[Owasp-board] Taking a look at OWASP's current budget projections

Dave Wichers dave.wichers at owasp.org
Thu Aug 26 14:24:45 UTC 2010

Regarding Larry's support hours, here is his response:


"I don't do a ton of work on the infrastructure now. Just little things here
and there. It's hard for me to bill hours when its 15 minutes one day and 2
minutes the next. I fix the problem and get back to my day. Most of the time
it's a minor thing. I can go weeks without even touching OWASP."


So, he does charge OWASP for his time occasionally, but it's been pretty




From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Monday, August 23, 2010 1:05 PM
To: Kate Hartmann
Cc: OWASP Foundation Board List
Subject: [Owasp-board] Taking a look at OWASP's current budget projections


So let me see if I got this right:




* why are we not paying for Larry's services/support? (I'm assuming that
that should come under 'Avg Aspect Support'). As far as I am aware, Larry is
still doing a LOT of stuff for OWASP, namely keeping the current
infrastructure running.


Alison, on the membership income, does that 99k value include the part
allocated for the chapters and projects? (which current stands at 54k + 3.5k
(see http://spreadsheets.google.com/pub?key=p6IFyntQTi7t-yH-peiD8Aw))

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2

On 20 August 2010 17:56, Kate Hartmann <kate.hartmann at owasp.org> wrote:

FYI - some things to consider and discuss.


Kate Hartmann

Operations Director


www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1


From: Alison Shrader [mailto:alison.mcnamee at owasp.org] 
Sent: Friday, August 20, 2010 12:11 PM
To: 'Kate Hartmann'; dinis.cruz at owasp.org
Subject: RE: free passes for training at conferences and 2010 summit


I definitely agree with Kate that we need to be very cautious with our
spending!  We had a loss in 2008 and 2009, so it would be really great to
actually see a profit this year.  


I attached our current budget projections.  However, I had in here a profit
of $130k from conferences for the year.  Based on some of the emails going
around, it sounds like the US Conf may not have a large profit this year.
Counting on the $130k profit from conferences, and putting in a budget of
$50k for the Summit..we were pretty much breaking even.  So if we think the
conference profits are going to be down, it may be a wise idea to put off a
large Summit for now.  


Alison Shrader


9175 Guilford Road, Suite 300

Columbia, MD 21046


alison.shrader at owasp.org



From: Kate Hartmann [mailto:kate.hartmann at owasp.org] 
Sent: Thursday, August 19, 2010 4:23 PM
To: dinis.cruz at owasp.org
Cc: alison.shrader at owasp.org
Subject: free passes for training at conferences and 2010 summit


Alison, can you please forward Dinis the most recent budget projections?  


Dinis, Tony UV Skyped me today asking to register for free for the training
for the conferences.  I had to put him off for a day or so until I can
figure out how to do this.


I would like to ask that you check about the possibility of these things
before you offer them to folks.  I agree that we need to take care of our
leaders - that's not my concern - my concern is that we are making more and
more tangibles free yet we want to continue spending as if we had unlimited


>From a conferences perspective, the training is the second most important
source of revenue (next to sponsorship $$$).  The cost of admission to the
conference is fairly easy to comp since our cost is the equivalent of venue
rental and lunch and we can probably make that up easily.  The training that
is associated with the conferences is a bit different in that we have a
financial obligation to pay the trainer 40% of the fees based on student
count.  So, for a two day class associated with the conference, we charge
$1350.  $540 of that comes right off the top to pay the trainer.  Then, you
can deduct costs for venue and lunch and operations.


Now, I realize that still leaves some money for OWASP, but if you consider
that the training is what usually ends up making a profit for the conference
and the conferences are one of our 2 main revenue sources, if we cut that
profit out and turn it into a $540 expense for the conference (per chapter
leader) then we could realize some significant losses.


Another way to look at it might be to consider that the funds from that
chapter leader's training will be used to pay a portion of that chapter
leader's expenses to attend a global summit.  If we don't get it from
training, then we need to get it from someplace else.


Sponsorships are better this year than last - although vendors are going as
cheaply as possible.  Memberships are on the increase from last year -
although the foundation does not really see much of that revenue yet.  So,
the conferences are working to help recover the deficit from 2009.


I would like to be involved in the planning of the 2010 summit.


It had been originally planned to host a summit in DC very similar to last
year.  I understand, however, that Europe is where the next summit needs to
be held.  If OWASP is to grow, then we need to focus on where the needs are.
The US market is dense while Europe seems to be quickly catching up.  


I had proposed a compromise based on immediate need for an energy injection
balanced with cost concerns.  Can we have a smaller, committee chair only,
summit in conjunction with the DC conference and then prepare for a larger
summit in Dublin with the EU conference?


Wait.before you roll your eyes, listen to my questions and statements.


1.        Some guys cannot get time off from work (no vacation time) or
their company will not consider it work related unless it is in connection
with a conference.  Too much travel.too much time away from family.I can't
do both.these are some of the comments I get

2.       I saw your budget proposal for $150K for a summit.  I presume this
is based on the numbers from Portugal.  I see you are proposing $100K in
sponsorships and $50K from OWASP.  I have checked with Alison and while the
$50K is tight, we could probably do that for an annual summit.  What I did
not understand was how we could accept sponsorship $$$ for this?  Since this
is the OWASP summit and is intended to map the direction of the foundation,
what is in it for the vendors?  We cannot give the impression that they are
mapping our course, so we need to be cautious and very open about the return
for their investment.  Unlike conferences, we're probably not giving them a
table or letting them sell their products at our working sessions?


Well, so that's two comments/questions.


I hate to always whine about where the money will come from, but that's kind
of part of my job.  I would love to be able to say "yes" all the time, but
considering we have come out of a bad year (2009) and we are just now
getting our bearings back, it seems to make sense to be a bit cautious with
expenses (that drives creativity).




Kate Hartmann

Operations Director


www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1


Owasp-board mailing list
Owasp-board at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100826/8943c8e0/attachment-0002.html>

More information about the Owasp-board mailing list