[Owasp-board] [Owasp-community] RFP - OWASP Foundation Needs Assessment
matt.tesauro at owasp.org
Fri Feb 5 03:19:13 UTC 2016
While I think a goal of achieving what the Mozilla Foundation has for their
developer network is a good goal, it's not a very fair comparison:
Last audited returns provided by Mozilla Foundation are 2014: $329.5
million in revenue 
Latest annual budget for the OWASP Foundation - 2015: $2,540,667 or ~ $2.5
million in revenue 
Mozilla has ~ 132 times OWASP's revenue so the comparison really doesn't
Should we strive to get to that level of maturity: Heck yes.
Will we be there in the next year or two: I very much doubt it.
-- Matt Tesauro
OWASP AppSec Pipeline Lead
OWASP WTE Project Lead
http://AppSecLive.org <http://appseclive.org/> - Community and Download site
On Thu, Feb 4, 2016 at 5:51 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> Hi Paul
> Having been quite involved with OWASP and its content for 3.5 years , I
> can provide a quick assessment based on my experience:
> *Content management of Wiki*
> We lack a Content management team responsible/accountable to drive and
> mantain cohesive content on the wiki.Right now the wiki is a 'messy
> collage' of content, with sporadic volunteers but way too many people
> creating isolated wiki pages, uncategorised and outdated content that never
> gets properly cleaned up after many years ago.
> *Volunteer program management*
> We lack proper implementation of a volunteer program.Volunteers needs to
> be managed and motivated so they contribute(aka work for free ;-). I Think
> we have a big gap in OWASP to motivate volunteers properly
> *Integration of work-flow processes through Salesforce API *
> I was a salesforce developer for SafeBoot
> (bought by McAfee in 2007) and I did some heavy integration between the
> Safeboot website with customer portals and the Salesforce API. OWASP can do
> the same and integrate many processes(such as the forms, requests from
> volunteers, reports etc) but this will require some serious development
> and develop this process properly with involvement of the staff and
> volunteers needs.Not sure if 1 hour conference call with a task force of
> volunteers(which has not been formed yet) on each type of projects
> (Builders, Breakers, Developers)will provide an external party with little
> knowledge about OWASP enough information about these issues.
> *Modernisation of Wiki *
> For the wiki, we need to modernise it so we have the same level as
> Mozilla Developer Network <https://developer.mozilla.org/en-US/> to allow
> continuos reviews and a program properly managed to motivate volunteers
> work on content (Mozilla have the 'badges
> <https://badges.mozilla.org/en-US/>' which is quite nice). It is driven
> by volunteers, however managed by a team.
> I contribute with content and reviews to Mozilla just because I love that
> interface and the way the content looks(some of my contributions):
> We lack volunteers working on content and doing out in a concessive way
> and right now this is quite sporadic and messy. This also is closely
> correlated to a proper management of volunteer contributions.
> While I think is an excellent initiative to hire and contractor / 3rd
> party, I think many of us involved with OWASP for some years already know
> the answers to the problems: We need a team to manage the process and
> implement the solutions. The assessment wont solve that problem, it will
> only confirm what we already know.
> On Wed, Feb 3, 2016 at 9:46 PM, Paul Ritchie <paul.ritchie at owasp.org>
>> Hi Johanna:
>> I can jump in and clarify.
>> 1. Yes, this is the initiative & budget that the Board approve in late
>> 30 days for vendor response, and 30 days to have a community team
>> including Staff to evaluate the proposals is pretty reasonable.
>> 2. On the budget, yes, this is the range approved by the board. We
>> included the 'range' as a beginning point so we didn't get any $50K or
>> larger proposals that would have been a waste of time for both parties.
>> To those cc'd on this email via the group Board List. We are looking
>> for Volunteers to help evaluate any proposals received. If you are
>> interested in being part of the evaluation team.....please let me know.
>> I know there have been similar initiatives on wiki/infrastructure
>> enhancements in the past....but I'm aiming for the Kaizen
>> philosophy........continuing and regular improvements over time.
>> Regards. Paul
>> Best Regards, Paul Ritchie
>> OWASP Executive Director
>> paul.ritchie at owasp.org
>> On Wed, Feb 3, 2016 at 4:25 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Hi Kate
>>> Do I understand well that this RFP is only to execute an assessment
>>> with a time line of 60 days (+/- 2 months)?
>>> And the budget to do this research/assessment is USD20 to 30K?
>>> On Wed, Feb 3, 2016 at 5:33 PM, Kate Hartmann <kate.hartmann at owasp.org>
>>>> OWASP Community,
>>>> In late 2015, the OWASP Board approved an initiative to assess and
>>>> update our Wiki and internal infrastructure. The following RFP request
>>>> includes the feedback & requirements received from various community
>>>> leaders in order to capture various viewpoints from our diverse community.
>>>> If you know of a consultant, service provider or expert who would like
>>>> respond to this RFP, please forward to their attention.
>>>> Details about the RFP objectives and requirements are available in the
>>>> attached document. The document is also available here:
>>>> and on the wiki here:
>>>> Submission Information
>>>> RFP open: February 3, 2016
>>>> RFP close: February 29, 2016
>>>> Please email proposals to owasp.foundation at owasp.org
>>>> The OWASP Foundation
>>>> Disclaimer: OWASP does not endorse or recommend commercial products or
>>>> services allowing our community to remain vendor neutral with the
>>>> collective wisdom of the best minds in application security worldwide.
>>>> Owasp-community mailing list
>>>> Owasp-community at lists.owasp.org
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board