[Owasp-board] Fwd: (OWASP non-profit org in France)
jeff.williams at owasp.org
Mon Mar 24 20:46:36 UTC 2008
My apologies for missing the email. I think I understand the need here.
I have no problem with setting up a French non-profit. I think we should
just articulate a few of the rules that govern members of the "International
OWASP Alliance". This will help to make OWASP more than just a website but
a true international NGO (non-governmental organization).
We will have to put some general priniciples in place. I'll sketch a few
here, but we'll need a real document. Organizations that want to become part
of the OWASP alliance will have to agree to and follow these rules.
1) OWASP Alliance Members must work within guidelines set by The OWASP
2) OWASP Alliance Members must be exclusively focused on OWASP mission
to make security visible
3) OWASP Alliance Member leaders must be volunteer
4) Everything is free and open
5) Using OWASP for commercial purposes is discouraged
6) Follow something like the International NGO Accountability Charter
I'm sure there are some more rules that we'd like to live by, but someone
needs to take the lead and draft them up.
Jeff Williams, Chair
<http://www.owasp.org/> The OWASP Foundation
AppSec NYC 2008 is coming... are you ready?
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Sunday, March 23, 2008 6:58 AM
To: OWASP Foundation Board List
Cc: Sebastien Gioria (DoIngSoft)
Subject: [Owasp-board] Fwd: (OWASP non-profit org in France)
See thread below about Sebastien's the idea of setting up a non-profit OWASP
"Association Loi 1901".
(due to the recent change of email addresses, the original forward from me
to the owasp board alias bounced back)
---------- Forwarded message ----------
From: Sebastien Gioria (DoIngSoft) <sebastien at doingsoft.fr>
Date: Mar 21, 2008 12:19 PM
Subject: Re: FW:
To: Dinis Cruz <dinis at ddplus.net>, PETIT Ludovic <ludovic.petit at fr.sfr.com>
Cc: Andrew van der Stock <vanderaj at owasp.org>, board at owasp.fr, OWASP
Foundation Board List <owasp-board at lists.owasp.org>
It s for legal issue for some events
Anyway, we will postpone all financials issues till we will be asked by a
First of all chapter will be made for supporting representation in france
for some presentations is some compagny/university...
I think I will be at NYC 2008 and it will be a good day to talk on this more
Sebastien Gioria gioria at FreeBSD.ORG
Sent from my CrackBerry
From: "Dinis Cruz" <dinis at ddplus.net>
Date: Fri, 21 Mar 2008 11:58:00
To:"PETIT Ludovic" <ludovic.petit at fr.sfr.com>
Cc:"Andrew van der Stock" <vanderaj at owasp.org>, board at owasp.fr, "OWASP
Foundation Board List" <owasp-board at lists.owasp.org>
Subject: Re: FW:
Thanks for your email and I will try to answer your queries (Jeff's probably
also missed the urgency of your email due to it's lack of subject :) )
At the moment there is NO official OWASP 'local chapters organization model'
and no financial agreements between the OWASP central and local chapters
(this is something we have talked about a lot, but have not yet implemented
our ideas (for example the 'OWASP points' model which would allow local
chapters to 'buy' certain materials/services from OWASP.org)).
This is an area where we are still trying to figure out the best way to
handle this situation and to balance the needs of the local chapters and the
OWASP mothership. Part of it was lack of a real need to do it, so if you
(France) are really committed to this, maybe now is the time to move forward
at a faster speed.
One question I would like to ask is why is there such a need (to create a
local (i.e. french) non profit OWASP organization)? Are there financial
requirements? or financial incentives to do so? Is that something that your
local attendees want? Do you need it for legal reasons?
Although from the point of view of the OWASP board we don't want to do
anything that will slow down the development and evolution of local OWASP
chapters, we also don't want a situation where there are 10s or 100s of
local 'non profit' organizations around the world (each with a different
model, structure, rules, etc...).
I'm not saying that that route (local 'non profit' organizations for local
chapters) is not a very viable option, it is just that we need to make sure
that everything makes sense.
For reference, Andrew is not on the OWASP board any more, and the current
OWASP board members are: Me, Jeff, Dave, Tom (New York Chapter leader) and
Sebastien (Belgium Chapter leader).
Tom (from NY) actually has the role within the OWASP board of 'OWASP
Governance' and he is trying to create a model for local chapters. He is
also the leader of the most successful OWASP chapter (NY) which is the
chapter with the biggest management structure. The idea for Tom to share how
the NY chapter is organized and see how that can be used on other chapters.
One idea, what about creating a 'region' organization instead of one per
chapter. What I mean is that the current US non profit OWASP organization
could handle all American chapters (north and south), we could create one
for the EU, and one of APAC?
Would that work for you? (having one 'non profit' for the whole of the EU?
(maybe (or not) based in France))
Chief OWASP Evangelist
On 3/21/08, PETIT Ludovic <ludovic.petit at fr.sfr.com
<mailto:ludovic.petit at fr.sfr.com> > wrote:
Hi Andrew and Dinis
I forward 'cause I suppose that Jeff is currently busy, but w need to take a
decision in France to officialize the status of the French Chapter in the
Could you please help and tell us how to deal about the membership item for
the French Chapter.
From: PETIT Ludovic
Sent: Tuesday, March 18, 2008 1:48 PM
To: 'jeff.williams at owasp.org <mailto:jeff.williams at owasp.org> '
Cc: 'board at owasp.fr <mailto:board at owasp.fr> '
We need your help because we're currently studying the Status for the Owasp
Feench Chapter, as what we call in France, an "Association Loi 1901",
i.e. of course, a non-profit Association.
More precisely,we (i.e. the French Chapter's Board Members) are studying the
"Member" status and a related fee for those interested.
The Question is: How are other Owasp Chapters dealing with this ?
Do they specify on their respective web sites a link towards the Owasp
Foundation in US related to the Membership description ?
As Owasp Foundation, do you,have any agreement(s) with other Chapters abroad
If so, what kind of agreement(s) ?
Could you please advise us on this item, as we do not want, of course,
mismatch with the Owasp Foundation's approach.
Chief OWASP Evangelist
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board