[Owasp-board] Ciso project funding

Sarah Baso sarah.baso at owasp.org
Thu Oct 10 21:34:57 UTC 2013


Eoin -
She just wasn't counting the DHS funding as reboot month, so I think this
was just a matter of  clarification on the terms and source of the funding
for each project.  I am glad we could get to the bottom of it and come up
with a reasonable solution to benefit more people.

Sarah


On Thu, Oct 10, 2013 at 2:32 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> By the way,
> No confusion on my  part.
> Sam said we had 30k when we actually have 55k
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 10 Oct 2013, at 22:14, Sarah Baso <sarah.baso at owasp.org> wrote:
>
> Eoin -
>
> We discussed this on our staff call today, reviewed emails and checked
> accounting records as well. There was a total of $30,000 allocated by OWASP
> for Project Reboot and an additional $25,000 has been received by DHS for
> the threee guidebook projects. Here is the status of what was awarded
>
>
>    1.
>
>    OWASP Development Guide - DHS funding + $5000 reboot
>    2.
>
>    OWASP ZAP -  $5000 reboot (not mozilla funded)
>    3.
>
>    OWASP Testing Guide - DHS funding +  $5000 reboot
>    4.
>
>    OWASP ESAPI - $5000 reboot
>    5.
>
>    OWASP Code Review Guide - DHS funding + $5000 reboot
>    6.
>
>    OWASP WebGoat PHP - $5000 Reboot
>
>
> $4997 extra - allocated to Appsensor in October 2012
>
> No funding - Mobile Security + CISO Guide
>
>    -
>
>    Mobile security - no funding requests
>    -
>
>    CISO Guide - travel to AppSec USA
>
>
> The current amount in project funds is available on the project tab here:
> https://www.owasp.org/index.php/Donation_Scoreboard  (note this doesn't
> include Grant money which is tracked separately by Sam).
>
> It seems like some of the confusion on your part may have been that the 3
> guidebooks received both reboot money and DHS funds, and their was no
> indication that this was to be handled differently.  In light of this email
> thread though and the lack of spending by the guidebooks, it seems
> appropriate to reallocate the $5000  in reboot money  from the code review
> guide (since you are the project leader)  to the CISO project.  I would
> also say that the Development guide and testing guide leaders could
> evaluate if they have any money that they aren't using to give to the
> Mobile Security project or the general project fund since there are other
> projects that could use funding as well.  If the point is to spend the
> money to lead to progress for OWASP projects, it doesn't seem appropriate
> to keep the money hanging in the bank.
>
> *Eoin-  are you ok with starting with the reallocation of $5000 of the
> reboot from the code review guide? *
>
> A separate question I have is what the CISO project will be spending the
> money on?  I think the answer is travel for Tobias Gondrom and Marco Moreno
> to AppSec USA, but I don't see where they are participating in the
> conference to work on their project.  Samantha may have a handle on this
> already - so I will leave it up to her to determine the value of bringing 2
> people from oversees and the project work that needs to be done on the CISO
> guide.
>
> Regards,
> Sarah Baso
>
>
>
> On Thu, Oct 10, 2013 at 1:51 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> So it appears we can fund CISO after all given we have 30k OWASP an the
>> guide projects are funded by DHS. (My email below).
>>
>> Can an accountant in the room please concur?
>>
>> Sorry for being an annoyance re the ciso funding. I'm not even the leader
>> or anything like that.  It's an important project for the foundation.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 10 Oct 2013, at 16:49, Eoin <eoin.keary at owasp.org> wrote:
>>
>> Guys do what you seem fit.
>>
>> Don't fund CISO, fund CISO your choice.
>> Bottom line is 2012 the following were accepted as to be funded by
>> Reboot. (Note CISO)
>> Now CISO has no funding.
>> CISO makes funds for OWASP via Training
>> CISO is an active project
>>
>> *Projects selected via first round of review*:
>>
>>    1. *OWASP Development Guide**: Funding Amount: $5000 initial funding
>>    2. *OWASP CISO Guide*: Funding Amount: $5000 initial funding
>>    3. *OWASP Zed Attack Proxy*: Funding Amount: $5000 initial funding
>>    4. *OWASP Mobile Project*: Funding Amount: $5000 initial funding
>>
>>
>>
>> *Reboot funding:*
>> An initial 15K granted earlier on this year (2012)
>> And additional 15K was granted in Greece at the board meeting. (July 2012)
>>
>> We also have 25K for the testing, code review and development guides from
>> DHS
>> Dev, Code review and Testing guides have 25k funding already (DHS)
>>
>> *Total 55K*
>>
>>
>>    1. OWASP Development Guide - DHS funded  *-* *No OWASP Funding
>>    Required*
>>    2. OWASP ZAP - moz funded  - *No OWASP Funding Required*
>>    3. OWASP Testing Guide - DHS funded - *No OWASP Funding Required*
>>    4. OWASP ESAPI - ?
>>    5. OWASP Code Review Guide - DHS funded  - *No OWASP Funding Required*
>>    6. OWASP WebGoat PHP - OWASP funded - *No OWASP Funding Required*
>>
>> **
>> *So by my calculations we have very little allocated out of the
>> 55K.......*
>>
>>
>>
>>
>> On 9 October 2013 18:52, Michael Coates <michael.coates at owasp.org> wrote:
>>
>>> Thanks Samantha. That makes sense to me.
>>>
>>> So we have our answer to question 1.
>>>
>>>
>>> Eoin, I'm interested in question #2. Can you give us your thinking on
>>> those questions?
>>>
>>> Thanks!
>>>
>>> Michael
>>>
>>>
>>> ---
>>>
>>>
>>> 1. There is a discrepancy on funds for the project reboot. I'm unsure
>>> what the final story is. Samantha is reporting 30k available and Eoin is
>>> indicating something is not right and there was a vote on the wiki. We
>>> should get to the bottom of this.
>>>
>>> Eoin - can you sync with Sarah & Samantha to flush this out and let us
>>> know the current state?
>>>
>>> 2. Based on the outcome of #1 we either have funds available in project
>>> reboot or we don't. If we don't, the request is to find $5,000 in the
>>> current budget to cover
>>> travel costs for the CISO project leaders to go somewhere.
>>>
>>> My questions are:
>>> - Eoin : Do you have a proposed budget where we'll subtract the $5,000
>>> from? Or do you have this money available somewhere else? Please just let
>>> us know where the funds will come from.
>>> - Eoin: Where are these people traveling to? AppSecUSA? How many people?
>>> What's the purpose of travel? I agree the project is great. Just want to
>>> know what the money is going towards.
>>>
>>>
>>> --
>>> Michael Coates | OWASP | @_mwc
>>>
>>>
>>>
>>> On Wed, Oct 9, 2013 at 10:34 AM, Samantha Groves <
>>> samantha.groves at owasp.org> wrote:
>>>
>>>> As I have mentioned before:
>>>>
>>>> Eoin thought he had $45,000 in reboot, but he only had $30,000. It is
>>>> my understanding that 3 projects were promised money that reboot did not
>>>> have. I can forward you all the e-mails where I let Eoin know about this
>>>> inconsistency last year, and where I showed him which projects I allocated
>>>> the funds to since I got no direction to do otherwise. I am just surprised
>>>> this was not managed a year ago by reboot leaders, and I am surprised this
>>>> is coming up again after I let Eoin know almost one year ago. If there was
>>>> such a problem with the allocation, then I should have been made aware of
>>>> it in February.
>>>>
>>>> I NEVER removed money from the project fund. The money promised to the
>>>> CISO Guide never existed as far as I am aware. The only reason the CISO
>>>> Guide project is without money is because someone promised them money they
>>>> didn't have to give.
>>>>
>>>> SG
>>>>
>>>>
>>>> On Wed, Oct 9, 2013 at 10:24 AM, Eoin Keary <eoin.keary at owasp.org>wrote:
>>>>
>>>>> Sec
>>>>>
>>>>>
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>>
>>>>>
>>>>> On 9 Oct 2013, at 18:22, Michael Coates <michael.coates at owasp.org>
>>>>> wrote:
>>>>>
>>>>> It looks we have two items two understand here:
>>>>>
>>>>> 1. There is a discrepancy on funds for the project reboot. I'm unsure
>>>>> what the final story is. Samantha is reporting 30k available and Eoin is
>>>>> indicating something is not right and there was a vote on the wiki. We
>>>>> should get to the bottom of this.
>>>>>
>>>>> Eoin - can you sync with Sarah & Samantha to flush this out and let us
>>>>> know the current state?
>>>>>
>>>>> 2. Based on the outcome of #1 we either have funds available in
>>>>> project reboot or we don't. If we don't, the request is to find $5,000 in
>>>>> the current budget to cover
>>>>> travel costs for the CISO project leaders to go somewhere.
>>>>>
>>>>> My questions are:
>>>>> - Eoin : Do you have a proposed budget where we'll subtract the $5,000
>>>>> from? Or do you have this money available somewhere else? Please just let
>>>>> us know where the funds will come from.
>>>>> - Eoin: Where are these people traveling to? AppSecUSA? How many
>>>>> people? What's the purpose of travel? I agree the project is great. Just
>>>>> want to know what the money is going towards.
>>>>>
>>>>> Thanks!
>>>>> Michael
>>>>>
>>>>>
>>>>> --
>>>>> Michael Coates | OWASP | @_mwc
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Oct 9, 2013 at 10:11 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>
>>>>>> I've seen the CISO project being talked about very positively in the
>>>>>> media. This is good visibility for us. What happened?
>>>>>>
>>>>>> Aloha,
>>>>>> Jim
>>>>>>
>>>>>> > Ok 4 me
>>>>>> > On 09 Oct 2013 10:46, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>>>>>> >
>>>>>> >> Board, the ciso project is very active even to the point that we
>>>>>> deliver
>>>>>> >> paid CISO training which OWASP benefits.
>>>>>> >>
>>>>>> >> It appears the reboot funding was moved by Samantha away for the
>>>>>> ciso
>>>>>> >> project. Hence the project does not have any funding.
>>>>>> >> May I ask that we grant the project $5000 to cover travel costs
>>>>>> given they
>>>>>> >> assumed they had funding.
>>>>>> >>
>>>>>> >> We granted funding to the project via reboot which has since been
>>>>>> revoked.
>>>>>> >>
>>>>>> >> Can we make a decision on this ASAP. I assure you all that this is
>>>>>> a good
>>>>>> >> spend of our limited funds.
>>>>>> >>
>>>>>> >> RSVP.
>>>>>> >>
>>>>>> >> Eoin Keary
>>>>>> >> Owasp Global Board
>>>>>> >> +353 87 977 2988
>>>>>> >>
>>>>>> >> _______________________________________________
>>>>>> >> Owasp-board mailing list
>>>>>> >> Owasp-board at lists.owasp.org
>>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>> >>
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > Owasp-board mailing list
>>>>>> > Owasp-board at lists.owasp.org
>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>> >
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Samantha Groves, MBA*****
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>> *
>>>> *
>>>>
>>>> The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Member
>> https://twitter.com/EoinKeary
>>
>>  _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131010/2f53a449/attachment-0001.html>


More information about the Owasp-board mailing list