[Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of OWASP Summer of Code2008

Dinis Cruz dinis at ddplus.net
Tue Mar 4 18:04:48 UTC 2008


Let's wrap this up on the conference call on Thursday

Dinis

On 3/4/08, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
>
>  I agree with Dave on this.  We allow people to direct their membership
> funds as an incentive to join.  But if they've already decided to join, why
> push them to choose a project if they don't necessarily want to.  This
> restricts our ability to do things like hire evangelists and stuff.
>
>
>
> --Jeff
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Dave Wichers
> *Sent:* Monday, March 03, 2008 2:26 PM
> *To:* 'Dinis Cruz'
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch
> of OWASP Summer of Code2008
>
>
>
> I disagree that we should encourage directed memberships so much. I like
> them, don't get me wrong, but some companies are completely OK joining
> without this additional incentive, and I'd prefer to keep it that way.
>
>
>
> -Dave
>
>
>
> *From:* Dinis Cruz [mailto:dinis at ddplus.net]
> *Sent:* Monday, March 03, 2008 1:01 PM
> *To:* Dave Wichers
> *Cc:* OWASP Foundation Board List
> *Subject:* Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch
> of OWASP Summer of Code2008
>
>
>
> But have we asked those members if they want to allocate their funds to
> specific projects?
>
> If the answer is No (which is what I suspect) then just in principle we
> should ask them since there were several conversations that I had last year
> (namely at the San Jose Conference where I spoke with the Cigital & Ebay
> guys, and I mentioned this concept in my keynote speach (amongst other past
> references from us)).
>
> Another reason for contacting these new members is because l would like to
> have a couple names already in the* 'SoC 08 list of projects with directly
> sponsorship funds'* since that would be a motivation for the other *'soon
> to join members' *to join in the next month*.*
>
> Finally, If those members were not asked which projects they would like to
> sponsor, I view that as a 'operational issue due to lack of admin resources
> at the time (on the OWASP part), since as discussed before, we should be
> giving them the option to sponsor specific projects.
>
> So part of the outcome of this thread, should be an action item to add to
> the new/renueal member (3000 USD and up) subscription workflow a step to ask
> the OWASP member which OWASP project they would like to sponsor (Alison can
> you add this item to the next OWASP board meeting just to make sure
> everybody in onboard, thanks).
>
> Dinis
>
>  On 3/3/08, *Dave Wichers* <dave.wichers at owasp.org> wrote:
>
> Dinis,
>
>
>
> I agree with you. My point is that I don't want to go back to companies
> that have already joined, and then ask them to direct their already paid
> funds. If they felt comfortable giving us the freedom to use their money
> wisely, then lets do so. For those that need the incentive to direct how
> their membership is spent, then lets offer that too to people that have not
> yet joined, or for anyone that is renewing their membership.
>
>
>
> -Dave
>
>
>
> *From:* Dinis Cruz [mailto:dinis at ddplus.net]
> *Sent:* Monday, March 03, 2008 10:00 AM
> *To:* Dave Wichers
> *Cc:* OWASP Foundation Board List
> *Subject:* Re: [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch
> of OWASP Summer of Code2008
>
>
>
> Although having our members allocate their membership fee to specific
> projects does limit our 'freedom' to allocate those funds, I will argue that
> the concept of "... member has the ability to allocate membership fees to
> specific projects..." is a very strong one and one that motivates companies
> to join OWASP (for example Cigital's case with CLASP).
>
> At the moment we have 100,000 USD available (or 95,000 USD taking into
> account Leo's Honeycomb project) so I think that gives OWASP enough freedom
> to chose the best suited projects amongst the received proposals .
>
> Also remember that when a company choses a particular OWASP project they
> are basically saying 'I am very interested in THAT project' which ideally
> would mean that they (that company) would be actively involved in that
> project (I also predict that this type of 'membership fees allocation' will
> be much more relevant and interesting for non-vendor members (since they are
> usually the ones that really benefit from specific OWASP projects))
>
> Dinis
>
> On 2/29/08, *Dave Wichers* <dave.wichers at owasp.org> wrote:
>
> Dinis,
>
>
>
> I don't want to encourage membership money to be directed, but I want to
> offer that as an option. I would personally prefer undirected OWASP
> membership money as that gives us the freedom to use it as we best see fit.
> I also don't want SoC 08 to be so big we can't manage it properly.
>
>
>
> I think its reasonable to ask people to contribute ideas though and so I
> think soliciting that is a good idea.
>
>
>
> Fortify has already directed their $ to an ESAPI project. Jeff knows the
> details.
>
>
>
> -Dave
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Dinis Cruz
> *Sent:* Friday, February 29, 2008 11:46 AM
> *To:* OWASP Foundation Board List
> *Subject:* [Owasp-board] Fwd: [Owasp-leaders] To advertise the launch of
> OWASP Summer of Code2008
>
>
>
> Wow, this is much better than I expected, the number of new members (both
> personal and corporate) are finally starting to be 'not embarrassing small'
> (like they were in the past). We need to make this information more public.
>
> Couple things:
>
>   - We should include on the newsletter the names of the new members (with
> a thank you note). Anybody has a problem with us posting this information in
> there?
>   - We should also have a page with the current OWASP individual members,
> since most of those members would really appreciate that (especially if we
> include in there the 'date of joining'), Regarding privacy, everything at
> OWASP is open so if somebody wants to be a member but doesn't want their
> name published they should sign up with a fake name, is that fair?
>   - Paulo, following our previous public statements on the direct
> allocation of membership fees to Season of Code projects, for the SoC 08,
> can you contact (individually (i.e. individual emails)) the direct OWASP
> contact of the new/renewed members (3000 USD and up) and ask them if they
> have any OWASP project (or idea) that they would like they memberships fees
> to be allocated to (for example I would expect Cigital to allocate their
> fees to the CLASP project, Fortify to allocate their funding to the
> management of the scanning of OWASP tools using the Fortify and Coverity
> software, EBay might want to sponsor the next version of the OWASP top 10,
> etc...).  I don't expect all to respond, but for the ones that do, that
> amount should be added to the 100k USD (remember that the more companies
> allocate their budgets to SoC 08, the easier it gets to convince other
> companies to join OWASP and allocated they membership fees to projects they
> are interested in)
>
> Dinis
>
> ---------- Forwarded message ----------
> From: *alison.mcnamee at owasp.org* <alison.mcnamee at owasp.org>
> Date: Feb 29, 2008 4:09 PM
> Subject: Re: [Owasp-board] [Owasp-leaders] To advertise the launch of
> OWASP  Summer of Code2008
> To: Dinis Cruz <dinis at ddplus.net>
>
> Dinis,
>
> I copied and pasted the info below.  The formatting is a little bit off,
> but all of the info is here.  It includes the name of the member,
> registration method, and total paid.
>
>
>
> Christian       Kmosko  Cvent   $100.00
> Jefferey        Baldwin Cvent   $100.00
> Onn chee        Wong    Cvent   $100.00
> Yann    Laprade Cvent   $100.00
> Barry   Archer  Cvent   $100.00
> Randy   Lastinger       Cvent - Renewal $100.00
> Ming    Chow    Cvent   $100.00
> Eoin    Keary   Cvent   ($100.00)
> Wade    Mackey  Cvent   $100.00
> Douglas Shin    Cvent   $100.00
> Dayle   Phillips        Cvent   $100.00
> Alex    Solomonovic     Cvent   $100.00
> Daniel  Gonzalez        Cvent   $100.00
> Andrew  Muller  Cvent   $100.00
> Robert  Winkel  Cvent   $100.00
> Andre   Marien  Cvent   $100.00
> Michael Coates  Cvent   $125.00
> Kevin   Kenan   Cvent   $100.00
> Radhakrishnan   Vijayakumar     Cvent   $100.00
> Richard Bowker  Cvent   $100.00
> Edward  Ray     Cvent   $100.00
> David   Herst   Direct  $100.00
> Jim     Curry   Cvent   $100.00
> Rex     Booth   Cvent   $100.00
> Paolo   Perego  Cvent   $100.00
> Nikola  Mijatovic       Cvent   $100.00
> David   Meier   Cvent   $100.00
> Andy    Murren  Cvent   $100.00
> Adam    Baso    Cvent   $100.00
> Chris   Hayes   Cvent   $100.00
> James   Strassburg      Cvent - Renewal $100.00
> Przemyslaw      Skowron Cvent   $100.00
> Achim   Hoffmann        Cvent   $100.00
> Thomas  McCabe  Cvent   $100.00
> Christian       Heinrich        Cvent   $100.00
> Robin   Wakefield       Cvent   $100.00
> Cliff   Gray    Cvent   $100.00
> Julie   Newberry        Cvent   $100.00
> Harvard University              Cvent - Renewal $250.00
> Ounce Labs              Direct - Renewal        9,000.00
> Corporate One Federal Credit Union      Direct - Renewal        1,800.00
> InfoVision              Direct  7,200.00
> Fortify         Direct  9,000.00
> Armorize                Direct  9,000.00
> Zemoga, Inc.            Cvent   3,000.00
> Ebay            Direct  7,000.00
> AutoDesk, Inc.          Direct  7,000.00
> Booz Allen Hamilton             Direct - Renewal        8,000.00
> DreamLab Technologies           Cvent   3,000.00
> Symantec                Cvent   9,000.00
> PSC             Cvent   3,000.00
> Cigital         Direct  8,000.00
>
>                 Total:  $87,875.00
>
>
>
>
>
> > can you resend this in excel 2000/2003 mode?
> >
> > Thx
> >
> > On 2/29/08, alison.mcnamee at owasp.org <alison.mcnamee at owasp.org> wrote:
> >>
> >> Attached is a spreadsheet of everyone that has joined, or renewed,
> their
> >> membership in 2008.
> >>
> >> Thanks,
> >>
> >> Alison
> >>
> >>
> >>
> >> > We definitely should have a list of projects that we directly request
> >> > proposal for.
> >> >
> >> > The current SoC 08 page points to
> >> >
> >>
> https://www.owasp.org/index.php/Funds_available_for_OWASP_Projects#Available_Projectswhich
> >> > has the ones with current funding (Paulo can you chase the contacts
> >> > from those three companies to make sure this funding request is still
> >> > valid
> >> > and they are still interested in this (I suspect that some of them
> >> have
> >> > expired since we couldn't find a success applicant for it))
> >> >
> >> > On the SpoC 07 I created this page which contain a bunch of ideas:
> >> >
> https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Project_Ideas
> >>   ,
> >> > Jeff do you want to reuse some of them (It might be good to provide
> >> some
> >> > idea of how much budget we could (depending on proposal) allocate to
> >> those
> >> > ideas).
> >> >
> >> > The other thing we must do is to kick start the process of mapping
> >> > membership money to SoC projects (I think we should make a bit more
> >> noise
> >> > about that idea since it is a great membership driver). Like SpoC 07
> >> we
> >> > start SoC 08 with 100k USD from OWASP and would be great to get to
> >> 150k
> >> > USD
> >> > or 200k USD of allocated sponshorships (based on past experience we
> >> can
> >> > err
> >> > on the side of over allocating projects since there is a natural 20%
> >> of
> >> > non
> >> > project completion (which we don't pay for, so there is no risk for
> >> > OWASP))
> >> >
> >> > Alison, can you list for us all members that have joined in (or
> >> renewed
> >> > their membership in 2008? Thanks)
> >> >
> >> > Another note for Paulo, there is already one project approved for SoC
> >> 08
> >> > which is Leo's Honeycomb revamp (which will result in a book)
> >> >
> >>
> >> > Dinis Cruz
> >> > Chief OWASP Evangelist
> >> > http://www.owasp.org
> >> >
> >>
> >> > On 2/28/08, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
> >> >>
> >> >>  All,
> >> >>
> >> >>
> >> >>
> >> >> I have a big list of projects that I'd like to suggest for people to
> >> bid
> >> >> on – maybe 25 or so.  How do you think we should advertise these
> >> project
> >> >> ideas?  I think (as we discussed once before) that the model where
> we
> >> >> ask
> >> >> people to take on certain projects is better than just allowing open
> >> >> submissions.
> >> >>
> >> >>
> >> >>
> >> >> Thoughts?
> >> >>
> >> >>
> >> >>
> >> >> --Jeff
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> >> >> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Dinis Cruz
> >> >> *Sent:* Thursday, February 28, 2008 2:40 PM
> >> >> *To:* Sébastien Gioria
>
> >> >> *Cc:* owasp-leaders at lists.owasp.org
>
> >>
> >> >> *Subject:* Re: [Owasp-leaders] To advertise the launch of OWASP
> >> Summer
> >>
> >> >> of
> >> >> Code2008
> >> >>
> >> >>
> >> >>
> >> >> We should translate it, Sebastien can you handle the multiple
> >> languages
> >> >> you guys have over there in Belgium :)
> >> >>
> >> >> Also, when sending the media contacts to Paulo, please indicate the
> >> >> language that the information should be sent in
> >> >>
> >> >> Dinis
> >> >>
>
> >> >> On 2/28/08, *Sébastien Gioria* <seb at gioria.org> wrote:
> >> >>
> >> >> Will you made some translated presse release  for advertized ?
> >> >>
> >> >>
> >> >> On Feb 28, 2008, at 4:41 PM, Paulo Coimbra wrote:
> >> >>
> >> >> > Hi all,
> >> >> >
> >> >> > First, I would like to sincerely thank to you all that have kindly
> >> >> > welcomed me.
> >> >> >
> >> >> > Next, as I am trying to advertise the launch of OWASP Summer of
> >> Code
> >> >> > 2008, I need to ask to you all for media/press emails addresses.
> >> >> > Could you please help me out? I thank you in advance.
> >> >> >
> >> >> >
> >> >> > Paulo Coimbra
> >> >> > OWASP Project Manager
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >> > _______________________________________________
> >> >> > OWASP-Leaders mailing list
> >> >> > OWASP-Leaders at lists.owasp.org
>
> >> >> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >>
> >> >> _______________________________________________
> >> >> OWASP-Leaders mailing list
> >> >> OWASP-Leaders at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >>
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >>
>
> >> > --
> >> > _______________________________________________
> >> > Owasp-board mailing list
> >> > Owasp-board at lists.owasp.org
> >> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >
> >>
> >>
> >
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080304/60cc250a/attachment-0002.html>


More information about the Owasp-board mailing list