[Owasp-board] Ciso project funding

Sarah Baso sarah.baso at owasp.org
Thu Oct 10 22:33:26 UTC 2013


Eoin -

One follow up point of clarification, after speaking with Samantha a bit
more, I now realize why we can't move any of the $5000 in reboot money from
the Developers Guide and Testing guide - they have used most of that money
for travel to the project summit at AppSec USA.  Since DHS is very specific
on what money can and can't be spent on (and we need to stick to the ground
rules for spending previously discussed with them), the travel expenses
which have already been committed need to come out of the reboot money and
not DHS.

Code review guide hasn't spent any money for travel or other items not
covered by DHS which is what makes it a good candidate to give it's $5000
reboot money to the CISO project.

I am glad you are amenable to this, but we will also need Larry's "OK" as
the other project leader before we move the funds.  Larry, would you mind
weighing in on this at your earliest convenience.

Regards,
Sarah Baso


On Thu, Oct 10, 2013 at 2:37 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> Exactly!! Wow that was hard. And I'm the bad guy!!
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 10 Oct 2013, at 22:34, Sarah Baso <sarah.baso at owasp.org> wrote:
>
> Eoin -
> She just wasn't counting the DHS funding as reboot month, so I think this
> was just a matter of  clarification on the terms and source of the funding
> for each project.  I am glad we could get to the bottom of it and come up
> with a reasonable solution to benefit more people.
>
> Sarah
>
>
> On Thu, Oct 10, 2013 at 2:32 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> By the way,
>> No confusion on my  part.
>> Sam said we had 30k when we actually have 55k
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 10 Oct 2013, at 22:14, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>> Eoin -
>>
>> We discussed this on our staff call today, reviewed emails and checked
>> accounting records as well. There was a total of $30,000 allocated by OWASP
>> for Project Reboot and an additional $25,000 has been received by DHS for
>> the threee guidebook projects. Here is the status of what was awarded
>>
>>
>>    1.
>>
>>    OWASP Development Guide - DHS funding + $5000 reboot
>>    2.
>>
>>    OWASP ZAP -  $5000 reboot (not mozilla funded)
>>    3.
>>
>>    OWASP Testing Guide - DHS funding +  $5000 reboot
>>    4.
>>
>>    OWASP ESAPI - $5000 reboot
>>    5.
>>
>>    OWASP Code Review Guide - DHS funding + $5000 reboot
>>    6.
>>
>>    OWASP WebGoat PHP - $5000 Reboot
>>
>>
>> $4997 extra - allocated to Appsensor in October 2012
>>
>> No funding - Mobile Security + CISO Guide
>>
>>    -
>>
>>    Mobile security - no funding requests
>>    -
>>
>>    CISO Guide - travel to AppSec USA
>>
>>
>> The current amount in project funds is available on the project tab here:
>> https://www.owasp.org/index.php/Donation_Scoreboard  (note this doesn't
>> include Grant money which is tracked separately by Sam).
>>
>> It seems like some of the confusion on your part may have been that the 3
>> guidebooks received both reboot money and DHS funds, and their was no
>> indication that this was to be handled differently.  In light of this email
>> thread though and the lack of spending by the guidebooks, it seems
>> appropriate to reallocate the $5000  in reboot money  from the code review
>> guide (since you are the project leader)  to the CISO project.  I would
>> also say that the Development guide and testing guide leaders could
>> evaluate if they have any money that they aren't using to give to the
>> Mobile Security project or the general project fund since there are other
>> projects that could use funding as well.  If the point is to spend the
>> money to lead to progress for OWASP projects, it doesn't seem appropriate
>> to keep the money hanging in the bank.
>>
>> *Eoin-  are you ok with starting with the reallocation of $5000 of the
>> reboot from the code review guide? *
>>
>> A separate question I have is what the CISO project will be spending the
>> money on?  I think the answer is travel for Tobias Gondrom and Marco Moreno
>> to AppSec USA, but I don't see where they are participating in the
>> conference to work on their project.  Samantha may have a handle on this
>> already - so I will leave it up to her to determine the value of bringing 2
>> people from oversees and the project work that needs to be done on the CISO
>> guide.
>>
>> Regards,
>> Sarah Baso
>>
>>
>>
>> On Thu, Oct 10, 2013 at 1:51 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>>> So it appears we can fund CISO after all given we have 30k OWASP an the
>>> guide projects are funded by DHS. (My email below).
>>>
>>> Can an accountant in the room please concur?
>>>
>>> Sorry for being an annoyance re the ciso funding. I'm not even the
>>> leader or anything like that.  It's an important project for the foundation.
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 10 Oct 2013, at 16:49, Eoin <eoin.keary at owasp.org> wrote:
>>>
>>> Guys do what you seem fit.
>>>
>>> Don't fund CISO, fund CISO your choice.
>>> Bottom line is 2012 the following were accepted as to be funded by
>>> Reboot. (Note CISO)
>>> Now CISO has no funding.
>>> CISO makes funds for OWASP via Training
>>> CISO is an active project
>>>
>>> *Projects selected via first round of review*:
>>>
>>>    1. *OWASP Development Guide**: Funding Amount: $5000 initial funding
>>>    2. *OWASP CISO Guide*: Funding Amount: $5000 initial funding
>>>    3. *OWASP Zed Attack Proxy*: Funding Amount: $5000 initial funding
>>>    4. *OWASP Mobile Project*: Funding Amount: $5000 initial funding
>>>
>>>
>>>
>>> *Reboot funding:*
>>> An initial 15K granted earlier on this year (2012)
>>> And additional 15K was granted in Greece at the board meeting. (July
>>> 2012)
>>>
>>> We also have 25K for the testing, code review and development guides
>>> from DHS
>>> Dev, Code review and Testing guides have 25k funding already (DHS)
>>>
>>> *Total 55K*
>>>
>>>
>>>    1. OWASP Development Guide - DHS funded  *-* *No OWASP Funding
>>>    Required*
>>>    2. OWASP ZAP - moz funded  - *No OWASP Funding Required*
>>>    3. OWASP Testing Guide - DHS funded - *No OWASP Funding Required*
>>>    4. OWASP ESAPI - ?
>>>    5. OWASP Code Review Guide - DHS funded  - *No OWASP Funding Required
>>>    *
>>>    6. OWASP WebGoat PHP - OWASP funded - *No OWASP Funding Required*
>>>
>>> **
>>> *So by my calculations we have very little allocated out of the
>>> 55K.......*
>>>
>>>
>>>
>>>
>>> On 9 October 2013 18:52, Michael Coates <michael.coates at owasp.org>wrote:
>>>
>>>> Thanks Samantha. That makes sense to me.
>>>>
>>>> So we have our answer to question 1.
>>>>
>>>>
>>>> Eoin, I'm interested in question #2. Can you give us your thinking on
>>>> those questions?
>>>>
>>>> Thanks!
>>>>
>>>> Michael
>>>>
>>>>
>>>> ---
>>>>
>>>>
>>>> 1. There is a discrepancy on funds for the project reboot. I'm unsure
>>>> what the final story is. Samantha is reporting 30k available and Eoin is
>>>> indicating something is not right and there was a vote on the wiki. We
>>>> should get to the bottom of this.
>>>>
>>>> Eoin - can you sync with Sarah & Samantha to flush this out and let us
>>>> know the current state?
>>>>
>>>> 2. Based on the outcome of #1 we either have funds available in project
>>>> reboot or we don't. If we don't, the request is to find $5,000 in the
>>>> current budget to cover
>>>> travel costs for the CISO project leaders to go somewhere.
>>>>
>>>> My questions are:
>>>> - Eoin : Do you have a proposed budget where we'll subtract the $5,000
>>>> from? Or do you have this money available somewhere else? Please just let
>>>> us know where the funds will come from.
>>>> - Eoin: Where are these people traveling to? AppSecUSA? How many
>>>> people? What's the purpose of travel? I agree the project is great. Just
>>>> want to know what the money is going towards.
>>>>
>>>>
>>>> --
>>>> Michael Coates | OWASP | @_mwc
>>>>
>>>>
>>>>
>>>> On Wed, Oct 9, 2013 at 10:34 AM, Samantha Groves <
>>>> samantha.groves at owasp.org> wrote:
>>>>
>>>>> As I have mentioned before:
>>>>>
>>>>> Eoin thought he had $45,000 in reboot, but he only had $30,000. It is
>>>>> my understanding that 3 projects were promised money that reboot did not
>>>>> have. I can forward you all the e-mails where I let Eoin know about this
>>>>> inconsistency last year, and where I showed him which projects I allocated
>>>>> the funds to since I got no direction to do otherwise. I am just surprised
>>>>> this was not managed a year ago by reboot leaders, and I am surprised this
>>>>> is coming up again after I let Eoin know almost one year ago. If there was
>>>>> such a problem with the allocation, then I should have been made aware of
>>>>> it in February.
>>>>>
>>>>> I NEVER removed money from the project fund. The money promised to the
>>>>> CISO Guide never existed as far as I am aware. The only reason the CISO
>>>>> Guide project is without money is because someone promised them money they
>>>>> didn't have to give.
>>>>>
>>>>> SG
>>>>>
>>>>>
>>>>> On Wed, Oct 9, 2013 at 10:24 AM, Eoin Keary <eoin.keary at owasp.org>wrote:
>>>>>
>>>>>> Sec
>>>>>>
>>>>>>
>>>>>> Eoin Keary
>>>>>> Owasp Global Board
>>>>>> +353 87 977 2988
>>>>>>
>>>>>>
>>>>>> On 9 Oct 2013, at 18:22, Michael Coates <michael.coates at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>> It looks we have two items two understand here:
>>>>>>
>>>>>> 1. There is a discrepancy on funds for the project reboot. I'm unsure
>>>>>> what the final story is. Samantha is reporting 30k available and Eoin is
>>>>>> indicating something is not right and there was a vote on the wiki. We
>>>>>> should get to the bottom of this.
>>>>>>
>>>>>> Eoin - can you sync with Sarah & Samantha to flush this out and let
>>>>>> us know the current state?
>>>>>>
>>>>>> 2. Based on the outcome of #1 we either have funds available in
>>>>>> project reboot or we don't. If we don't, the request is to find $5,000 in
>>>>>> the current budget to cover
>>>>>> travel costs for the CISO project leaders to go somewhere.
>>>>>>
>>>>>> My questions are:
>>>>>> - Eoin : Do you have a proposed budget where we'll subtract the
>>>>>> $5,000 from? Or do you have this money available somewhere else? Please
>>>>>> just let us know where the funds will come from.
>>>>>> - Eoin: Where are these people traveling to? AppSecUSA? How many
>>>>>> people? What's the purpose of travel? I agree the project is great. Just
>>>>>> want to know what the money is going towards.
>>>>>>
>>>>>> Thanks!
>>>>>> Michael
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Michael Coates | OWASP | @_mwc
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Oct 9, 2013 at 10:11 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>>
>>>>>>> I've seen the CISO project being talked about very positively in the
>>>>>>> media. This is good visibility for us. What happened?
>>>>>>>
>>>>>>> Aloha,
>>>>>>> Jim
>>>>>>>
>>>>>>> > Ok 4 me
>>>>>>> > On 09 Oct 2013 10:46, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>>>>>>> >
>>>>>>> >> Board, the ciso project is very active even to the point that we
>>>>>>> deliver
>>>>>>> >> paid CISO training which OWASP benefits.
>>>>>>> >>
>>>>>>> >> It appears the reboot funding was moved by Samantha away for the
>>>>>>> ciso
>>>>>>> >> project. Hence the project does not have any funding.
>>>>>>> >> May I ask that we grant the project $5000 to cover travel costs
>>>>>>> given they
>>>>>>> >> assumed they had funding.
>>>>>>> >>
>>>>>>> >> We granted funding to the project via reboot which has since been
>>>>>>> revoked.
>>>>>>> >>
>>>>>>> >> Can we make a decision on this ASAP. I assure you all that this
>>>>>>> is a good
>>>>>>> >> spend of our limited funds.
>>>>>>> >>
>>>>>>> >> RSVP.
>>>>>>> >>
>>>>>>> >> Eoin Keary
>>>>>>> >> Owasp Global Board
>>>>>>> >> +353 87 977 2988
>>>>>>> >>
>>>>>>> >> _______________________________________________
>>>>>>> >> Owasp-board mailing list
>>>>>>> >> Owasp-board at lists.owasp.org
>>>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>> >>
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > _______________________________________________
>>>>>>> > Owasp-board mailing list
>>>>>>> > Owasp-board at lists.owasp.org
>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>> >
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Samantha Groves, MBA*****
>>>>>
>>>>> *OWASP Projects Manager*
>>>>>
>>>>> *
>>>>> *
>>>>>
>>>>> The OWASP Foundation
>>>>>
>>>>> Phoenix, USA
>>>>>
>>>>> Email: samantha.groves at owasp.org
>>>>>
>>>>> Skype: samanthahz
>>>>>
>>>>>
>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Eoin Keary
>>> OWASP Member
>>> https://twitter.com/EoinKeary
>>>
>>>  _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>> --
>> Executive Director
>> OWASP Foundation
>>
>> sarah.baso at owasp.org
>> +1.312.869.2779
>>
>>
>>
>>
>>
>
>
> --
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131010/cf54d75b/attachment-0001.html>


More information about the Owasp-board mailing list