[Owasp-board] Which OWASP leaders would you charge 500USD (of the full price of training)

Jeff Williams jeff.williams at owasp.org
Mon Aug 23 21:44:26 UTC 2010

A better idea would be to have an "OWASP Leader" class at EVERY conference
that is free for any OWASP Project or Chapter lead... maybe even people who
are interested.  I'm envisioning a lot of camaraderie and beer in this


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Monday, August 23, 2010 12:17 PM
To: OWASP Foundation Board List
Subject: [Owasp-board] Which OWASP leaders would you charge 500USD (of the
full price of training)

Here is an interesting question, assuming that we would charge our
leaders for attending an OWASP Training session the 'OWASP true cost'
of 300USD/500 USD (since charging them full price would be even more
scandalous), can you honestly look in the eyes of an OWASP leader and
ask him for the money?

To help you visualise this problem here are a couple examples: Matteo
(Testing Guide), Bruce M (WebGoat), Rogan (WebScarab), John W
(Stockholm), Andrew vd S (Developer Guide), Sebastien (France)

...would you???? what do you think they would say?

Ok, maybe they are too 'historical' and have a big past at OWASP.

What about our current committee members? (Jason, Brad, Colin, David
Campbell, Nishi, Martin, Justin, R'Snake, Cassio , etc...).

...really??? ... would you charge them 500USD for a ticket? Do you
want to take a bet on what would be their answer and how motivated
they would be to continue to work on OWASP??

What about the guys to bust their guts in organising previous
successful OWASP conferences

Are you going to say NO to a AppSec DC key organiser that wants to pop
in to Irvine?

And the fact that we never promised them a ticket is NOT relevant.
What matters is the RESPECT we have for our leaders (which is why
there is a world of difference when the answer is ".. hey owasp
leader, thanks for your query ... I would love to do that, but our
budget of XXX USD for that type of support at that conference is
currently taken by the X leaders that have already registered ... can
you please give me a couple weeks to see how the conference numbers
are shaping up to see if I can squezze you in?...." (even if the
ultimate answer is NO, that is a much better way to handle the
foundation of our community)). Remember that the conference cost is
ONLY one of the costs the leader has to pay (there is also flight,
accommodation, local transport and (in the case of a lot of our
leaders) lost income/holiday days).

What about the board members, do they also have to pay?

Ok, so assuming that you would not have the guts to say to all (or
some) of the leaders I already mentioned that they would have to pay
(specially at a conference that will make a nice profit), then...

...where will you draw the line?

who will you say NO to?

...to Tony???? Who is now super motivated in kick staring the 'Bring
an Developer to an OWASP conference...." idea, and will most likely be
the personal host of the developers we manage to at track to that

That is really a great way to motivate him....

And if your answer is "... well we really should have a better way to
rate our leaders and map the ones that are currently doing outstanding
work..."  then BINGO you just found the reason why having these
'perks' are so important for OWASP. Amongst other things they will
force us to be much more diligent and focused on:
 -  WHO is an OWASP Leader
 -  HOW they get there, and
 - WHAT they have to do to stay there

Owasp-board mailing list
Owasp-board at lists.owasp.org

More information about the Owasp-board mailing list