[Owasp-board] Bugcrowd for OWASP Projects

Noreen Whysel noreen.whysel at owasp.org
Fri Jan 15 18:17:09 UTC 2016


I guess the underlying question is whether our use agreements for our
various platforms are structured in a way to avoid the appearance of
endorsement. Use implies endorsement, of course, but I wonder if we have
made any public statements to the effect that we will not endorse or if it
is written into agreements.

Noreen Whysel
Community Manager
OWASP Foundation

On Fri, Jan 15, 2016 at 1:13 PM, Kelly Santalucia <
kelly.santalucia at owasp.org> wrote:

> Noreen,
>
> I believe we do pay a discounted rate for SF platform, but that would be a
> question for Kate and/or Alison to confirm.
>
> On Fri, Jan 15, 2016 at 1:06 PM, Noreen Whysel <noreen.whysel at owasp.org>
> wrote:
>
>> I was just wondering if we had barter agreements with other companies. Is
>> our usage related in any way to our member agreement or entirely separate?
>> I.e., do we pay a nonprofit market rate for SF in addition to getting $20K
>> from them as a sponsor? Or is there any other consideration since they are
>> a member?
>>
>> Noreen Whysel
>> Community Manager
>> OWASP Foundation
>>
>> On Fri, Jan 15, 2016 at 1:00 PM, Kelly Santalucia <
>> kelly.santalucia at owasp.org> wrote:
>>
>>> Salesforce is actually a paying Premier Corporate Member ($20k)
>>>
>>> Find Salesforce.com in SF and look under "Membership Information". You
>>> will find their payment information is under under "Orders (Account)"
>>>
>>> On Fri, Jan 15, 2016 at 12:50 PM, Noreen Whysel <noreen.whysel at owasp.org
>>> > wrote:
>>>
>>>> Do we have a similar agreement with Salesforce?
>>>>
>>>> Noreen Whysel
>>>> Community Manager
>>>> OWASP Foundation
>>>>
>>>> On Fri, Jan 15, 2016 at 10:44 AM, Kelly Santalucia <
>>>> kelly.santalucia at owasp.org> wrote:
>>>>
>>>>> Hi Josh,
>>>>>
>>>>> Thank you for brining this to our attention.  Including Claudia on the
>>>>> thread as well.
>>>>>
>>>>> Just some information about our Barter agreements.  Our barter
>>>>> agreements must meet or exceed a value of at least $5000k which is the
>>>>> equivalent to a Contributor Corporate Membership
>>>>> <https://www.owasp.org/index.php/Corporate_Membership> and we must
>>>>> find the barter item(s) useful and they also need to provide value to
>>>>> OWASP. i.e. it would be highly unlikely that we would accept a barter
>>>>> agreemnet from Staples valued at $5k for paperclips.
>>>>>
>>>>> This sounds like a great opportunity for OWASP. Considering I am not
>>>>> technical, I would like your help with this along with anyone else who
>>>>> would like to contribute.
>>>>>
>>>>> Where do we begin?
>>>>>
>>>>> On Fri, Jan 15, 2016 at 9:06 AM, Josh Sokol <josh.sokol at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Bugcrowd sponsored the Austin Security Professionals Happy Hour last
>>>>>> night and I had a brief conversation with one of their account guys.  He
>>>>>> mentioned to me that they were working with Sarah in the past on a possible
>>>>>> barter sponsorship of OWASP.  He mentioned something like a Silver
>>>>>> sponsorship in exchange for using Bugcrowd's platform for managing the
>>>>>> testing of OWASP projects.  Since there has been some discussions around
>>>>>> that in the past, I figured it was worthwhile to at least bring it to the
>>>>>> group for discussion.  I would assume that we would still be responsible
>>>>>> for paying out bounties, but they would donate the management of the
>>>>>> program to us.  I'm happy to get the conversation started if we'd be
>>>>>> interested or tell him no if we're not.  I'd be interested in hearing your
>>>>>> thoughts.
>>>>>>
>>>>>> ~josh
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Kelly Santalucia*
>>>>>
>>>>> *Membership and Business Liaison*
>>>>>
>>>>> *OWASP Foundation*
>>>>>
>>>>> *1200-C Agora Drive, #232*
>>>>>
>>>>> *Bel Air, MD  21014*
>>>>>
>>>>> *USA*
>>>>>
>>>>> *Direct: 1+ 973-670-5784 <973-670-5784>*
>>>>>
>>>>> *Fax: 1+ 443-283-4021 <443-283-4021> *
>>>>>
>>>>> Skype: kelly.santalucia
>>>>> Url:https://www.owasp.org
>>>>>
>>>>> *Give back and support OWASP, become a member
>>>>> <https://www.owasp.org/index.php/Membership> today!*
>>>>>
>>>>> *Join us at AppSec Cali 2016
>>>>> <https://2016.appseccalifornia.org/#about> on January 25-27, 2016 & at
>>>>> AppSecEU 2016 <http://2016.appsec.eu> in Rome, Italy. *
>>>>>
>>>>> *More OWASP events can be found here
>>>>> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>. *
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> *Kelly Santalucia*
>>>
>>> *Membership and Business Liaison*
>>>
>>> *OWASP Foundation*
>>>
>>> *1200-C Agora Drive, #232*
>>>
>>> *Bel Air, MD  21014*
>>>
>>> *USA*
>>>
>>> *Direct: 1+ 973-670-5784 <973-670-5784>*
>>>
>>> *Fax: 1+ 443-283-4021 <443-283-4021> *
>>>
>>> Skype: kelly.santalucia
>>> Url:https://www.owasp.org
>>>
>>> *Give back and support OWASP, become a member
>>> <https://www.owasp.org/index.php/Membership> today!*
>>>
>>> *Join us at AppSec Cali 2016 <https://2016.appseccalifornia.org/#about>
>>> on January 25-27, 2016 & at AppSecEU 2016 <http://2016.appsec.eu> in Rome,
>>> Italy. *
>>>
>>> *More OWASP events can be found here
>>> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>. *
>>>
>>
>>
>
>
> --
> *Kelly Santalucia*
>
> *Membership and Business Liaison*
>
> *OWASP Foundation*
>
> *1200-C Agora Drive, #232*
>
> *Bel Air, MD  21014*
>
> *USA*
>
> *Direct: 1+ 973-670-5784 <973-670-5784>*
>
> *Fax: 1+ 443-283-4021 <443-283-4021> *
>
> Skype: kelly.santalucia
> Url:https://www.owasp.org
>
> *Give back and support OWASP, become a member
> <https://www.owasp.org/index.php/Membership> today!*
>
> *Join us at AppSec Cali 2016 <https://2016.appseccalifornia.org/#about> on
> January 25-27, 2016 & at AppSecEU 2016 <http://2016.appsec.eu> in Rome,
> Italy. *
>
> *More OWASP events can be found here
> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>. *
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160115/06f8427b/attachment.html>


More information about the Owasp-board mailing list