[Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008

Dave Wichers dave.wichers at owasp.org
Mon Mar 3 19:25:59 UTC 2008

I disagree that we should encourage directed memberships so much. I like
them, don’t get me wrong, but some companies are completely OK joining
without this additional incentive, and I’d prefer to keep it that way.




From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Monday, March 03, 2008 1:01 PM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of
OWASP Summer of Code2008


But have we asked those members if they want to allocate their funds to
specific projects?

If the answer is No (which is what I suspect) then just in principle we
should ask them since there were several conversations that I had last year
(namely at the San Jose Conference where I spoke with the Cigital & Ebay
guys, and I mentioned this concept in my keynote speach (amongst other past
references from us)).

Another reason for contacting these new members is because l would like to
have a couple names already in the 'SoC 08 list of projects with directly
sponsorship funds' since that would be a motivation for the other 'soon to
join members' to join in the next month.

Finally, If those members were not asked which projects they would like to
sponsor, I view that as a 'operational issue due to lack of admin resources
at the time (on the OWASP part), since as discussed before, we should be
giving them the option to sponsor specific projects.

So part of the outcome of this thread, should be an action item to add to
the new/renueal member (3000 USD and up) subscription workflow a step to ask
the OWASP member which OWASP project they would like to sponsor (Alison can
you add this item to the next OWASP board meeting just to make sure
everybody in onboard, thanks).


On 3/3/08, Dave Wichers <dave.wichers at owasp.org> wrote:



I agree with you. My point is that I don't want to go back to companies that
have already joined, and then ask them to direct their already paid funds.
If they felt comfortable giving us the freedom to use their money wisely,
then lets do so. For those that need the incentive to direct how their
membership is spent, then lets offer that too to people that have not yet
joined, or for anyone that is renewing their membership.




From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Monday, March 03, 2008 10:00 AM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of
OWASP Summer of Code2008


Although having our members allocate their membership fee to specific
projects does limit our 'freedom' to allocate those funds, I will argue that
the concept of "... member has the ability to allocate membership fees to
specific projects..." is a very strong one and one that motivates companies
to join OWASP (for example Cigital's case with CLASP).

At the moment we have 100,000 USD available (or 95,000 USD taking into
account Leo's Honeycomb project) so I think that gives OWASP enough freedom
to chose the best suited projects amongst the received proposals .

Also remember that when a company choses a particular OWASP project they are
basically saying 'I am very interested in THAT project' which ideally would
mean that they (that company) would be actively involved in that project (I
also predict that this type of 'membership fees allocation' will be much
more relevant and interesting for non-vendor members (since they are usually
the ones that really benefit from specific OWASP projects))


On 2/29/08, Dave Wichers <dave.wichers at owasp.org> wrote:



I don't want to encourage membership money to be directed, but I want to
offer that as an option. I would personally prefer undirected OWASP
membership money as that gives us the freedom to use it as we best see fit.
I also don't want SoC 08 to be so big we can't manage it properly.


I think its reasonable to ask people to contribute ideas though and so I
think soliciting that is a good idea.


Fortify has already directed their $ to an ESAPI project. Jeff knows the




From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Friday, February 29, 2008 11:46 AM
To: OWASP Foundation Board List
Subject: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP
Summer of Code2008


Wow, this is much better than I expected, the number of new members (both
personal and corporate) are finally starting to be 'not embarrassing small'
(like they were in the past). We need to make this information more public.

Couple things:

  - We should include on the newsletter the names of the new members (with a
thank you note). Anybody has a problem with us posting this information in
  - We should also have a page with the current OWASP individual members,
since most of those members would really appreciate that (especially if we
include in there the 'date of joining'), Regarding privacy, everything at
OWASP is open so if somebody wants to be a member but doesn't want their
name published they should sign up with a fake name, is that fair?
  - Paulo, following our previous public statements on the direct allocation
of membership fees to Season of Code projects, for the SoC 08, can you
contact (individually (i.e. individual emails)) the direct OWASP contact of
the new/renewed members (3000 USD and up) and ask them if they have any
OWASP project (or idea) that they would like they memberships fees to be
allocated to (for example I would expect Cigital to allocate their fees to
the CLASP project, Fortify to allocate their funding to the management of
the scanning of OWASP tools using the Fortify and Coverity software, EBay
might want to sponsor the next version of the OWASP top 10, etc...).  I
don't expect all to respond, but for the ones that do, that amount should be
added to the 100k USD (remember that the more companies allocate their
budgets to SoC 08, the easier it gets to convince other companies to join
OWASP and allocated they membership fees to projects they are interested in)


---------- Forwarded message ----------
From: alison.mcnamee at owasp.org <alison.mcnamee at owasp.org>
Date: Feb 29, 2008 4:09 PM
Subject: Re: [Owasp-board] [Owasp-leaders] To advertise the launch of OWASP
Summer of Code2008
To: Dinis Cruz <dinis at ddplus.net>


I copied and pasted the info below.  The formatting is a little bit off,
but all of the info is here.  It includes the name of the member,
registration method, and total paid.

Christian       Kmosko  Cvent   $100.00
Jefferey        Baldwin Cvent   $100.00
Onn chee        Wong    Cvent   $100.00
Yann    Laprade Cvent   $100.00
Barry   Archer  Cvent   $100.00
Randy   Lastinger       Cvent - Renewal $100.00
Ming    Chow    Cvent   $100.00
Eoin    Keary   Cvent   ($100.00)
Wade    Mackey  Cvent   $100.00
Douglas Shin    Cvent   $100.00
Dayle   Phillips        Cvent   $100.00
Alex    Solomonovic     Cvent   $100.00
Daniel  Gonzalez        Cvent   $100.00
Andrew  Muller  Cvent   $100.00
Robert  Winkel  Cvent   $100.00
Andre   Marien  Cvent   $100.00
Michael Coates  Cvent   $125.00
Kevin   Kenan   Cvent   $100.00
Radhakrishnan   Vijayakumar     Cvent   $100.00
Richard Bowker  Cvent   $100.00
Edward  Ray     Cvent   $100.00
David   Herst   Direct  $100.00
Jim     Curry   Cvent   $100.00
Rex     Booth   Cvent   $100.00
Paolo   Perego  Cvent   $100.00
Nikola  Mijatovic       Cvent   $100.00
David   Meier   Cvent   $100.00
Andy    Murren  Cvent   $100.00
Adam    Baso    Cvent   $100.00
Chris   Hayes   Cvent   $100.00
James   Strassburg      Cvent - Renewal $100.00
Przemyslaw      Skowron Cvent   $100.00
Achim   Hoffmann        Cvent   $100.00
Thomas  McCabe  Cvent   $100.00
Christian       Heinrich        Cvent   $100.00
Robin   Wakefield       Cvent   $100.00
Cliff   Gray    Cvent   $100.00
Julie   Newberry        Cvent   $100.00
Harvard University              Cvent - Renewal $250.00
Ounce Labs              Direct - Renewal        9,000.00
Corporate One Federal Credit Union      Direct - Renewal        1,800.00
InfoVision              Direct  7,200.00
Fortify         Direct  9,000.00
Armorize                Direct  9,000.00
Zemoga, Inc.            Cvent   3,000.00
Ebay            Direct  7,000.00
AutoDesk, Inc.          Direct  7,000.00
Booz Allen Hamilton             Direct - Renewal        8,000.00
DreamLab Technologies           Cvent   3,000.00
Symantec                Cvent   9,000.00
PSC             Cvent   3,000.00
Cigital         Direct  8,000.00

                Total:  $87,875.00

> can you resend this in excel 2000/2003 mode?
> Thx
> On 2/29/08, alison.mcnamee at owasp.org <alison.mcnamee at owasp.org> wrote:
>> Attached is a spreadsheet of everyone that has joined, or renewed, their
>> membership in 2008.
>> Thanks,
>> Alison
>> > We definitely should have a list of projects that we directly request
>> > proposal for.
>> >
>> > The current SoC 08 page points to
>> >
>> > has the ones with current funding (Paulo can you chase the contacts
>> > from those three companies to make sure this funding request is still
>> > valid
>> > and they are still interested in this (I suspect that some of them
>> have
>> > expired since we couldn't find a success applicant for it))
>> >
>> > On the SpoC 07 I created this page which contain a bunch of ideas:
>> > https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Project_Ideas
>>   ,
>> > Jeff do you want to reuse some of them (It might be good to provide
>> some
>> > idea of how much budget we could (depending on proposal) allocate to
>> those
>> > ideas).
>> >
>> > The other thing we must do is to kick start the process of mapping
>> > membership money to SoC projects (I think we should make a bit more
>> noise
>> > about that idea since it is a great membership driver). Like SpoC 07
>> we
>> > start SoC 08 with 100k USD from OWASP and would be great to get to
>> 150k
>> > USD
>> > or 200k USD of allocated sponshorships (based on past experience we
>> can
>> > err
>> > on the side of over allocating projects since there is a natural 20%
>> of
>> > non
>> > project completion (which we don't pay for, so there is no risk for
>> > OWASP))
>> >
>> > Alison, can you list for us all members that have joined in (or
>> renewed
>> > their membership in 2008? Thanks)
>> >
>> > Another note for Paulo, there is already one project approved for SoC
>> 08
>> > which is Leo's Honeycomb revamp (which will result in a book)
>> >
>> > Dinis Cruz
>> > Chief OWASP Evangelist
>> > http://www.owasp.org
>> >
>> > On 2/28/08, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
>> >>
>> >>  All,
>> >>
>> >>
>> >>
>> >> I have a big list of projects that I'd like to suggest for people to
>> bid
>> >> on – maybe 25 or so.  How do you think we should advertise these
>> project
>> >> ideas?  I think (as we discussed once before) that the model where we
>> >> ask
>> >> people to take on certain projects is better than just allowing open
>> >> submissions.
>> >>
>> >>
>> >>
>> >> Thoughts?
>> >>
>> >>
>> >>
>> >> --Jeff
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
>> >> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Dinis Cruz
>> >> *Sent:* Thursday, February 28, 2008 2:40 PM
>> >> *To:* Sébastien Gioria

>> >> *Cc:* owasp-leaders at lists.owasp.org

>> >> *Subject:* Re: [Owasp-leaders] To advertise the launch of OWASP
>> Summer
>> >> of
>> >> Code2008
>> >>
>> >>
>> >>
>> >> We should translate it, Sebastien can you handle the multiple
>> languages
>> >> you guys have over there in Belgium :)
>> >>
>> >> Also, when sending the media contacts to Paulo, please indicate the
>> >> language that the information should be sent in
>> >>
>> >> Dinis
>> >>

>> >> On 2/28/08, *Sébastien Gioria* <seb at gioria.org> wrote:
>> >>
>> >> Will you made some translated presse release  for advertized ?
>> >>
>> >>
>> >> On Feb 28, 2008, at 4:41 PM, Paulo Coimbra wrote:
>> >>
>> >> > Hi all,
>> >> >
>> >> > First, I would like to sincerely thank to you all that have kindly
>> >> > welcomed me.
>> >> >
>> >> > Next, as I am trying to advertise the launch of OWASP Summer of
>> Code
>> >> > 2008, I need to ask to you all for media/press emails addresses.
>> >> > Could you please help me out? I thank you in advance.
>> >> >
>> >> >
>> >> > Paulo Coimbra
>> >> > OWASP Project Manager
>> >> >
>> >> >
>> >> >
>> >>
>> >> > _______________________________________________
>> >> > OWASP-Leaders mailing list
>> >> > OWASP-Leaders at lists.owasp.org

>> >> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >>
>> >>
>> >>
>> >
>> >

>> > --
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080303/731d4a92/attachment-0002.html>

More information about the Owasp-board mailing list