[Owasp-board] Ciso project funding

Eoin eoin.keary at owasp.org
Fri Oct 11 12:56:40 UTC 2013


Sounds Fair.
Good call.


On 11 October 2013 12:45, Larry Conklin <larry.conklin at owasp.org> wrote:

> Eoin, In the end you have final say.
>
> But here is one thing to consider. Earmark, 5,000 for the CISO project
> with strings attached. Give them 2,500.00 now.  The rest of the money when
> we close out the code review project if we haven't spent it. Would that
> comprise be in good faith and the spirit of OWASP? I think most of our
> money is going to be spent at the end of the project so this may help both
> projects and keep us on our feet to be frugal so we can help CISO project.
> Plus CISO may be like us and not need all of the money up front.
>
> Larry
>
>
> On Fri, Oct 11, 2013 at 4:10 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> Larry, $8k should do it for us.
>> In the spirit of OWASP I'm asking you to share the wealth.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 11 Oct 2013, at 03:28, Larry Conklin <larry.conklin at owasp.org> wrote:
>>
>> First let me be honest since this is my first project with OWASP and I
>> have never shepherd a book into being published with OWASP I cannot really
>> talk about expenses with any authority.
>>
>> In expenses what I am looking for in our budget is…
>>
>>
>>    -       AirFare (for me) to APPSECUSA for Project Summit. $600.00
>>    -       Software plagiarism detector, $500.00
>>    -       Graphics Artist, $???? $65 to $75 per hour. How many hours?
>>    -       Professional Editing, $????, Ok this is something I really
>>    don’t know anything about. I think $50 to $60 per hour. How many hours?
>>    Because we have multiple authors and a lot of technical short content. We
>>    really need to pay attention here to move into a single voice, with a
>>    continually connective theme to bring all content together into a single
>>    story.
>>    -       Professional Editing to move book into
>>    e-format(kindle,ipad,etc.), mobi,opf,azw,ibooks,epub. $?????
>>    -       Moving book into single language (.net, php, ruby,etc) to
>>    create a pocket reference for code reviewers .net,pho,ruby,java, $????
>>
>> Sorry, but I really can’t give you a definitive answer. My short
>> sarcastic answer is “is never give away money until all of the bills are
>> paid”. I don't mind being frugal, can we wait until we see the light at
>> the end of the tunnel before we give away money earmarked for this project?
>>
>> Larry
>>
>>
>> On Thu, Oct 10, 2013 at 4:28 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>>> Larry ,
>>> Code review guide has 13k funding.
>>> Can we give the ciso project 5k please?
>>> 8k is more than enough for us.
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 10 Oct 2013, at 22:14, Sarah Baso <sarah.baso at owasp.org> wrote:
>>>
>>> Eoin -
>>>
>>> We discussed this on our staff call today, reviewed emails and checked
>>> accounting records as well. There was a total of $30,000 allocated by OWASP
>>> for Project Reboot and an additional $25,000 has been received by DHS for
>>> the threee guidebook projects. Here is the status of what was awarded
>>>
>>>
>>>    1.
>>>
>>>    OWASP Development Guide - DHS funding + $5000 reboot
>>>    2.
>>>
>>>    OWASP ZAP -  $5000 reboot (not mozilla funded)
>>>    3.
>>>
>>>    OWASP Testing Guide - DHS funding +  $5000 reboot
>>>    4.
>>>
>>>    OWASP ESAPI - $5000 reboot
>>>    5.
>>>
>>>    OWASP Code Review Guide - DHS funding + $5000 reboot
>>>    6.
>>>
>>>    OWASP WebGoat PHP - $5000 Reboot
>>>
>>>
>>> $4997 extra - allocated to Appsensor in October 2012
>>>
>>> No funding - Mobile Security + CISO Guide
>>>
>>>    -
>>>
>>>    Mobile security - no funding requests
>>>    -
>>>
>>>    CISO Guide - travel to AppSec USA
>>>
>>>
>>> The current amount in project funds is available on the project tab
>>> here: https://www.owasp.org/index.php/Donation_Scoreboard  (note this
>>> doesn't include Grant money which is tracked separately by Sam).
>>>
>>> It seems like some of the confusion on your part may have been that the
>>> 3 guidebooks received both reboot money and DHS funds, and their was no
>>> indication that this was to be handled differently.  In light of this email
>>> thread though and the lack of spending by the guidebooks, it seems
>>> appropriate to reallocate the $5000  in reboot money  from the code review
>>> guide (since you are the project leader)  to the CISO project.  I would
>>> also say that the Development guide and testing guide leaders could
>>> evaluate if they have any money that they aren't using to give to the
>>> Mobile Security project or the general project fund since there are other
>>> projects that could use funding as well.  If the point is to spend the
>>> money to lead to progress for OWASP projects, it doesn't seem appropriate
>>> to keep the money hanging in the bank.
>>>
>>> *Eoin-  are you ok with starting with the reallocation of $5000 of the
>>> reboot from the code review guide? *
>>>
>>> A separate question I have is what the CISO project will be spending the
>>> money on?  I think the answer is travel for Tobias Gondrom and Marco Moreno
>>> to AppSec USA, but I don't see where they are participating in the
>>> conference to work on their project.  Samantha may have a handle on this
>>> already - so I will leave it up to her to determine the value of bringing 2
>>> people from oversees and the project work that needs to be done on the CISO
>>> guide.
>>>
>>> Regards,
>>> Sarah Baso
>>>
>>>
>>>
>>> On Thu, Oct 10, 2013 at 1:51 PM, Eoin Keary <eoin.keary at owasp.org>wrote:
>>>
>>>> So it appears we can fund CISO after all given we have 30k OWASP an the
>>>> guide projects are funded by DHS. (My email below).
>>>>
>>>> Can an accountant in the room please concur?
>>>>
>>>> Sorry for being an annoyance re the ciso funding. I'm not even the
>>>> leader or anything like that.  It's an important project for the foundation.
>>>>
>>>>
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>>
>>>>
>>>> On 10 Oct 2013, at 16:49, Eoin <eoin.keary at owasp.org> wrote:
>>>>
>>>> Guys do what you seem fit.
>>>>
>>>> Don't fund CISO, fund CISO your choice.
>>>> Bottom line is 2012 the following were accepted as to be funded by
>>>> Reboot. (Note CISO)
>>>> Now CISO has no funding.
>>>> CISO makes funds for OWASP via Training
>>>> CISO is an active project
>>>>
>>>> *Projects selected via first round of review*:
>>>>
>>>>    1. *OWASP Development Guide**: Funding Amount: $5000 initial
>>>>    funding
>>>>    2. *OWASP CISO Guide*: Funding Amount: $5000 initial funding
>>>>    3. *OWASP Zed Attack Proxy*: Funding Amount: $5000 initial funding
>>>>    4. *OWASP Mobile Project*: Funding Amount: $5000 initial funding
>>>>
>>>>
>>>>
>>>> *Reboot funding:*
>>>> An initial 15K granted earlier on this year (2012)
>>>> And additional 15K was granted in Greece at the board meeting. (July
>>>> 2012)
>>>>
>>>> We also have 25K for the testing, code review and development guides
>>>> from DHS
>>>> Dev, Code review and Testing guides have 25k funding already (DHS)
>>>>
>>>> *Total 55K*
>>>>
>>>>
>>>>    1. OWASP Development Guide - DHS funded  *-* *No OWASP Funding
>>>>    Required*
>>>>    2. OWASP ZAP - moz funded  - *No OWASP Funding Required*
>>>>    3. OWASP Testing Guide - DHS funded - *No OWASP Funding Required*
>>>>    4. OWASP ESAPI - ?
>>>>    5. OWASP Code Review Guide - DHS funded  - *No OWASP Funding
>>>>    Required*
>>>>    6. OWASP WebGoat PHP - OWASP funded - *No OWASP Funding Required*
>>>>
>>>> **
>>>> *So by my calculations we have very little allocated out of the
>>>> 55K.......*
>>>>
>>>>
>>>>
>>>>
>>>> On 9 October 2013 18:52, Michael Coates <michael.coates at owasp.org>wrote:
>>>>
>>>>> Thanks Samantha. That makes sense to me.
>>>>>
>>>>> So we have our answer to question 1.
>>>>>
>>>>>
>>>>> Eoin, I'm interested in question #2. Can you give us your thinking on
>>>>> those questions?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Michael
>>>>>
>>>>>
>>>>> ---
>>>>>
>>>>>
>>>>> 1. There is a discrepancy on funds for the project reboot. I'm unsure
>>>>> what the final story is. Samantha is reporting 30k available and Eoin is
>>>>> indicating something is not right and there was a vote on the wiki. We
>>>>> should get to the bottom of this.
>>>>>
>>>>> Eoin - can you sync with Sarah & Samantha to flush this out and let us
>>>>> know the current state?
>>>>>
>>>>> 2. Based on the outcome of #1 we either have funds available in
>>>>> project reboot or we don't. If we don't, the request is to find $5,000 in
>>>>> the current budget to cover
>>>>> travel costs for the CISO project leaders to go somewhere.
>>>>>
>>>>> My questions are:
>>>>> - Eoin : Do you have a proposed budget where we'll subtract the $5,000
>>>>> from? Or do you have this money available somewhere else? Please just let
>>>>> us know where the funds will come from.
>>>>> - Eoin: Where are these people traveling to? AppSecUSA? How many
>>>>> people? What's the purpose of travel? I agree the project is great. Just
>>>>> want to know what the money is going towards.
>>>>>
>>>>>
>>>>> --
>>>>> Michael Coates | OWASP | @_mwc
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Oct 9, 2013 at 10:34 AM, Samantha Groves <
>>>>> samantha.groves at owasp.org> wrote:
>>>>>
>>>>>> As I have mentioned before:
>>>>>>
>>>>>> Eoin thought he had $45,000 in reboot, but he only had $30,000. It is
>>>>>> my understanding that 3 projects were promised money that reboot did not
>>>>>> have. I can forward you all the e-mails where I let Eoin know about this
>>>>>> inconsistency last year, and where I showed him which projects I allocated
>>>>>> the funds to since I got no direction to do otherwise. I am just surprised
>>>>>> this was not managed a year ago by reboot leaders, and I am surprised this
>>>>>> is coming up again after I let Eoin know almost one year ago. If there was
>>>>>> such a problem with the allocation, then I should have been made aware of
>>>>>> it in February.
>>>>>>
>>>>>> I NEVER removed money from the project fund. The money promised to
>>>>>> the CISO Guide never existed as far as I am aware. The only reason the CISO
>>>>>> Guide project is without money is because someone promised them money they
>>>>>> didn't have to give.
>>>>>>
>>>>>> SG
>>>>>>
>>>>>>
>>>>>> On Wed, Oct 9, 2013 at 10:24 AM, Eoin Keary <eoin.keary at owasp.org>wrote:
>>>>>>
>>>>>>> Sec
>>>>>>>
>>>>>>>
>>>>>>> Eoin Keary
>>>>>>> Owasp Global Board
>>>>>>> +353 87 977 2988
>>>>>>>
>>>>>>>
>>>>>>> On 9 Oct 2013, at 18:22, Michael Coates <michael.coates at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>> It looks we have two items two understand here:
>>>>>>>
>>>>>>> 1. There is a discrepancy on funds for the project reboot. I'm
>>>>>>> unsure what the final story is. Samantha is reporting 30k available and
>>>>>>> Eoin is indicating something is not right and there was a vote on the wiki.
>>>>>>> We should get to the bottom of this.
>>>>>>>
>>>>>>> Eoin - can you sync with Sarah & Samantha to flush this out and let
>>>>>>> us know the current state?
>>>>>>>
>>>>>>> 2. Based on the outcome of #1 we either have funds available in
>>>>>>> project reboot or we don't. If we don't, the request is to find $5,000 in
>>>>>>> the current budget to cover
>>>>>>> travel costs for the CISO project leaders to go somewhere.
>>>>>>>
>>>>>>> My questions are:
>>>>>>> - Eoin : Do you have a proposed budget where we'll subtract the
>>>>>>> $5,000 from? Or do you have this money available somewhere else? Please
>>>>>>> just let us know where the funds will come from.
>>>>>>> - Eoin: Where are these people traveling to? AppSecUSA? How many
>>>>>>> people? What's the purpose of travel? I agree the project is great. Just
>>>>>>> want to know what the money is going towards.
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Michael
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Michael Coates | OWASP | @_mwc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Oct 9, 2013 at 10:11 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>>>
>>>>>>>> I've seen the CISO project being talked about very positively in
>>>>>>>> the media. This is good visibility for us. What happened?
>>>>>>>>
>>>>>>>> Aloha,
>>>>>>>> Jim
>>>>>>>>
>>>>>>>> > Ok 4 me
>>>>>>>> > On 09 Oct 2013 10:46, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>>>>>>>> >
>>>>>>>> >> Board, the ciso project is very active even to the point that we
>>>>>>>> deliver
>>>>>>>> >> paid CISO training which OWASP benefits.
>>>>>>>> >>
>>>>>>>> >> It appears the reboot funding was moved by Samantha away for the
>>>>>>>> ciso
>>>>>>>> >> project. Hence the project does not have any funding.
>>>>>>>> >> May I ask that we grant the project $5000 to cover travel costs
>>>>>>>> given they
>>>>>>>> >> assumed they had funding.
>>>>>>>> >>
>>>>>>>> >> We granted funding to the project via reboot which has since
>>>>>>>> been revoked.
>>>>>>>> >>
>>>>>>>> >> Can we make a decision on this ASAP. I assure you all that this
>>>>>>>> is a good
>>>>>>>> >> spend of our limited funds.
>>>>>>>> >>
>>>>>>>> >> RSVP.
>>>>>>>> >>
>>>>>>>> >> Eoin Keary
>>>>>>>> >> Owasp Global Board
>>>>>>>> >> +353 87 977 2988
>>>>>>>> >>
>>>>>>>> >> _______________________________________________
>>>>>>>> >> Owasp-board mailing list
>>>>>>>> >> Owasp-board at lists.owasp.org
>>>>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>> >>
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > _______________________________________________
>>>>>>>> > Owasp-board mailing list
>>>>>>>> > Owasp-board at lists.owasp.org
>>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>> >
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing list
>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Samantha Groves, MBA*****
>>>>>>
>>>>>> *OWASP Projects Manager*
>>>>>>
>>>>>> *
>>>>>> *
>>>>>>
>>>>>> The OWASP Foundation
>>>>>>
>>>>>> Phoenix, USA
>>>>>>
>>>>>> Email: samantha.groves at owasp.org
>>>>>>
>>>>>> Skype: samanthahz
>>>>>>
>>>>>>
>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>
>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>
>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>
>>>>>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Eoin Keary
>>>> OWASP Member
>>>> https://twitter.com/EoinKeary
>>>>
>>>>  _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>> --
>>> Executive Director
>>> OWASP Foundation
>>>
>>> sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>>
>>>
>>
>


-- 
Eoin Keary
OWASP Member
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131011/d50341f5/attachment-0001.html>


More information about the Owasp-board mailing list