[Owasp-board] FW: Tix to Irvine

Matt Tesauro matt.tesauro at owasp.org
Mon Aug 23 14:08:33 UTC 2010


Its less about a revenue source and more what OWASP can give away for 
"free" vs what OWASP has to _pay_ to give away.  OWASP has to have 
enough money to keep the lights on (and do cool things like the Summit) 
so my concern is what are we not going to do if we do this.

Conference admission is virtually free
(I'm purposefully not going into any discussion of opportunity costs and 
lost revenue but those do exist)

Training admission is NOT free.  Especially for those done by non-OWASP 
organizations.  Intelligarians has done trainings at the AppSec 
conferences to make money - period.  Before Trustwave employed me, the 
training money I made was to pay for my travel and lodging for the 

So if we are going to provide perks for OWASP leaders (which I think we 
should always be looking for) we need to line up a few things:

(1) Ways to pay perks which cost OWASP the least (or are free)
(2) Ways to uniquely/consistently identify OWASP leaders
(3) Ways to be consistent in how we provide these perks

(1) Maybe we could talk to O'Reilly publishing and get OWASP leaders, 
say, 10% off O'Reilly titles.  Costs OWASP nothing but would be a nice perk.
(2) Do we have a hard, fast definition of who an OWASP leader is?  I 
think Tom's work with Salesforce will help answer this once and for all.
(3) The other concern I have is this was an offer made to the chapter 
leader of 1 chapter.  What about the other chapters?  Can the Gibraltar 
chapter send a developer?  How about those in Asia/Pacific?  We need to 
make sure that offers are good for all leaders and not have the 
appearance of "who you know or where you are" influencing the perks you 

Summary:  I love the idea of providing perks to OWASP leaders but the 
board needs to make sure these are cost effective and evenly distributed.


-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download site

On 8/23/10 7:04 AM, dinis cruz wrote:
> Wow, what about making our leaders pay a fee for the priviledge of being
> an owasp leader and doing all that work for free!!! That would also be a
> revenue source!
> And Dave, how much money do you want to make from the conferences? I
> thought that 118k from the EU conference was pretty good.
> What is the profit number that will make you consider sharing some of
> that with our hard working leaders? 250k? 500k? 1M? Never?
> Sorry for the rant, but sometimes it is hard to be the only one around
> here that (on the record) is trying to look after our owasp leaders (who
> are the heart and soul of this organization). It really hurts when I
> have to justify issues like this to the board
> Dinis Cruz
> On 23 Aug 2010, at 04:08, Dave Wichers <dave.wichers at owasp.org
> <mailto:dave.wichers at owasp.org>> wrote:
>> I vote no. That we do NOT comp OWASP leaders to our commercially
>> provided training events. These are intended to be significant revenue
>> generators for OWASP.
>> -Dave
>> *From:* owasp-board-bounces at lists.owasp.org
>> <mailto:owasp-board-bounces at lists.owasp.org>
>> [mailto:owasp-board-bounces at lists.owasp.org
>> <mailto:owasp-board-bounces at lists.owasp.org>] *On Behalf Of *Kate Hartmann
>> *Sent:* Friday, August 20, 2010 5:02 PM
>> *To:* OWASP Foundation Board List
>> *Subject:* [Owasp-board] FW: Tix to Irvine
>> *Importance:* High
>> Board, can we vote on this?  Perhaps this is an exception to be made
>> pending a universal decision?
>> I will go to the trainer and see if he will comp Tony’s class, but in
>> case he will not, we will be paying him.
>> Kate Hartmann
>> Operations Director
>> 301-275-9403
>> <http://www.owasp.org/>www.owasp.org <http://www.owasp.org>
>> Skype:  Kate.hartmann1
>> *From:* Tony UV [mailto:tonyuv at owasp.org <mailto:tonyuv at owasp.org>]
>> *Sent:* Friday, August 20, 2010 1:05 AM
>> *To:* 'Kate Hartmann'
>> *Subject:* Tix to Irvine
>> Morning Kate,
>> Just wanted to see if there was an official word on whether or not I
>> can attend the training since I need to finalize my travel for that
>> week.  Thanks so much for checking in to this and hope that it won’t
>> be a problem.
>> Thanks for all your efforts on the org’s behalf.
>> Best,
>> Tony UcedaVelez, CISM, CISA, GSEC
>> *Chapter Lead*
>> *OWASP Atlanta*
>> <http://www.owasp.org/index.php/Atlanta_Georgia>http://www.owasp.org/index.php/Atlanta_Georgia
>> Twitter: /@versprite/
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

More information about the Owasp-board mailing list