[Owasp-board] RSA Co-Marketing Agreement

Mon Jan 6 20:25:35 UTC 2014

Oh wow.  There is way more here than just a training.  This is OWASP
actively promoting RSA.  Are there any legal or financial ramifications for
cancelling this agreement?  If not, I think it would be prudent to do so.

The next question becomes whether we should make a public statement as to
why?

Also, whether we can find anothet venue for outreach (like BSides SF)?

Regardless, I was on board with proceeding with the training, but based on
the contract details, I don't think it is wise to do so as it becomes an
explicit endorsement for RSA and is not in OWASPs best interests.

~josh
On Jan 6, 2014 1:04 PM, "Sarah Baso" <sarah.baso at owasp.org> wrote:

> Board -
>
> It seems that this was a busy weekend for email!  I have just read up on
> the email and there were quite a few questions about the terms of our
> engagement with the RSA conference, so I will try to spell out what I know
> regarding the terms of our agreement, costs, and my thoughts on going
> forward....
>
> #################
>
> This year, OWASP entered into a co-marketing agreement with RSA Conference
> very similar to what we had last year, except this year we asked for a
> booth space and made sure to spell out that the trainers/speakers got
> complimentary passes for the conference that were not included in the
> complimentary passes we got as an organization ( a detail that caused some
> confusion last year).
>
> For RSA Conference 2014:
>
> RSA® Conference will:
>
>    -
>
>    Extend to OWASP members a registration discount of $100 off the
>    current registration rate
>     -
>
>    Provide 2 complimentary Delegate passes
>     -
>
>    Include OWASP in marketing materials to be listed as a “Global
>    Association Sponsor” - include OWASP logo, text, and hyperlink as
>    appropriate on the Conference website, Program Guide and promotional
>    materials.
>     -
>
>    Provide space for a 4 hour training for RSA Conference attendees to be
>    held Monday, February 24, 1pm – 5pm
>
>             o Promotional space (up to 400 characters,including spaces)
> will be provided in the onsite Program Guide
>
>             o Up to 3 complimentary passes for speakers
>             o AV equipment in room including projector & screen, PA system
> and technician. If additional equipment, room  diagrams, or a
>    technician for hours other than the scheduled 4 hour session (i.e.
> rehearsal) are required, then costs will be billed direct to   OWASP by the
> Conference AV provider.
>
>              o Attendees will be able to indicate interest in attending
> the training when registering for RSA Conference 2014.
>
> A minimum of 100 attendees interested in attending the training is
> required by January 16th (6 weeks prior to the Conference). If this
> threshold is not met by the specified date, the training may be canceled,
> and speakers will not be able to utilize complimentary passes.
>
>    -
>
>    Provide a 60 minute session within the Association Track. Sessions in
>    this track are educational and should not be considered as an opportunity
>    for marketing material. All content and presentation information is subject
>    to approval by the RSA Conference Program Committee.
>     -
>
>    Provide OWASP with a 1⁄2 page 4-color advert in the Program Guide. The
>    ad will be subject to approval by RSA Conference.
>     -
>
>    A complimentary 10x10 booth space.
>
>
> OWASP will:
>
>    -
>
>    List RSA® Conference 2014 on the OWASP website on the AppSec
>    Conference page under “Partner and Promotional Events” from date of
>    agreement through the event.
>     -
>
>    Include a 2 month banner rotation on OWASP homepage leading up to the
>    Conference
>     -
>
>    Provide a 1/2 page ad in the Quarterly newsletter (dates to be
>    confirmed)
>     -
>
>    For OWASP AppSec USA 2014 include the following:
>
>    o 1 Attendee Pack insert
>    o Logo placement on the OWASP Conference website
>    -
>
>    o Quarter page ad in Conference bulletin
>    -
>
>    Coordinate all session and speaker deliverables for the 4 hour
>    training
>     -
>
>    Allow RSA Conference to post information on the Global OWASP
>    Foundation Linked in group page.
>     -
>
>    Coordinate introductions to requested chapter leaders for RSA
>    Conference promotion at upcoming local chapter meetings.
>
> #################
>
> *Questions about costs:*
> How much and what we are paying for, for our presence at this year's RSA
> conference? Approx $2,000 (None directly to RSA though).
>
> I understand we have three speakers there: Michael, Jim and Eoin.
> 1. Do we have to pay to RSA for the speaking slot? No And/or any other
> money OWASP pays to RSA in the context of this conference? No
> 2. For whom of the three do we pay travel expenses? We are paying for
> Eoin's flight only (No travel costs for Michael or Jim, no hotel costs or
> Eoin).
> 3. Is that hotel and flight? Or just a certain sum as a  subsidy? Just a
> flight - the cost of round trip economy class. Roughly $700 USD
> 4. What do you estimate the total cost for OWASP to be? (a rough estimate
> is totally sufficient, just to get a feel)  In addition to the cost of
> the flight for Eoin, we would have the cost of any swag for the OWASP
> booth, which I would estimate to be about $1000.  Finally, I am not sure on
> the cost if we want to rent a lead retrieval device, but that would
> probably be a couple hundred  if we decided to do that.
>
> #################
>
> My thoughts on moving forward -
>
> This is tricky *especially* because of the co-marketing agreement with
> RSA, which although OWASP does not endorse or recommend commercial services
> or products, we are at least implicitly giving our nod of approval by
> engaging in this co-marketing relationship.  Yes, RSA is undoubtably a
> great opportunity for us to spread our mission and raise visibility (which
> is why we went ahead with the co-marketing contract in the first place),
> but with the additional information (accusations) about RSA's behavior, it
> does call into question whether OWASP should at least pass this year on the
> co-marketing agreement.
>
> My inclination on this is to cancel the co-marketing agreement, and if we
> still want to do a free training/OWASP activities, I can look into whether
> we can find  place to do it ...
>
> This still brings us to the question of whether the benefit of engaging
> the community and spreading our mission outweighs the possible alienation
> and statement contrary to what we are trying to promote that we are sending
> to the community by participating.
>
> I am happy to facilitate a community survey on this if that is what we
> want to do - in any case we need to make a decision asap.
>
> Sarah
>
>
> --
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140106/81098f33/attachment.html>