[Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008

Jeff Williams jeff.williams at aspectsecurity.com
Tue Mar 4 17:07:58 UTC 2008

I agree with Dave on this.  We allow people to direct their membership funds as an incentive to join.  But if they've already decided to join, why push them to choose a project if they don't necessarily want to.  This restricts our ability to do things like hire evangelists and stuff.




From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Monday, March 03, 2008 2:26 PM
To: 'Dinis Cruz'
Cc: 'OWASP Foundation Board List'
Subject: Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008


I disagree that we should encourage directed memberships so much. I like them, don't get me wrong, but some companies are completely OK joining without this additional incentive, and I'd prefer to keep it that way.




From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Monday, March 03, 2008 1:01 PM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008


But have we asked those members if they want to allocate their funds to specific projects?

If the answer is No (which is what I suspect) then just in principle we should ask them since there were several conversations that I had last year (namely at the San Jose Conference where I spoke with the Cigital & Ebay guys, and I mentioned this concept in my keynote speach (amongst other past references from us)).

Another reason for contacting these new members is because l would like to have a couple names already in the 'SoC 08 list of projects with directly sponsorship funds' since that would be a motivation for the other 'soon to join members' to join in the next month.

Finally, If those members were not asked which projects they would like to sponsor, I view that as a 'operational issue due to lack of admin resources at the time (on the OWASP part), since as discussed before, we should be giving them the option to sponsor specific projects.

So part of the outcome of this thread, should be an action item to add to the new/renueal member (3000 USD and up) subscription workflow a step to ask the OWASP member which OWASP project they would like to sponsor (Alison can you add this item to the next OWASP board meeting just to make sure everybody in onboard, thanks).


On 3/3/08, Dave Wichers <dave.wichers at owasp.org> wrote:



I agree with you. My point is that I don't want to go back to companies that have already joined, and then ask them to direct their already paid funds. If they felt comfortable giving us the freedom to use their money wisely, then lets do so. For those that need the incentive to direct how their membership is spent, then lets offer that too to people that have not yet joined, or for anyone that is renewing their membership.




From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Monday, March 03, 2008 10:00 AM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008


Although having our members allocate their membership fee to specific projects does limit our 'freedom' to allocate those funds, I will argue that the concept of "... member has the ability to allocate membership fees to specific projects..." is a very strong one and one that motivates companies to join OWASP (for example Cigital's case with CLASP).

At the moment we have 100,000 USD available (or 95,000 USD taking into account Leo's Honeycomb project) so I think that gives OWASP enough freedom to chose the best suited projects amongst the received proposals .

Also remember that when a company choses a particular OWASP project they are basically saying 'I am very interested in THAT project' which ideally would mean that they (that company) would be actively involved in that project (I also predict that this type of 'membership fees allocation' will be much more relevant and interesting for non-vendor members (since they are usually the ones that really benefit from specific OWASP projects))


On 2/29/08, Dave Wichers <dave.wichers at owasp.org> wrote:



I don't want to encourage membership money to be directed, but I want to offer that as an option. I would personally prefer undirected OWASP membership money as that gives us the freedom to use it as we best see fit. I also don't want SoC 08 to be so big we can't manage it properly.


I think its reasonable to ask people to contribute ideas though and so I think soliciting that is a good idea.


Fortify has already directed their $ to an ESAPI project. Jeff knows the details.




From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Friday, February 29, 2008 11:46 AM
To: OWASP Foundation Board List
Subject: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008


Wow, this is much better than I expected, the number of new members (both personal and corporate) are finally starting to be 'not embarrassing small' (like they were in the past). We need to make this information more public.

Couple things:

  - We should include on the newsletter the names of the new members (with a thank you note). Anybody has a problem with us posting this information in there?
  - We should also have a page with the current OWASP individual members, since most of those members would really appreciate that (especially if we include in there the 'date of joining'), Regarding privacy, everything at OWASP is open so if somebody wants to be a member but doesn't want their name published they should sign up with a fake name, is that fair?
  - Paulo, following our previous public statements on the direct allocation of membership fees to Season of Code projects, for the SoC 08, can you contact (individually (i.e. individual emails)) the direct OWASP contact of the new/renewed members (3000 USD and up) and ask them if they have any OWASP project (or idea) that they would like they memberships fees to be allocated to (for example I would expect Cigital to allocate their fees to the CLASP project, Fortify to allocate their funding to the management of the scanning of OWASP tools using the Fortify and Coverity software, EBay might want to sponsor the next version of the OWASP top 10, etc...).  I don't expect all to respond, but for the ones that do, that amount should be added to the 100k USD (remember that the more companies allocate their budgets to SoC 08, the easier it gets to convince other companies to join OWASP and allocated they membership fees to projects they are interested in)


---------- Forwarded message ----------
From: alison.mcnamee at owasp.org <alison.mcnamee at owasp.org>
Date: Feb 29, 2008 4:09 PM
Subject: Re: [Owasp-board] [Owasp-leaders] To advertise the launch of OWASP  Summer of Code2008
To: Dinis Cruz <dinis at ddplus.net>


I copied and pasted the info below.  The formatting is a little bit off,
but all of the info is here.  It includes the name of the member,
registration method, and total paid.

Christian       Kmosko  Cvent   $100.00
Jefferey        Baldwin Cvent   $100.00
Onn chee        Wong    Cvent   $100.00
Yann    Laprade Cvent   $100.00
Barry   Archer  Cvent   $100.00
Randy   Lastinger       Cvent - Renewal $100.00
Ming    Chow    Cvent   $100.00
Eoin    Keary   Cvent   ($100.00)
Wade    Mackey  Cvent   $100.00
Douglas Shin    Cvent   $100.00
Dayle   Phillips        Cvent   $100.00
Alex    Solomonovic     Cvent   $100.00
Daniel  Gonzalez        Cvent   $100.00
Andrew  Muller  Cvent   $100.00
Robert  Winkel  Cvent   $100.00
Andre   Marien  Cvent   $100.00
Michael Coates  Cvent   $125.00
Kevin   Kenan   Cvent   $100.00
Radhakrishnan   Vijayakumar     Cvent   $100.00
Richard Bowker  Cvent   $100.00
Edward  Ray     Cvent   $100.00
David   Herst   Direct  $100.00
Jim     Curry   Cvent   $100.00
Rex     Booth   Cvent   $100.00
Paolo   Perego  Cvent   $100.00
Nikola  Mijatovic       Cvent   $100.00
David   Meier   Cvent   $100.00
Andy    Murren  Cvent   $100.00
Adam    Baso    Cvent   $100.00
Chris   Hayes   Cvent   $100.00
James   Strassburg      Cvent - Renewal $100.00
Przemyslaw      Skowron Cvent   $100.00
Achim   Hoffmann        Cvent   $100.00
Thomas  McCabe  Cvent   $100.00
Christian       Heinrich        Cvent   $100.00
Robin   Wakefield       Cvent   $100.00
Cliff   Gray    Cvent   $100.00
Julie   Newberry        Cvent   $100.00
Harvard University              Cvent - Renewal $250.00
Ounce Labs              Direct - Renewal        9,000.00
Corporate One Federal Credit Union      Direct - Renewal        1,800.00
InfoVision              Direct  7,200.00
Fortify         Direct  9,000.00
Armorize                Direct  9,000.00
Zemoga, Inc.            Cvent   3,000.00
Ebay            Direct  7,000.00
AutoDesk, Inc.          Direct  7,000.00
Booz Allen Hamilton             Direct - Renewal        8,000.00
DreamLab Technologies           Cvent   3,000.00
Symantec                Cvent   9,000.00
PSC             Cvent   3,000.00
Cigital         Direct  8,000.00

                Total:  $87,875.00

> can you resend this in excel 2000/2003 mode?
> Thx
> On 2/29/08, alison.mcnamee at owasp.org <alison.mcnamee at owasp.org> wrote:
>> Attached is a spreadsheet of everyone that has joined, or renewed, their
>> membership in 2008.
>> Thanks,
>> Alison
>> > We definitely should have a list of projects that we directly request
>> > proposal for.
>> >
>> > The current SoC 08 page points to
>> >
>> https://www.owasp.org/index.php/Funds_available_for_OWASP_Projects#Available_Projectswhich
>> > has the ones with current funding (Paulo can you chase the contacts
>> > from those three companies to make sure this funding request is still
>> > valid
>> > and they are still interested in this (I suspect that some of them
>> have
>> > expired since we couldn't find a success applicant for it))
>> >
>> > On the SpoC 07 I created this page which contain a bunch of ideas:
>> > https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Project_Ideas
>>   ,
>> > Jeff do you want to reuse some of them (It might be good to provide
>> some
>> > idea of how much budget we could (depending on proposal) allocate to
>> those
>> > ideas).
>> >
>> > The other thing we must do is to kick start the process of mapping
>> > membership money to SoC projects (I think we should make a bit more
>> noise
>> > about that idea since it is a great membership driver). Like SpoC 07
>> we
>> > start SoC 08 with 100k USD from OWASP and would be great to get to
>> 150k
>> > USD
>> > or 200k USD of allocated sponshorships (based on past experience we
>> can
>> > err
>> > on the side of over allocating projects since there is a natural 20%
>> of
>> > non
>> > project completion (which we don't pay for, so there is no risk for
>> > OWASP))
>> >
>> > Alison, can you list for us all members that have joined in (or
>> renewed
>> > their membership in 2008? Thanks)
>> >
>> > Another note for Paulo, there is already one project approved for SoC
>> 08
>> > which is Leo's Honeycomb revamp (which will result in a book)
>> >
>> > Dinis Cruz
>> > Chief OWASP Evangelist
>> > http://www.owasp.org
>> >
>> > On 2/28/08, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
>> >>
>> >>  All,
>> >>
>> >>
>> >>
>> >> I have a big list of projects that I'd like to suggest for people to
>> bid
>> >> on - maybe 25 or so.  How do you think we should advertise these
>> project
>> >> ideas?  I think (as we discussed once before) that the model where we
>> >> ask
>> >> people to take on certain projects is better than just allowing open
>> >> submissions.
>> >>
>> >>
>> >>
>> >> Thoughts?
>> >>
>> >>
>> >>
>> >> --Jeff
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
>> >> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Dinis Cruz
>> >> *Sent:* Thursday, February 28, 2008 2:40 PM
>> >> *To:* Sébastien Gioria

>> >> *Cc:* owasp-leaders at lists.owasp.org

>> >> *Subject:* Re: [Owasp-leaders] To advertise the launch of OWASP
>> Summer
>> >> of
>> >> Code2008
>> >>
>> >>
>> >>
>> >> We should translate it, Sebastien can you handle the multiple
>> languages
>> >> you guys have over there in Belgium :)
>> >>
>> >> Also, when sending the media contacts to Paulo, please indicate the
>> >> language that the information should be sent in
>> >>
>> >> Dinis
>> >>

>> >> On 2/28/08, *Sébastien Gioria* <seb at gioria.org> wrote:
>> >>
>> >> Will you made some translated presse release  for advertized ?
>> >>
>> >>
>> >> On Feb 28, 2008, at 4:41 PM, Paulo Coimbra wrote:
>> >>
>> >> > Hi all,
>> >> >
>> >> > First, I would like to sincerely thank to you all that have kindly
>> >> > welcomed me.
>> >> >
>> >> > Next, as I am trying to advertise the launch of OWASP Summer of
>> Code
>> >> > 2008, I need to ask to you all for media/press emails addresses.
>> >> > Could you please help me out? I thank you in advance.
>> >> >
>> >> >
>> >> > Paulo Coimbra
>> >> > OWASP Project Manager
>> >> >
>> >> >
>> >> >
>> >>
>> >> > _______________________________________________
>> >> > OWASP-Leaders mailing list
>> >> > OWASP-Leaders at lists.owasp.org

>> >> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >>
>> >>
>> >>
>> >
>> >

>> > --
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080304/83270d88/attachment-0002.html>

More information about the Owasp-board mailing list