[Owasp-board] project funds donated by chapters - marketplace idea - Good/bad/stupid?
johanna curiel curiel
johanna.curiel at owasp.org
Mon Feb 23 12:42:56 UTC 2015
This is a very interesting discussion.
I'm finalizing next week a report containing the testing results we did
last year. In total we tested 40 projects (Code/Tools) from Flagship to
Incubators.I will also give a presentation of my findings in EU
In the last year I have read at least 10 security books referencing OWASP
ZAP, Cheat sheets, Testing Guide, ASVS and even Code review. The CISSP
/CSSLP latest versions has reference to the 'OWASP testing Guide'
These guides are referenced in PCI-DSS guide itself!!These are referenced
as the 'OWASP guide' and not the OWASP top 10.
I hope with the results of this report, including conclusions, that the
board can set a plan in conjunction with the community to give a proper
boost to the Projects.
I think that OWASP has enough financial means, whether to look for
sponsors, set a 'Project Support Team' to help boost them but keep in mind,
providing the support only from volunteers to push such a big work is not
On Fri, Jan 9, 2015 at 6:35 PM, Jim Manico <jim.manico at owasp.org> wrote:
> +1 Well said Michael
> Jim Manico
> (808) 652-3805
> On Jan 9, 2015, at 5:34 PM, Michael Coates <michael.coates at owasp.org>
> Good to see we have board representation passionate for all pillars of
> OWASP. Projects are crucial, chapters are crucial too.
> It's not one or the other but rather how do we find ways to make each
> successful (and not at the expense of the other).
> Michael Coates
> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
> On Fri, Jan 9, 2015 at 1:26 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> I fully agree with you Andrew. Projects provide the widest visibility
>> into application security - more than all chapters and conferences combined
>> - yet they get little funding or care since they are not revenue generating
>> or whatnot.
>> I deeply think we should be funding architects, developers, and project
>> management around our most important projects, at least.
>> Jim Manico
>> (808) 652-3805
>> On Jan 8, 2015, at 10:00 PM, Andrew van der Stock <vanderaj at owasp.org>
>> I think funding based upon a gamified choice by chapter participants is
>> the wrong approach.
>> As I noted in an earlier e-mail, we are famous for certain projects, and
>> not chapters. We spend most of our Income on !famous projects.
>> We need a rebalancing to deliver our mission:
>> 30% for projects (up from essentially 0%)
>> 30% for outreach
>> 30% for chapters and members
>> 10% for admin overheads
>> Members have historically not spent chapter funds or taking any interest
>> in directing in their use, either through a lack of knowledge that they had
>> the funds or the desire or need to spend the money. I can't see this
>> I'm all for member engagement, but we have some projects which are just
>> hard work, that no one will invest in because they don't see the point, but
>> we get a lot of engagement from outside the echo chamber, such as the CISO
>> handbook, ESAPI (which is crying out for a proper coordinated release, but
>> there's no one driving it to completion as it's really hard work), the code
>> review testing and development guides (yes, I am biased), certification,
>> education (especially the creation of open course ware with tertiary
>> institutions engagement), OWASP information for PHP (it's in the top search
>> items!), the OWASP Mobile project. I am certain we could get funding for
>> Zap and the Mobile projects as they are sexy and used by our members, but
>> our mission is to get out there, and "out there" wants the things I've
>> mentioned. You can check yourself.
>> We really need to get to a position where we can inject funds into
>> projects of mission significance, and give funds like in a GSoC or RedBook
>> residence type of way to get good progress on hard to do, but essential
>> projects. And members can affect that by getting involved in projects and
>> applying for funds. That way, we're not just allowing chapters to allocate
>> funds to dormant projects, which has little to no member engagement both on
>> the giving and doing side. We need to engage the members so that they feel
>> empowered to contribute to OWASP, and not just tell us how to re-allocate
>> funds within our accounts.
>> On Thu, Jan 8, 2015 at 8:34 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> Hi all,
>>> I just read some requests about project budgets and am wondering about
>>> an idea that just came to mind:
>>> Should we do a kind of project marketplace / competition for best ideas
>>> asking for funding by chapters?
>>> We have some projects which need a little funding and on the other hand
>>> we have chapters with buckets not knowing which projects are "hot" at the
>>> moment, and which may be big fans of specific projects (e.g. with guest
>>> talks, user communities, ...) and they might want to support individual
>>> projects to get results.
>>> This could be beneficial for both sides:
>>> we could do a competition of projects asking for help from chapters
>>> maybe every 3-6 months. Projects would submit a paragraph what they need
>>> and what they plan to do with the money in the next six months. And chapter
>>> leaders would be invited to donate or support the projects with a little
>>> chip from their budgets. This could be in form of a simple "donate to
>>> project amount x from chapter bucket y" survey-form, or just via email.
>>> And chapters would "vote" for the projects they find interesting "with
>>> their feet".
>>> 1. projects could get easier extra funding if needed.
>>> 2. chapters have a new way of learning of new cool stuff coming out and
>>> what might be interesting for their community
>>> 3. the chapter could easier find cool ideas for investment that matter
>>> to your chapter members most.
>>> The idea is still just a thought and very rough and needs some work.
>>> That's why I post it here for first feedback before going to the full
>>> community list.
>>> Any thoughts?
>>> Ideas to make it better?
>>> Best, Tobias
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board