[Owasp-board] Non-Profit to Non-Profit

dinis cruz dinis.cruz at owasp.org
Fri Jun 6 14:07:36 UTC 2008


If I am reading this correctly the question here is: *should OWASP give a %
of their training classes profits to another charity*, and if so, (in my
point of view) there are two questions to ask:

1) Should we do it at all?
2) if we do it, who we do give the money to?

My answer to the #1 is YES. OWASP has a good ability to make money, and the
more people we help the better. So distributing some of the money we have to
other organizations is always a good thing and makes total sense.

On #2, as always we should try it. So I propose that we
      1) decide that we will allocate those 3% to A US charity organization,

      2) ask for people in the owasp-leaders and owasp-members to propose
candidates and
      3) reviewing the proposals
      4) make a decision on who to sponsor

Tom, since you are the one driving this, I would suggest that you handle
this process, and kickstart it with your recommendation for
http://www.missingkids.com

Dinis

On Fri, Jun 6, 2008 at 2:50 PM, Sebastien Deleersnyder <
Sebastien.Deleersnyder at telindus.be> wrote:

>  If I understand the question below, it is more a PR question than a
> technical one.
> I see the point doing this with infosec or development organisations.
> What audience are we targetting reaching out to ncme?
>
> Seba
> Sebastien
>
> ----- Original Message -----
> From: owasp-board-bounces at lists.owasp.org <
> owasp-board-bounces at lists.owasp.org>
> To: jeff.williams at owasp.org <jeff.williams at owasp.org>; 'Tom Brennan' <
> tomb at owasp.org>; 'OWASP Foundation Board List' <
> owasp-board at lists.owasp.org>
> Sent: Fri Jun 06 15:35:02 2008
> Subject: Re: [Owasp-board] Non-Profit to Non-Profit
>
> I agree and I also agree that it would be great to help organizations out
> with their appsec issues if we can.
>
> I think maybe promoting the use of ESAPI and supporting them in their use
> of
> it might be the best/least problematic way of helping them. We could do
> external testing without having to deal with code issues, but using the
> code
> is the best approach. I wonder if we could get the code analysis vendors to
> chip in use of their tools for non-profits?
>
> -Dave
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org<owasp-board-bounces at lists.owasp.org>]
> On Behalf Of Jeff Williams
> Sent: Thursday, June 05, 2008 4:50 PM
> To: 'Tom Brennan'; 'OWASP Foundation Board List'
> Subject: Re: [Owasp-board] Non-Profit to Non-Profit
>
> Hi Tom,
>
> I'm sympathetic - 4 kids too you know!  But I don't really think this is
> the
> best way for us to promote OWASP.  It would make sense if OWASP was
> promoting something that would help protect kids on the Internet.  Or if we
> started a project to help 501c3 organizations get their applications
> secure.
> But I don't really see how this accomplishes much except hand-waving and
> exchanging money.  Based on the numbers you sent, the actual expenditure
> would be something like $7500?
>
> I do like an OWASP-Gives-Back kind of program.  Can anyone think of a way
> we
> can help non-profits protect themselves?  We could review their code or
> test
> their applications, but the confidentiality problems are a pain.  How can
> we
> ensure their code stays secret?
>
> --Jeff
>
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org<owasp-board-bounces at lists.owasp.org>]
> On Behalf Of Tom Brennan
> Sent: Thursday, June 05, 2008 3:06 PM
> To: OWASP Foundation Board List
> Subject: [Owasp-board] Non-Profit to Non-Profit
>
> Guys, its not the first time I have been accused of thinking outside
> the box..... however this idea i think is a great one and would like
> your review and VOTE yes/no.
>
> In working with The National Center for Missing & Exploited Children
> (http://www.missingkids.com) it occurred to me that when in non-profit
> mode we (OWASP) as you know is bringing together some of the best
> minds in the world to look at the mission of software security for the
> NYC event. The vehicle of course is the INTERNET for web applications.
>   In addition, this event is a peer-to-peer social event to make human
> connections all for a good cause of awareness and even some of us have
> kids... me (4)
>
> The National Center for Missing & Exploited Children as you would
> agree is a great cause, it helps children that have been exploited and
> or are missing and including INTERNET CRIMES.  The also have a
> worldwide coverage fighting an uphill battle of evangelism to get the
> word out and has strong relationships with many public and private
> firms to assist them in helping kids.
>
> OK so here is my proposal that is acceptable to them.
>
> 1. The National Center for Missing & Exploited Children does a press
> release that gets picked up worldwide as a "good story" about its
> recent partnership with OWASP (that will cost them $250.00 for 1 year)
> and talks about the upcoming conference
>
> 2. OWASP NYC event will donate 3% of its event ticket sales (seminars
> only) to the The National Center for Missing & Exploited Children and
> will simply subtract the $250.00 non-profit fee from the monies to be
> donated. We will also add there logo as in association with as we have
> with ISSA/ISACA/INFRAGARD etc...
>
> I think we are meeting one of our 2008 public service goals with
> raising awareness of OWASP outside the "developer/security
> conference".  The National Center for Missing & Exploited Children
> will to do the press release and announced it to the WORLD that will
> ultimately help owasp with more attendees and more sponsors and more
> awareness of code issues.
>
> Would you agree with this relationship as good for the human community
> and good for owasp?
>
> Please cast your vote on this one - YES / NO - OTHER?
>
> Tom
> 973-795-1046 x112
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080606/fa1122e6/attachment-0002.html>


More information about the Owasp-board mailing list