[Owasp-board] Member Nation Portal

Tobias tobias.gondrom at owasp.org
Sat Dec 14 18:14:33 UTC 2013


Am in support, too.
(subject to clarification on the security question...)
Cheers, Tobias



On 14/12/13 18:07, Tom Brennan wrote:
> I support this workflow automation 
>
> On Dec 14, 2013, at 12:55 PM, "Dave Wichers" <dave.wichers at owasp.org
> <mailto:dave.wichers at owasp.org>> wrote:
>
>> I forgot to ask Fonteva (the vendor) about the security question
>> (shame on me). Sarah -- can you ask them about that or have you
>> already? Hope so....
>>
>>  
>>
>> All our users will be going through Salesforce to access to data they
>> provide. They don't access Fonteva (Member Nation is the name of
>> their service) directly. So most of the security is provided by
>> Salesforce, not Fonteva, which is a significant mitigating factor.
>> Like all authentication/authorization is from Salesforce for example.
>>
>>  
>>
>> The cost savings are clearly spelled out in the referenced doc Sarah
>> forwarded the link to, and they are substantial:
>>
>> Year 1
>>
>> 	
>>
>> $35,000
>>
>> ($20k Cvent, $7k regonline, $1k forms & surveys, $7k CFP, CFT &
>> scheduling software)
>>
>> 	
>>
>> $56789
>>
>> 	
>>
>> +$21,789 year 1 added cost
>>
>> Year 2
>>
>> 	
>>
>> $35,000
>>
>> 	
>>
>> $11,100
>>
>> 	
>>
>> $23,900 (annual savings)/ +  $2,111(total savings recognized)
>>
>> Year 3
>>
>> 	
>>
>> $35,000
>>
>> 	
>>
>> $11,100
>>
>> 	
>>
>> $23,900 (annual savings)/ $26,011 (total savings recognized)
>>
>> Year 4
>>
>> 	
>>
>> $35,000
>>
>> 	
>>
>> $11,100
>>
>> 	
>>
>> $23,900 (annual savings)/ $49,911 (total savings recognized)
>>
>> Year 5
>>
>> 	
>>
>> $35,000
>>
>> 	
>>
>> $11,100
>>
>> 	
>>
>> $23,900 (annual savings)/$73,811 (total savings recognized)
>>
>>  
>>
>> I'm not worried about Fonteva going out of business. We've never
>> pushed on that point with any of our previous providers. They are a
>> Salesforce partner, and Salesforce wouldn't enter into an arrangement
>> with them if they were seriously worried about that. Go read:
>> http://www.fonteva.com/company/about/.   They have 4000 customers
>> already. So they are a pretty big outfit.
>>
>>                                                                     
>>
>> -Dave
>>
>>  
>>
>>  
>>
>> *From:*owasp-board-bounces at lists.owasp.org
>> <mailto:owasp-board-bounces at lists.owasp.org>
>> [mailto:owasp-board-bounces at lists.owasp.org] *On Behalf Of *Eoin Keary
>> *Sent:* Saturday, December 14, 2013 4:43 AM
>> *To:* Sarah Baso
>> *Cc:* OWASP Foundation Board List
>> *Subject:* Re: [Owasp-board] Member Nation Portal
>>
>>  
>>
>> Hey,
>>
>> before i vote i need to understand.
>>
>>  
>>
>> Have they had a penetration test/Code review/ SDLC security etc etc.
>>
>> Any evidence of security on the SaaS?
>>
>> Would be rather ironic if they were hacked an our data was pasted all
>> over the web?
>>
>>  
>>
>> What are the tangible savings how much projected per year/ 3years?
>>
>>  
>>
>> If the company collapses what happens our data? 
>>
>>  
>>
>>  
>>
>>
>>
>> Eoin Keary
>>
>> Owasp Global Board
>>
>> +353 87 977 2988
>>
>>  
>>
>>
>> On 13 Dec 2013, at 17:53, Sarah Baso <sarah.baso at owasp.org
>> <mailto:sarah.baso at owasp.org>> wrote:
>>
>>     All -
>>
>>      
>>
>>     Dave, Kate, and I had a call with our rep at Member Nation today
>>     and I also have spent a bit of time on the financials. I have
>>     updated the proposal
>>     here: https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit
>>
>>      
>>
>>     Here are the key points of new information
>>
>>       * The cost of all the systems that the new Member Nation Portal
>>         will be able to replace for us starting in 2014, is
>>         $35,000/year.  Note that some of those systems/costs are
>>         based on actual registrations so I have used past numbers and
>>         current projections to put together an estimate.  
>>       * This "cost" does not include the staff time/costs in managing
>>         multiple registration systems, running ineffective reports,
>>         and other operational overhead.  I expect that this new
>>         system will be much better for our data management and staff
>>         time in managing (not to mention the benefits for the community).
>>       * The first year costs at the point are estimates ($45,000) and
>>         we are hoping to get that number down by handling some of our
>>         own data migration and customization.
>>       * On our call this morning, we learned that Salesforce has
>>         adjusted some of its pricing (and minimums), which will save
>>         us an additional $2600 on our annual fees (reducing them to
>>         $11,100)
>>       * *We should be able to break even with costs after 2 years and
>>         recognizing $26,000 in savings in year 3.*
>>
>>      
>>
>>     Here are some answers to the other questions in this thread:
>>
>>      
>>
>>     *Internationalization*
>>
>>       * Yes supports internationalization - currency is based on
>>         merchant accounts and we will be able to accept payments in
>>         other currencies (which will settle into whatever accounts we
>>         have set up).
>>       * Languages - Salesforce translates into the following
>>         languages (built in): English, French, German, Italian,
>>         Japanese, Spanish, Swedish, Korean, Simplified Chinese,
>>         Traditional Chinese, and Thai
>>
>>      
>>
>>     *Handling payments*
>>
>>       * Payments will be handled through our same payment
>>         processors* *- chase payment tech and payflow pro. Member
>>         Nation itself is not accepting the money.
>>
>>      
>>
>>     *Protection of data *
>>
>>       * Data is held by Salesforce, I don't foresee issues with this.
>>
>>      
>>
>>     *Because time is of the essence in making a decision on this and
>>     going forward with the contract (we need to have a full 3 months
>>     to implement and roll out, and need to plan for event
>>     registrations in 2014 as well as memberships with the new
>>     membership model) - I am adding this for a vote on Monday's board
>>     meeting.  This is included in the budget, but even if the budget
>>     isn't finalized Monday it is critical for the operations team to
>>     have a decision on this.*
>>
>>      
>>
>>     *Sarah*
>>
>>      
>>
>>      
>>
>>      
>>
>>     On Thu, Dec 5, 2013 at 5:50 AM, Fabio Cerullo <fcerullo at owasp.org
>>     <mailto:fcerullo at owasp.org>> wrote:
>>
>>     Sarah,
>>
>>      
>>
>>     I've checked the tool and indeed looks impressive. There are a
>>     few questions that will appreciate your clarification:
>>
>>      
>>
>>     - Does the platform support internationalisation? Eg. Would
>>     members in Asia/Latin America be able to use it?
>>
>>      
>>
>>     - Does it handle payments for conferences, memberships, etc? If
>>     so, is it PCI-DSS certified to accept payments? 
>>
>>      
>>
>>     - Eoin's point about escrow... would it be possible to pay in
>>     monthly installments? This could limit our liability if they go
>>     busted.
>>
>>      
>>
>>     - Regarding the protection of our data... do they have an
>>     certications such as ISO27001/SAS70?
>>
>>      
>>
>>     Thanks,
>>     Fabio
>>
>>      
>>
>>     On Thu, Dec 5, 2013 at 9:47 AM, Eoin <eoin.keary at owasp.org
>>     <mailto:eoin.keary at owasp.org>> wrote:
>>
>>     If there is no escrow...
>>
>>     Lets say we spend 40K and the service is terminated / company
>>     folds etc etc do we have any protection?
>>
>>     Does the system have adequate protection of our data also?
>>     Security of our data? SLA/availability, access to our data if
>>     they company folds.
>>
>>     These are common questions when outsourcing services to SaaS and
>>     COTS solutions.
>>
>>      
>>
>>     Eoin
>>
>>      
>>
>>      
>>
>>      
>>
>>     On 5 December 2013 05:11, Seba <seba at owasp.org
>>     <mailto:seba at owasp.org>> wrote:
>>
>>     Hi
>>
>>     Kate showed me this in New York, and it seems a really good fit
>>     for owasp. I fully support this proposal.
>>
>>     Regards
>>     Seba
>>
>>     On 04 Dec 2013 22:00, "Sarah Baso" <sarah.baso at owasp.org
>>     <mailto:sarah.baso at owasp.org>> wrote:
>>
>>         Board members -
>>
>>         This came up briefly on Monday's budget call, but I wanted to
>>         provide some additional operational details on the portal
>>         that the staff would like to transition to in 2014.  
>>
>>         Details are available here: 
>>
>>         https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit
>>
>>         Additionally -  here is a short video demo put together by
>>         another organization about the
>>         portal: http://www.youtube.com/watch?v=g7s5j-i9BUU
>>
>>         Info about Member Nation by
>>         Fonteva: http://www.fonteva.com/products/membernation/
>>
>>         *Operational Notes:*
>>
>>         ·         The transition to Member Nation is MUCH MORE than a
>>         new system for membership and event registration, it is a
>>         community management platform that will give us tools to
>>         assist with volunteer management and recognition and a place
>>         for dynamic update of project and chapter related data so we
>>         can gather metrics and run reports.  It will also be a one
>>         stop shop for community members to manage all their
>>         information membership, event, chapters, projects, volunteer
>>         and other ways they interact with OWASP.  
>>
>>         ·         The critical points are that in order to implement
>>         as smooth a transition as possible, we would like to have a 3
>>         month roll out plan (starting no later than January 1) to be
>>         completed by end of Q1 when our 2 year contract with cvent
>>         expires.  Additionally, I know there were some points of
>>         frustration and lack of communication in the move from
>>         Regonline to Cvent a couple year ago, so the more time we
>>         have to plan and work on the roll out plan, the better.
>>
>>         ·         The OWASP Staff will manage the set up of events
>>         and other administration of the portal - and will receive
>>         training as part of our set up costs. The portal does support
>>         various access controls and "roles" for members of the
>>         community (i.e. chapter leader, project leader, event planner). 
>>
>>         *Financial*
>>
>>          
>>
>>         There will be a one time set up cost of $45,689 and an
>>         ongoing annual portal user fee of $13,500 - so a total of
>>         $59,189 for the first year. This $13,5000 will significantly
>>         reduce our annual costs for other registration and membership
>>         systems (estimated at $24856). And enable us to dramatically
>>         decrease our fees over the next several years. 
>>
>>
>>
>>         Please let me know any additional questions you have.
>>
>>
>>
>>         Regards,
>>
>>         Sarah Baso
>>
>>          
>>
>>         -- 
>>
>>         Executive Director
>>
>>         OWASP Foundation
>>
>>          
>>
>>         sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>         +1.312.869.2779 <tel:%2B1.312.869.2779>
>>
>>
>>
>>          
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>     -- 
>>     Eoin Keary
>>     OWASP Member
>>     https://twitter.com/EoinKeary
>>
>>      
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>      
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>      
>>
>>     -- 
>>
>>     Executive Director
>>
>>     OWASP Foundation
>>
>>      
>>
>>     sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>     +1.312.869.2779
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131214/5b8781fa/attachment-0001.html>


More information about the Owasp-board mailing list