[Owasp-board] Honorary Membership - another question

Dave Wichers dave.wichers at owasp.org
Mon Sep 14 15:21:24 UTC 2009

Of course we should include the membership committee in this discussion.


By the way, there is precedent for granting free memberships. To give you some examples:


1)      Aspect has been granted corporate memberships every year at no fee due to our numerous and continuous contributions to OWASPs, like WebGoat, ESAPI, Stinger, Anti-Samy, CSRF Tester, CSRF Guard, etc. as well as me running the Conferences for many years and Jeff and I being on the board.

2)      OWASP gave Fortify and SecureSoftware free memberships for a year when they contributed a lot of info that was incorporated into the portal and the ASDR project.

3)      And there are other examples that I can’t recall at the moment.


It’s my suggestion that we give any corporation a membership if they provide us the cash OR free labor of equivalent value (and not at consulting rates, but reimbursement rates). In fact, it may be much easier right now for us to get on the bench resources from company’s than cash right now. So, for example, if IBM or Google, or whomever has some excellent technical resources that can contribute to important projects at OWASP then we’d be very happy to get this help, and offer them a free membership in exchange. And this donated time must be during that person’s actual work day paid for by the company, not extra time at night/on weekends from an individual who is dedicated to OWASP and also happens to work for some company angling for a free membership. I would hope that the amount of donated time in such cases would be of much higher value than the $5K membership fee.


One tricky bit here is to make sure that the contributions the company makes are core/important to OWASP, not just what they want to work on, which may not be that central to what’s important to us. I would like OWASP to be able to direct/suggest important projects when we get such contributions.


My $0.02 any way.




From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: Monday, September 14, 2009 10:28 AM
To: 'OWASP Foundation Board List'
Cc: 'Pravir Chandra'; 'Brad Causey'; 'Leo Cavallari'; 'Matt Tesauro'; 'Jason Li'
Subject: Re: [Owasp-board] Honorary Membership - another question



Hello Board,


As you can see below the Projects Committee has begun dealing with the decision you made in your last conf call regarding the question of honorary membership. Doing so and for the reasons below discussed, we’ve concluded that for now the best course of action was to ask if you are available to also include the Membership Committee in this process.


I thank in advance your feedback.


Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager


From: Dinis Cruz [mailto:dinis.cruz at owasp.org] 
Sent: domingo, 13 de Setembro de 2009 15:51
To: <paulo.coimbra at owasp.org>
Cc: Brad Causey; Jason Li; Leo Cavallari; Matt Tesauro; Pravir Chandra
Subject: Re: Honorary Membership - another question


I agree with Paulo that the Membership Committee should be involved , and maybe even (in an ideal world) be the one that should be on the driving-seat of this process


Realistically, since the GPC has Paulo :) and these leaders->members mappings is something we need to do, I think the GPC is the one that should lead this process (in strong colaboration with the other Committess) 

Dinis Cruz

On 11 Sep 2009, at 21:09, "Paulo Coimbra" <paulo.coimbra at owasp.org> wrote:



While I was writing down the text below, I began asking myself why we were pushing forward the process of honorary membership without inviting the Membership Committee to assume the lead. At first, I thought – “because we and the Chapters Committee have been told by the Board to do so”. Then I thought – “yes, it makes sense as the people on the Projects and on the Chapters are the ones better placed to assess who is an active OWASP contributor”. In spite of these arguments, though, I couldn’t avoid the ultimate feeling that the opportunity to show the way should be given to the Membership – at the end of the day they respond by the name of Membership and so changes in membership ought to have their hand.


I apologise for not having raised this point before when I proposed we invited the Chapters Committee but this question, and similar others, has only come up with the stab at advancing on this process.


Please note I am not trying to pass the task to them. I am more than happy to continue committed with this issue as we have agreed in our meeting. I am just seeking we gather the necessary initial conditions to achieve our goals without triggering respect or power problems. 


Being so, prior to further demarches, I propose we ask the Board if they agree on including the Membership in this process.







Hello Chapter Committee, 


Hope you all are well.


As you likely know the Board has decided to give honorary membership “to ´active´ OWASP participants (chapter leader, project participants, etc.)” and is counting on both Chapters and Projects Committees to square the process http://www.owasp.org/index.php/OWASP_Board_Meeting_September_01. 


Also, in the last Projects Committee’s meeting http://www.owasp.org/index.php/GPC_Agenda_2009-09-08 we have discussed the issue and agreed on contacting you to propose a shared approach to build a framework to deal with this issue.


Simply put it seemed that, if we are to propose persons to be given honorary membership as "active" OWASP participants, we should first establish what, in this context, “honorary membership” and “active participants” do mean. We have also thought that a reflection about the operational path to be followed is, at this stage, desirable. 


Thus, to conclude, while we’ve begun working on this issue, I ask if you accept our proposal to produce a shared output to present to the Board and, with a positive answer, if you have suggestions and/or recommendations to push all this up the ladder.


Many thanks, regards,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090914/eae92bf3/attachment-0002.html>

More information about the Owasp-board mailing list