncme?

Seba
Sebastien

----- Original Message -----
From: owasp-board-bounces at lists.owasp.org <owasp-board-bounces at lists.owasp.org>
To: jeff.williams at owasp.org <jeff.williams at owasp.org>; 'Tom Brennan' <tomb at owasp.org>; 'OWASP Foundation Board List' <owasp-board at lists.owasp.org>
Sent: Fri Jun 06 15:35:02 2008
Subject: Re: [Owasp-board] Non-Profit to Non-Profit

I agree and I also agree that it would be great to help organizations out
with their appsec issues if we can.

I think maybe promoting the use of ESAPI and supporting them in their use of
it might be the best/least problematic way of helping them. We could do
external testing without having to deal with code issues, but using the code
is the best approach. I wonder if we could get the code analysis vendors to
chip in use of their tools for non-profits?

-Dave

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: Thursday, June 05, 2008 4:50 PM
To: 'Tom Brennan'; 'OWASP Foundation Board List'
Subject: Re: [Owasp-board] Non-Profit to Non-Profit

Hi Tom,

I'm sympathetic - 4 kids too you know!  But I don't really think this is the
best way for us to promote OWASP.  It would make sense if OWASP was
promoting something that would help protect kids on the Internet.  Or if we
started a project to help 501c3 organizations get their applications secure.
But I don't really see how this accomplishes much except hand-waving and
exchanging money.  Based on the numbers you sent, the actual expenditure
would be something like $7500?

I do like an OWASP-Gives-Back kind of program.  Can anyone think of a way we
can help non-profits protect themselves?  We could review their code or test
their applications, but the confidentiality problems are a pain.  How can we
ensure their code stays secret?

--Jeff


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan
Sent: Thursday, June 05, 2008 3:06 PM
To: OWASP Foundation Board List
Subject: [Owasp-board] Non-Profit to Non-Profit

Guys, its not the first time I have been accused of thinking outside
the box..... however this idea i think is a great one and would like
your review and VOTE yes/no.

In working with The National Center for Missing & Exploited Children
(http://www.missingkids.com) it occurred to me that when in non-profit
mode we (OWASP) as you know is bringing together some of the best
minds in the world to look at the mission of software security for the
NYC event. The vehicle of course is the INTERNET for web applications.
  In addition, this event is a peer-to-peer social event to make human
connections all for a good cause of awareness and even some of us have
kids... me (4)

The National Center for Missing & Exploited Children as you would
agree is a great cause, it helps children that have been exploited and
or are missing and including INTERNET CRIMES.  The also have a
worldwide coverage fighting an uphill battle of evangelism to get the
word out and has strong relationships with many public and private
firms to assist them in helping kids.

OK so here is my proposal that is acceptable to them.

1. The National Center for Missing & Exploited Children does a press
release that gets picked up worldwide as a "good story" about its
recent partnership with OWASP (that will cost them $250.00 for 1 year)
and talks about the upcoming conference

2. OWASP NYC event will donate 3% of its event ticket sales (seminars
only) to the The National Center for Missing & Exploited Children and
will simply subtract the $250.00 non-profit fee from the monies to be
donated. We will also add there logo as in association with as we have
with ISSA/ISACA/INFRAGARD etc...

I think we are meeting one of our 2008 public service goals with
raising awareness of OWASP outside the "developer/security
conference".  The National Center for Missing & Exploited Children
will to do the press release and announced it to the WORLD that will
ultimately help owasp with more attendees and more sponsors and more
awareness of code issues.

Would you agree with this relationship as good for the human community
and good for owasp?

Please cast your vote on this one - YES / NO - OTHER?

Tom
973-795-1046 x112
_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080606/bfc035d4/attachment-0002.html>


More information about the Owasp-board mailing list