[Owasp-board] [Owasp-community] RFP - OWASP Foundation Needs Assessment

Matt Tesauro matt.tesauro at owasp.org
Fri Feb 5 03:19:13 UTC 2016


While I think a goal of achieving what the Mozilla Foundation has for their
developer network is a good goal, it's not a very fair comparison:

Last audited returns provided by Mozilla Foundation are 2014:  $329.5
million in revenue [1]

Latest annual budget for the OWASP Foundation - 2015:  $2,540,667 or ~ $2.5
million in revenue [2]

Mozilla has ~ 132 times OWASP's revenue so the comparison really doesn't
work.

Should we strive to get to that level of maturity:  Heck yes.

Will we be there in the next year or two:  I very much doubt it.

[1]  https://en.wikipedia.org/wiki/Mozilla_Foundation
             &
      https://www.mozilla.org/en-US/foundation/documents/

[2] https://www.owasp.org/index.php/About_OWASP#Audited_Financial_Statements
             &

https://drive.google.com/file/d/0BxjNZI6rYJRKbnBlaHM3LTU2ckk/view?usp=sharing

--
-- Matt Tesauro
OWASP AppSec Pipeline Lead
https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
OWASP WTE Project Lead
*https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
<https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
http://AppSecLive.org <http://appseclive.org/> - Community and Download site

On Thu, Feb 4, 2016 at 5:51 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Paul
>
> Having been quite involved with OWASP and its content for 3.5 years , I
> can provide a quick assessment  based on my experience:
>
> *Content management of Wiki*
> We lack a Content management team responsible/accountable to drive and
> mantain cohesive content on the wiki.Right now the wiki is a 'messy
> collage' of content, with sporadic volunteers but way too many people
> creating isolated wiki pages, uncategorised and outdated content that never
> gets properly cleaned up after many years ago.
>
> *Volunteer program management*
> We lack  proper implementation of a volunteer program.Volunteers needs to
> be managed and motivated so they contribute(aka work for free ;-). I Think
> we have a big gap in OWASP to motivate volunteers properly
>
> *Integration of work-flow processes through Salesforce API *
> I was a salesforce developer for SafeBoot
> <http://searchsecurity.techtarget.com/news/1275984/McAfee-acquires-SafeBoot-for-endpoint-encryption>
> (bought by McAfee in 2007) and I did some heavy integration between the
> Safeboot website with customer portals and the Salesforce API. OWASP can do
> the same and integrate many processes(such as the forms, requests from
> volunteers, reports etc)  but this will require some serious development
> and develop this process properly with involvement of the staff and
> volunteers needs.Not sure if 1 hour conference call with a task force of
> volunteers(which has not been formed yet) on each type of projects
> (Builders, Breakers, Developers)will provide an external party with little
> knowledge about OWASP enough information about these issues.
>
> *Modernisation of Wiki *
> For the wiki, we need to modernise it so we have the same level as
> Mozilla Developer Network <https://developer.mozilla.org/en-US/> to allow
> continuos reviews and a program properly managed to motivate volunteers
> work on content (Mozilla have the 'badges
> <https://badges.mozilla.org/en-US/>' which is quite nice). It is driven
> by volunteers, however managed by a team.
> I contribute with content and reviews to Mozilla just because I love that
> interface and the way the content looks(some of my contributions):
>
> https://developer.mozilla.org/en-US/docs/Web/SVG/Tutorial/SVG_Filters_Tutorial
> .
>
> We lack volunteers working on content and doing out in a concessive way
> and right now this is quite sporadic and messy. This also is closely
> correlated to a proper management of volunteer contributions.
>
> While I think is an excellent initiative to hire and contractor / 3rd
> party, I think many of us involved with OWASP for some years already know
> the answers to the problems: We need a team to manage the process and
> implement the solutions. The assessment wont solve that problem, it will
> only confirm what we already know.
>
>
> Cheers
>
> Johanna
>
>
>
>
> On Wed, Feb 3, 2016 at 9:46 PM, Paul Ritchie <paul.ritchie at owasp.org>
> wrote:
>
>> Hi Johanna:
>> I can jump in and clarify.
>>
>> 1. Yes, this is the initiative & budget that the Board approve in late
>> 2015.
>> 30 days for vendor response, and 30 days to have a community team
>> including Staff to evaluate the proposals is pretty reasonable.
>>
>> 2. On the budget, yes, this is the range approved by the board.  We
>> included the 'range' as a beginning point so we didn't get any $50K or
>> larger proposals that would have been a waste of time for both parties.
>>
>> To those cc'd on this email via the group Board List.   We are looking
>> for Volunteers to help evaluate any proposals received. If you are
>> interested in being part of the evaluation team.....please let me know.
>>
>> I know there have been similar initiatives on wiki/infrastructure
>> enhancements in the past....but I'm aiming for the Kaizen
>> philosophy........continuing and regular improvements over time.
>>
>> Regards. Paul
>>
>> Best Regards, Paul Ritchie
>> OWASP Executive Director
>> paul.ritchie at owasp.org
>>
>>
>> On Wed, Feb 3, 2016 at 4:25 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Kate
>>>
>>> Do I understand well that this RFP is only to execute an assessment
>>>  with a time line of 60 days (+/- 2 months)?
>>> And the budget to do this research/assessment is USD20 to 30K?
>>>
>>> Cheers
>>>
>>> Johanna
>>>
>>> On Wed, Feb 3, 2016 at 5:33 PM, Kate Hartmann <kate.hartmann at owasp.org>
>>> wrote:
>>>
>>>> OWASP Community,
>>>>
>>>> In late 2015, the OWASP Board approved an initiative to assess and
>>>> update our Wiki and internal infrastructure.  The following RFP request
>>>> includes the feedback & requirements received from various community
>>>> leaders in order to capture various viewpoints from our diverse community.
>>>>
>>>> If you know of a consultant, service provider or expert who would like
>>>> respond to this RFP, please forward to their attention.
>>>>
>>>> Details about the RFP objectives and requirements are available in the
>>>> attached document.  The document is also available here:
>>>> https://drive.google.com/file/d/0BxI4iTO_QojvY0ItSk56aWY3WXM/view?usp=sharing
>>>> and on the wiki here:
>>>> https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus#Active_Initiatives
>>>>
>>>> Submission Information
>>>>
>>>> RFP open:  February 3, 2016
>>>> RFP close:  February 29, 2016
>>>>
>>>> Please email proposals to owasp.foundation at owasp.org
>>>>
>>>> Sincerely,
>>>> The OWASP Foundation
>>>>
>>>>
>>>> ====
>>>> Disclaimer: OWASP does not endorse or recommend commercial products or
>>>> services allowing our community to remain vendor neutral with the
>>>> collective wisdom of the best minds in application security worldwide.
>>>> ====
>>>> _______________________________________________
>>>> Owasp-community mailing list
>>>> Owasp-community at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160204/392404a4/attachment-0001.html>


More information about the Owasp-board mailing list