[Owasp-board] RSA Co-Marketing Agreement

Sarah Baso sarah.baso at owasp.org
Mon Jan 6 19:03:52 UTC 2014

Board -

It seems that this was a busy weekend for email!  I have just read up on
the email and there were quite a few questions about the terms of our
engagement with the RSA conference, so I will try to spell out what I know
regarding the terms of our agreement, costs, and my thoughts on going


This year, OWASP entered into a co-marketing agreement with RSA Conference
very similar to what we had last year, except this year we asked for a
booth space and made sure to spell out that the trainers/speakers got
complimentary passes for the conference that were not included in the
complimentary passes we got as an organization ( a detail that caused some
confusion last year).

For RSA Conference 2014:

RSA® Conference will:


   Extend to OWASP members a registration discount of $100 off the current
   registration rate

   Provide 2 complimentary Delegate passes

   Include OWASP in marketing materials to be listed as a “Global
   Association Sponsor” - include OWASP logo, text, and hyperlink as
   appropriate on the Conference website, Program Guide and promotional

   Provide space for a 4 hour training for RSA Conference attendees to be
   held Monday, February 24, 1pm – 5pm

            o Promotional space (up to 400 characters,including spaces)
will be provided in the onsite Program Guide

            o Up to 3 complimentary passes for speakers
            o AV equipment in room including projector & screen, PA system
and technician. If additional equipment, room  diagrams, or a
   technician for hours other than the scheduled 4 hour session (i.e.
rehearsal) are required, then costs will be billed direct to   OWASP by the
Conference AV provider.

             o Attendees will be able to indicate interest in attending the
training when registering for RSA Conference 2014.

A minimum of 100 attendees interested in attending the training is required
by January 16th (6 weeks prior to the Conference). If this threshold is not
met by the specified date, the training may be canceled, and speakers will
not be able to utilize complimentary passes.


   Provide a 60 minute session within the Association Track. Sessions in
   this track are educational and should not be considered as an opportunity
   for marketing material. All content and presentation information is subject
   to approval by the RSA Conference Program Committee.

   Provide OWASP with a 1⁄2 page 4-color advert in the Program Guide. The
   ad will be subject to approval by RSA Conference.

   A complimentary 10x10 booth space.

OWASP will:


   List RSA® Conference 2014 on the OWASP website on the AppSec Conference
   page under “Partner and Promotional Events” from date of agreement through
   the event.

   Include a 2 month banner rotation on OWASP homepage leading up to the

   Provide a 1/2 page ad in the Quarterly newsletter (dates to be

   For OWASP AppSec USA 2014 include the following:

   o 1 Attendee Pack insert
   o Logo placement on the OWASP Conference website

   o Quarter page ad in Conference bulletin

   Coordinate all session and speaker deliverables for the 4 hour training

   Allow RSA Conference to post information on the Global OWASP Foundation
   Linked in group page.

   Coordinate introductions to requested chapter leaders for RSA
   Conference promotion at upcoming local chapter meetings.


*Questions about costs:*
How much and what we are paying for, for our presence at this year's RSA
conference? Approx $2,000 (None directly to RSA though).

I understand we have three speakers there: Michael, Jim and Eoin.
1. Do we have to pay to RSA for the speaking slot? No And/or any other
money OWASP pays to RSA in the context of this conference? No
2. For whom of the three do we pay travel expenses? We are paying for
Eoin's flight only (No travel costs for Michael or Jim, no hotel costs or
3. Is that hotel and flight? Or just a certain sum as a  subsidy? Just a
flight - the cost of round trip economy class. Roughly $700 USD
4. What do you estimate the total cost for OWASP to be? (a rough estimate
is totally sufficient, just to get a feel)  In addition to the cost of the
flight for Eoin, we would have the cost of any swag for the OWASP booth,
which I would estimate to be about $1000.  Finally, I am not sure on the
cost if we want to rent a lead retrieval device, but that would probably be
a couple hundred  if we decided to do that.


My thoughts on moving forward -

This is tricky *especially* because of the co-marketing agreement with RSA,
which although OWASP does not endorse or recommend commercial services or
products, we are at least implicitly giving our nod of approval by engaging
in this co-marketing relationship.  Yes, RSA is undoubtably a great
opportunity for us to spread our mission and raise visibility (which is why
we went ahead with the co-marketing contract in the first place), but with
the additional information (accusations) about RSA's behavior, it does call
into question whether OWASP should at least pass this year on the
co-marketing agreement.

My inclination on this is to cancel the co-marketing agreement, and if we
still want to do a free training/OWASP activities, I can look into whether
we can find  place to do it ...

This still brings us to the question of whether the benefit of engaging the
community and spreading our mission outweighs the possible alienation and
statement contrary to what we are trying to promote that we are sending to
the community by participating.

I am happy to facilitate a community survey on this if that is what we want
to do - in any case we need to make a decision asap.


Executive Director
OWASP Foundation

sarah.baso at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140106/cf0a9c5f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RSA 2014 Signed.pdf
Type: application/pdf
Size: 64539 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140106/cf0a9c5f/attachment-0001.pdf>

More information about the Owasp-board mailing list