<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Jeff,<br>
    <br>
    I think this is one of the better funding models for the foundation.
    It's well thought out and we should seriously consider it on a large
    scale.<br>
    <br>
    <div><a class="moz-txt-link-freetext" href="https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?usp=sharing&authkey=CKycuTY">https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?usp=sharing&authkey=CKycuTY</a></div>
    <br>
    I am sorry if past emails to the community did not emphasize how
    much I think this proposal is good for us all. <br>
    <br>
    This is something, like you say, we already do informally. <br>
    <br>
    Our current efforts are around funding new chapters and projects -
    many in the community have complained about the hardships in
    starting a chapter or project from a financial point of view. After
    these "bills" we are working on have passed, I'll take a closer look
    at the project partnership model and see what the board can do to
    somewhat formalize it. If you have suggestions as to what you would
    like from the board over this proposal, let me know and I would be
    happy to champion it. OWASP can certainly endure and thrive on
    multiple funding models.<br>
    <br>
    Aloha,<br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a></pre>
    <br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 9/15/15 8:09 PM, Jeff Williams
      wrote:<br>
    </div>
    <blockquote
cite="mid:815ED4954DD4EA87.9FEF77AB-F6A4-4668-BF0C-DEBB490F0CFC@mail.outlook.com"
      type="cite">
      <div>You all might be interested in the OWASP Project Partnership
        Model</div>
      <div><br>
      </div>
      <div><a class="moz-txt-link-freetext" href="https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?usp=sharing&authkey=CKycuTY">https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?usp=sharing&authkey=CKycuTY</a></div>
      <div><br>
      </div>
      <div>Many contributors may find success by considering a limited
        crowd sourced approach where the results are to be open sourced
        at OWASP.  This has been used many times at OWASP in the past as
        described in the linked document.<br>
        <br>
        <div class="acompli_signature">--Jeff<br>
          <br>
        </div>
      </div>
      <br>
      <br>
      <br>
      <div class="gmail_quote">On Tue, Sep 15, 2015 at 10:20 AM -0700,
        "Josh Sokol" <span dir="ltr"><<a moz-do-not-send="true"
            href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>></span>
        wrote:<br>
        <br>
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div dir="3D"ltr"">
            <div dir="ltr">
              <div>Love the idea Simon!  I am excited to see how this
                model works out for ZAP.<br>
                <br>
              </div>
              ~josh<br>
            </div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote">On Tue, Sep 15, 2015 at 12:07 PM,
                psiinon <span dir="ltr"><<a moz-do-not-send="true"
                    href="mailto:psiinon@gmail.com" target="_blank">psiinon@gmail.com</a>></span>
                wrote:<br>
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div dir="ltr">
                    <div>
                      <div>
                        <div>
                          <div>We've essentially started doing that with
                            ZAP: <a moz-do-not-send="true"
                              href="https://www.bountysource.com/teams/zap"
                              target="_blank">https://www.bountysource.com/teams/zap</a>
                            :)<br>
                          </div>
                          I'm paying for one of the key ZAP contributors
                          to work on some really important features out
                          of ZAP funds via that site.<br>
                        </div>
                        If that works well then I plan to have a funding
                        push so that I can getmore work done that way.<br>
                        <br>
                      </div>
                      Cheers,<br>
                      <br>
                    </div>
                    Simon<br>
                  </div>
                  <div class="HOEnZb">
                    <div class="h5">
                      <div class="gmail_extra"><br>
                        <div class="gmail_quote">On Tue, Sep 15, 2015 at
                          6:02 PM, Josh Sokol <span dir="ltr"><<a
                              moz-do-not-send="true"
                              href="mailto:josh.sokol@owasp.org"
                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span>
                          wrote:<br>
                          <blockquote class="gmail_quote"
                            style="margin:0 0 0 .8ex;border-left:1px
                            #ccc solid;padding-left:1ex">
                            <div dir="ltr">
                              <div>I wasn't really even thinking about
                                grants when I said that.  There are a
                                lot of restrictions around grants that
                                can make them challenging to both
                                procure and support.  My line of
                                thinking was more around a
                                "crowdfunding" type of model.  A project
                                could put up a list of features and cost
                                estimates and have users vote on what
                                would be most valuable to them.  Then,
                                put out a call for funding to see if the
                                community would be willing to support
                                the initiative by contributing to it. 
                                OWASP would still need to handle the
                                money in order to ensure that the work
                                was done before it got paid out and
                                wasn't fraudulent, but it might be a way
                                to gain funding for projects via the
                                people who are actually using them.<span><font
                                    color="#888888"><br>
                                    <br>
                                  </font></span></div>
                              <span><font color="#888888">~josh<br>
                                </font></span></div>
                            <div>
                              <div>
                                <div class="gmail_extra"><br>
                                  <div class="gmail_quote">On Tue, Sep
                                    15, 2015 at 11:45 AM, johanna curiel
                                    curiel <span dir="ltr"><<a
                                        moz-do-not-send="true"
                                        href="mailto:johanna.curiel@owasp.org"
                                        target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                    wrote:<br>
                                    <blockquote class="gmail_quote"
                                      style="margin:0 0 0
                                      .8ex;border-left:1px #ccc
                                      solid;padding-left:1ex">
                                      <div dir="ltr"><span><span
                                            style="font-size:12.8px">This
                                            is often very difficult to
                                            pull off in open source
                                            projects for all but the
                                            most mature and staffed
                                            projects. Folks are
                                            volunteering and work when
                                            they can.</span><br>
                                          <div><span
                                              style="font-size:12.8px"><br>
                                            </span></div>
                                        </span>
                                        <div><span
                                            style="font-size:12.8px">Jim,
                                            when requesting this kind of
                                            funds the project leader:</span></div>
                                        <div>
                                          <ul>
                                            <li><span
                                                style="font-size:12.8px">Can
                                                work full time on the
                                                project and be able to
                                                deliver or</span><br>
                                            </li>
                                            <li><span
                                                style="font-size:12.8px">Can
                                                hire a developer to work
                                                full time on the project</span><br>
                                            </li>
                                          </ul>
                                        </div>
                                        <div><span
                                            style="font-size:12.8px"><br>
                                          </span></div>
                                        <div><span
                                            style="font-size:12.8px">We
                                            need to
                                            differentiate responsibilities when
                                            you want to get funds</span></div>
                                        <div><span
                                            style="font-size:12.8px"><br>
                                          </span></div>
                                        <div><span
                                            style="font-size:12.8px">Whether you
                                            never ask for funds and keep
                                            on working as you do
                                            (part-time/sporadically)</span></div>
                                        <div><span
                                            style="font-size:12.8px">Or
                                            want to pull off some
                                            serious features and need to
                                            dedicate time and resources</span></div>
                                        <div><span
                                            style="font-size:12.8px"><br>
                                          </span></div>
                                        <div><span
                                            style="font-size:12.8px">But,
                                            a leader cannot get grant
                                            funds or money and then not
                                            deliver, in that case he
                                            better does not consider the
                                            option for asking for funds,
                                            it involves
                                            a responsibility to it.</span></div>
                                        <div><span
                                            style="font-size:12.8px"><br>
                                          </span></div>
                                        <div><span
                                            style="font-size:12.8px">Funds
                                            could be granted however for
                                            other activities such as
                                            promotion (Brochure, layout
                                            work) </span></div>
                                        <div><span
                                            style="font-size:12.8px"><br>
                                          </span></div>
                                        <div><span
                                            style="font-size:12.8px">Regards</span><span><font
                                              color="#888888"><br>
                                            </font></span></div>
                                        <span><font color="#888888">
                                            <div><span
                                                style="font-size:12.8px"><br>
                                              </span></div>
                                            <div><span
                                                style="font-size:12.8px">Johanna</span></div>
                                          </font></span></div>
                                      <div>
                                        <div>
                                          <div class="gmail_extra"><br>
                                            <div class="gmail_quote">On
                                              Tue, Sep 15, 2015 at 12:28
                                              PM, Jim Manico <span
                                                dir="ltr"><<a
                                                  moz-do-not-send="true"
href="mailto:jim.manico@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>></span>
                                              wrote:<br>
                                              <blockquote
                                                class="gmail_quote"
                                                style="margin:0 0 0
                                                .8ex;border-left:1px
                                                #ccc
                                                solid;padding-left:1ex">
                                                <div dir="auto">
                                                  <div>> ....<span
                                                      style="background-color:rgba(255,255,255,0)">leaders
                                                      provide a plan of
                                                      the features that
                                                      will be created
                                                      with the funds and
                                                      at the end, the
                                                      results obtained. </span><br>
                                                    <br>
                                                    This is often very
                                                    difficult to pull
                                                    off in open source
                                                    projects for all but
                                                    the most mature and
                                                    staffed projects.
                                                    Folks are
                                                    volunteering and
                                                    work when they can.
                                                    To start asking for
                                                    specific feature
                                                    commitments done at
                                                    specific times for
                                                    specific financial
                                                    donations is often a
                                                    path to
                                                    disappointment in
                                                    the open source
                                                    world. Caution!</div>
                                                  <div><br>
                                                  </div>
                                                  <div>
                                                    <div>--</div>
                                                    <div>Jim Manico</div>
                                                    <div>
                                                      <div>
                                                        <div
                                                          style="word-wrap:break-word">
                                                          <div><span
                                                          style="background-color:rgba(255,255,255,0)">Global
                                                          Board Member</span></div>
                                                          <span
                                                          style="background-color:rgba(255,255,255,0)">OWASP
                                                          Foundation</span>
                                                          <div><a
                                                          moz-do-not-send="true"
href="https://www.owasp.org/"
                                                          style="background-color:rgba(255,255,255,0)"
target="_blank"><font color="#000000"><a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a></font></a></div>
                                                        </div>
                                                      </div>
                                                      <div><span
                                                          style="background-color:rgba(255,255,255,0)">Join
                                                          me at <a
                                                          moz-do-not-send="true"
href="http://appsecusa.org/" target="_blank">AppSecUSA</a> 2015!</span></div>
                                                    </div>
                                                  </div>
                                                  <div>
                                                    <div>
                                                      <div><br>
                                                        On Sep 15, 2015,
                                                        at 9:22 AM,
                                                        johanna curiel
                                                        curiel <<a
                                                          moz-do-not-send="true"
href="mailto:johanna.curiel@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>>
                                                        wrote:<br>
                                                        <br>
                                                      </div>
                                                    </div>
                                                  </div>
                                                  <blockquote
                                                    type="cite">
                                                    <div>
                                                      <div>
                                                        <div>Hi Josh
                                                          <div><br>
                                                          </div>
                                                          <div>Yes , an
                                                          example is how
                                                          grant funds
                                                          work. When
                                                          corporations
                                                          or People make
                                                          donations or
                                                          part of a
                                                          grant, it must
                                                          be defined The
                                                          features that
                                                          will be built.
                                                          This maken it
                                                          transparent
                                                          and clear for
                                                          the persons
                                                          doing the
                                                          donations or
                                                          through grant
                                                          funds.</div>
                                                        </div>
                                                      </div>
                                                      <div>
                                                        <div>
                                                          <div>If we
                                                          create a pool
                                                          where projects
                                                          could make use
                                                          of it, then it
                                                          is expected
                                                          that leaders
                                                          provide a plan
                                                          of
                                                          the features
                                                          that will be
                                                          created with
                                                          the funds and
                                                          at the end,
                                                          the results
                                                          obtained. <br>
                                                          <br>
                                                          Johanna<br>
                                                          On Tuesday,
                                                          September 15,
                                                          2015, Josh
                                                          Sokol <<a
                                                          moz-do-not-send="true"
href="mailto:josh.sokol@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>>
                                                          wrote:<br>
                                                          </div>
                                                        </div>
                                                        <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>Maybe
                                                          this is a
                                                          stupid
                                                          question, but
                                                          has anyone
                                                          considered
                                                          experimenting
                                                          with a funding
                                                          model using
                                                          the project
                                                          itself?  Maybe
                                                          try to raise
                                                          additional
                                                          funds by
                                                          having a paid
                                                          support option
                                                          or say if you
                                                          can raise $X
                                                          in donations
                                                          you'll develop
                                                          Y feature(s)? 
                                                          The devil is
                                                          in the
                                                          details, but
                                                          that might be
                                                          a
                                                          project-centric
                                                          way to raise
                                                          money that a
                                                          chapter
                                                          wouldn't even
                                                          have the
                                                          option to do.<br>
                                                          <br>
                                                          </div>
                                                          ~josh<br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 14, 2015
                                                          at 12:22 PM,
                                                          johanna curiel
                                                          curiel <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr"><span><span
style="font-size:13px">For reference, the 2015 budget shows OWASP at a
                                                          loss of around
                                                          $105k for the
                                                          year.  Not an
                                                          issue given
                                                          the funds
                                                          currently in
                                                          reserves, but
                                                          we did budget
                                                          to spend more
                                                          than we
                                                          brought in so
                                                          there's not a
                                                          ton of room to
                                                          work with
                                                          there unless
                                                          we add revenue
                                                          or eliminate
                                                          expenses.</span><br>
                                                          <div><span
                                                          style="font-size:13px"><br>
                                                          </span></div>
                                                          </span>
                                                          <div><span
                                                          style="font-size:13px">Agree
                                                          I also noticed
                                                          this. The
                                                          activities I'm
                                                          proposing </span>won't
                                                          be that high
                                                          cost,
                                                          especially
                                                          compare to
                                                          actual costs
                                                          of setting
                                                          events, but I
                                                          think a
                                                          strategy where
                                                          project
                                                          leaders can
                                                          generate
                                                          pro-actively
                                                          funds for
                                                          their own
                                                          project is a
                                                          step towards
                                                          developing
                                                          them better. </div>
                                                          <div><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 14, 2015
                                                          at 12:37 PM,
                                                          Josh Sokol <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>The Board
                                                          should be
                                                          reviewing the
                                                          budget for
                                                          2016 in the
                                                          next few
                                                          months so it
                                                          is an
                                                          excellent time
                                                          to make such a
                                                          proposal.  We
                                                          just need to
                                                          know what
                                                          kinds of
                                                          activities we
                                                          are looking at
                                                          and how much
                                                          we need to
                                                          make them
                                                          happen.  We
                                                          can then look
                                                          at anticipated
                                                          revenue vs
                                                          expenses in
                                                          order to
                                                          determine if
                                                          there is room
                                                          in the budget
                                                          to make it
                                                          happen.  For
                                                          reference, the
                                                          2015 budget
                                                          shows OWASP at
                                                          a loss of
                                                          around $105k
                                                          for the year. 
                                                          Not an issue
                                                          given the
                                                          funds
                                                          currently in
                                                          reserves, but
                                                          we did budget
                                                          to spend more
                                                          than we
                                                          brought in so
                                                          there's not a
                                                          ton of room to
                                                          work with
                                                          there unless
                                                          we add revenue
                                                          or eliminate
                                                          expenses.<span><font
color="#888888"><br>
                                                          <br>
                                                          </font></span></div>
                                                          <span><font
                                                          color="#888888">~josh<br>
                                                          </font></span></div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 14, 2015
                                                          at 11:20 AM,
                                                          johanna curiel
                                                          curiel <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Hi
                                                          Josh
                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          taken the work
                                                          to extract
                                                          from the
                                                          budget of 2015
                                                          where are the
                                                          major OWASP
                                                          costs :</div>
                                                          <div>Total
                                                          revenue
                                                          projected for
                                                          2015 is
                                                          USD2,540,667.00</div>
                                                          <div><br>
                                                          </div>
                                                          <div>From this
                                                          :</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <div
                                                          style="font-size:13px">
                                                          <table
                                                          dir="ltr"
                                                          style="table-layout:fixed;font-family:arial,sans,sans-serif;border-collapse:collapse;border:1px
                                                          solid
                                                          rgb(204,204,204)"
                                                          border="1"
                                                          cellpadding="0"
cellspacing="0">
                                                          <colgroup><col
                                                          width="247"><col
                                                          width="100"></colgroup><tbody>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;font-size:16px;font-weight:bold">Cost Salaries
                                                          and
                                                          Contractors
                                                          2015 OWASP</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom"><br>
                                                          </td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Employees salaries</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">342,237.82</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">bonus and commission</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">38,600.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;font-weight:bold">Contractors &
                                                          Professional
                                                          services</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom"><br>
                                                          </td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Virtual fin fee</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">32,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Accounting KPMG</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">4,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Int Accountinh KPMG EU</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">9,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Qtrly VAT by COuntry</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">14,489.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Virtual Executive Director/HR Contractor</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">8,700.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Virtual - HR Hosting & fees</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">12,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">IT Admin</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">10,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Legal Contractor</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">7,200.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Graphic Designer</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">7,200.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Events Manager</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">72,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;background-color:rgb(255,255,0);font-weight:bold">Total</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;background-color:rgb(255,255,0);font-weight:bold;text-align:right">557,426.82</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom"><br>
                                                          </td>
                                                          <td><br>
                                                          </td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Percentage from total revenue</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">21.94%</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom"><br>
                                                          </td>
                                                          <td><br>
                                                          </td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;font-size:16px;font-weight:bold">Cost
                                                          Conferences
                                                          2015 (in USD
                                                          Dollars)</td>
                                                          <td><br>
                                                          </td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">APPSEC US</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">$935,557.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">APPSEC EU</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">$241,510.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">APPSEC ASIA</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">$25,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">APPSEC LATAM</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">7500</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Local & Regional Events</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">$115,000.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;background-color:rgb(255,255,0);font-weight:bold">Total
                                                          in events</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;background-color:rgb(255,255,0);font-weight:bold;text-align:right">$1,209,567.00</td>
                                                          </tr>
                                                          <tr
                                                          style="height:21px">
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom">Perventage from reveunue</td>
                                                          <td
                                                          style="padding:2px
3px;vertical-align:bottom;text-align:right">47.61%</td>
                                                          </tr>
                                                          </tbody>
                                                          </table>
                                                          </div>
                                                          <div
                                                          style="font-size:13px">
                                                          <div><img
                                                          moz-do-not-send="true"></div>
                                                          <div><br>
                                                          </div>
                                                          <div>As I can
                                                          see there are
                                                          many expenses
                                                          involved in
                                                          operations and
                                                          creating
                                                          events.(That
                                                          will sum up
                                                          around 70% of
                                                          the OWASP
                                                          expenses)</div>
                                                          <div><br>
                                                          </div>
                                                          <div>>In
                                                          respose to
                                                          Paul:</div>
                                                          <span>
                                                          <div>For 2016
                                                          planning, I'm
                                                          encouraged by
                                                          all the
                                                          interest
                                                          demonstrated
                                                          by these
                                                          emails, as we
                                                          adjust our
                                                          2016 Budget to
                                                          reflect the
                                                          community
                                                          priorities.<br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </span>
                                                          <div>I would
                                                          like to
                                                          propose some
                                                          fixed budget
                                                          for certain
                                                          activities, I
                                                          believe
                                                          Claudia was
                                                          busy also with
                                                          that part for
                                                          the Project
                                                          summits, but
                                                          also for
                                                          helping
                                                          promoting
                                                          projects and
                                                          training for
                                                          leaders. </div>
                                                          <div><br>
                                                          </div>
                                                          <div>regards</div>
                                                          <span><font
                                                          color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          </font></span></div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 14, 2015
                                                          at 11:41 AM,
                                                          Josh Sokol <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>Johanna,<br>
                                                          <br>
                                                          </div>
                                                          I was really
                                                          hoping that
                                                          Fabio, as
                                                          current
                                                          Treasurer,
                                                          would wade
                                                          into this
                                                          conversation,
                                                          but since he
                                                          hasn't I will
                                                          as Treasurer
                                                          last year.  <br>
                                                          <br>
                                                          The short
                                                          answer to your
                                                          questions is
                                                          that OWASP
                                                          receives money
                                                          from many
                                                          different
                                                          sources. 
                                                          Conferences,
                                                          grants,
                                                          donations, and
                                                          yes,
                                                          membership. 
                                                          OWASP also has
                                                          many expenses
                                                          that aren't
                                                          solely covered
                                                          by "project
                                                          expenses" or
                                                          "chapter
                                                          expenses". 
                                                          Money that
                                                          isn't
                                                          pre-allocated
                                                          to something
                                                          specific like
                                                          that ends up
                                                          in the OWASP
                                                          funds pool and
                                                          gets budgeted
                                                          to be used for
                                                          other
                                                          expenses.  Our
                                                          paid staff is
                                                          probably the
                                                          top expense
                                                          where that is
                                                          concerned, but
                                                          there are many
                                                          other things
                                                          that OWASP
                                                          spends money
                                                          on as well. 
                                                          The OWASP
                                                          budget should
                                                          be publicly
                                                          available and
                                                          I know that
                                                          the OWASP
                                                          staff is
                                                          currently
                                                          working on the
                                                          2014 report
                                                          which should
                                                          be released
                                                          any day now.<span><font
color="#888888"><br>
                                                          <br>
                                                          </font></span></div>
                                                          <span><font
                                                          color="#888888">~josh<br>
                                                          </font></span></div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 7, 2015 at
                                                          11:30 AM,
                                                          johanna curiel
                                                          curiel <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr"><span><span
style="font-size:13px">>How can we make the corporation more aware of
                                                          this option?</span><br>
                                                          <div><span
                                                          style="font-size:13px"><br>
                                                          </span></div>
                                                          </span>
                                                          <div>I would
                                                          like to see
                                                          first a
                                                          clarification
                                                          on <i>where</i>
                                                          is the money
                                                          allocated
                                                          right now from
                                                          corporate
                                                          memberships
                                                          that have not
                                                          made any
                                                          choices.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Community
                                                          funds is
                                                          USD60,000 a
                                                          year and this
                                                          is not only
                                                          for projects
                                                          but everything
                                                          to do with the
                                                          community.</div>
                                                          <div><br>
                                                          </div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">So
                                                          far there is
                                                          in memberships
                                                          between
                                                          corporate and
                                                          individuals
                                                          memberships a
                                                          total of </font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif"><br>
                                                          </font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">Corporate
                                                          memberships
                                                          (foundation +
                                                          Chapter) USD
                                                          350,000-</font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">Individual
                                                          membership  
                                                           (foundation
                                                          +chapter)  
                                                          USD  90,000-</font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">Total
                                                          =            
                                                                       
                                                                       
                                                                       
                                                                    <b> USD
                                                          440,000</b> </font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif"><br>
                                                          </font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">Following
                                                          the same
                                                          sheet the
                                                          following
                                                          corporate memberships
                                                          have not been
                                                          allocated by
                                                          the sponsors.
                                                          I would like
                                                          to know how
                                                          much money of
                                                          the USD
                                                          350,000 belongs
                                                          to these
                                                          unallocated</font></div>
                                                          <div>
                                                          <ol>
                                                          <li>Autodesk,
                                                          Inc.<br>
                                                          </li>
                                                          <li>Blackhat
                                                          US<br>
                                                          </li>
                                                          <li>CA
                                                          Technologies<br>
                                                          </li>
                                                          <li>CDNetworks<br>
                                                          </li>
                                                          <li>ClassDojo<br>
                                                          </li>
                                                          <li>Coverity<br>
                                                          </li>
                                                          <li>eLearn
                                                          Security<br>
                                                          </li>
                                                          <li>HERE North
                                                          America, LLC.<br>
                                                          </li>
                                                          <li>Johnson
                                                          Controls, Inc.<br>
                                                          </li>
                                                          <li>Rapid7<br>
                                                          </li>
                                                          <li>Software
                                                          Assurance
                                                          Marketplace
                                                          (SWAMP)</li>
                                                          </ol>
                                                          </div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif"><br>
                                                          </font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">Each
                                                          of these
                                                          contribute
                                                          with USD 5000
                                                          (following
                                                          corporate
                                                          categories as
                                                          the appear
                                                          here: <a
                                                          moz-do-not-send="true"
href="https://www.owasp.org/index.php/Membership#tab=Corporate_Supporters"
target="_blank"><a class="moz-txt-link-freetext" href="https://www.owasp.org/index.php/Membership#tab=Corporate_Supporters">https://www.owasp.org/index.php/Membership#tab=Corporate_Supporters</a></a>)</font></div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">11
                                                          of them has
                                                          not been
                                                          allocated that
                                                          makes USD
                                                          55,000-</font></div>
                                                          <div><span
                                                          style="color:rgb(0,0,0)"><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">
                                                          <table
                                                          dir="ltr"
                                                          style="table-layout:fixed"
cellpadding="0" cellspacing="0">
                                                          <colgroup><col
                                                          width="166"></colgroup><tbody>
                                                          </tbody>
                                                          </table>
                                                          </font></span></div>
                                                          <div><br>
                                                          </div>
                                                          <div><font
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif"><font
color="#000000">Big Corporate memberships from  4 companies which does
                                                          not appear in
                                                          that Google
                                                          sheet have
                                                          contributed
                                                          with==> 4 x
                                                          USD 20,000 =
                                                          USD 80,000
                                                          ==> where
                                                          is this money
                                                          been
                                                          allocated?</font></font></div>
                                                          <div>
                                                          <div>
                                                          <ol>
                                                          <li>Adobe</li>
                                                          <li>Qualys</li>
                                                          <li>HP</li>
                                                          <li>Contrast</li>
                                                          </ol>
                                                          </div>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><font
                                                          color="#000000"
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">I
                                                          would like to
                                                          have a
                                                          clarification
                                                          where exactly
                                                          is the money
                                                          allocated from
                                                          these
                                                          corporate
                                                          memberships
                                                          which in total
                                                          (following
                                                          these
                                                          calculation accumulates
                                                          a total of</font></div>
                                                          <div><font
                                                          color="#000000"
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">USD
                                                          55,000 +
                                                          80,000 = USD
                                                          140,000 that
                                                          none of the
                                                          corporate
                                                          members have
                                                          allocated. </font></div>
                                                          <div><br>
                                                          </div>
                                                          <div><font
                                                          color="#000000"
                                                          face="arial,
                                                          helvetica,
                                                          sans-serif">If
                                                          it seems that
                                                          part of the
                                                          money goes
                                                          to community
                                                          fund then 140k
                                                          -60k = USD
                                                          80,000 still
                                                          open where is
                                                          this money
                                                          being
                                                          allocated to?</font></div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 7, 2015 at
                                                          9:07 AM,
                                                          psiinon <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:psiinon@gmail.com">psiinon@gmail.com</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>Thanks
                                                          Johanna, this
                                                          is _really_
                                                          interesting.<br>
                                                          </div>
                                                          And thats a
                                                          huge imbalance
                                                          between the
                                                          chapters and
                                                          projects.<br>
                                                          </div>
                                                          Corporate
                                                          members can
                                                          obviously
                                                          choose where
                                                          their money
                                                          goes, but
                                                          maybe they are
                                                          not aware they
                                                          can choose
                                                          projects (and
                                                          if Eoin didnt
                                                          know, that
                                                          seems very
                                                          likely!)<br>
                                                          </div>
                                                          How can we
                                                          make the
                                                          corporation
                                                          more aware of
                                                          this option?<br>
                                                          </div>
                                                          And how else
                                                          can re redress
                                                          this
                                                          imbalance?<br>
                                                          <br>
                                                          </div>
                                                          Cheers,<br>
                                                          <br>
                                                          </div>
                                                          Simon<br>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>On Mon,
                                                          Sep 7, 2015 at
                                                          1:14 PM,
                                                          johanna curiel
                                                          curiel <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span> wrote:<br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>In 2013
                                                          corporate
                                                          membership
                                                          represented
                                                          33% of total
                                                          income for
                                                          OWASP  opposed
                                                          to individual
                                                          membership
                                                          which
                                                          represented
                                                          only 13% of
                                                          the total
                                                          income.
                                                          <div><br>
                                                          </div>
                                                          <div>In 2015
                                                          corporate
                                                          membership(foundation+chapter)
                                                          has a total
                                                           revenue of
                                                          USD350,000-
                                                          opposed to
                                                          USD90,000-
                                                          from
                                                          individual
                                                          memberships(again
                                                          foundation+chapter)
                                                           which is
                                                          quite
                                                          considerate:</div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div><a
                                                          moz-do-not-send="true"
href="https://drive.google.com/file/d/0BxjNZI6rYJRKbnBlaHM3LTU2ckk/view?usp=sharing"
target="_blank">OWASP Foundation Budget - 2015</a><br>
                                                          <div> </div>
                                                          <div><img
                                                          src="cid:part21.00010300.05020400@owasp.org"
                                                          alt="Inline
                                                          image 1"
                                                          style="margin-right:25px"><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Basically
                                                          all
                                                          memberships
                                                          are going to
                                                          'chapters'</div>
                                                          <div><br>
                                                          <div><i>If
                                                          more than half
                                                          of these
                                                          donations(corporate
                                                          membership)
                                                          which I
                                                          highlighted in
                                                          green have not
                                                          been specified
                                                          for any
                                                          purpose, then
                                                          how does the
                                                          foundation
                                                          decided into
                                                          which account
                                                          goes that
                                                          money? I would
                                                          like an answer
                                                          on this. What
                                                          I miss here is
                                                          a break down
                                                          of the amount
                                                          and into
                                                          which budget
                                                          are these
                                                          being set.</i></div>
                                                          <div><i><br>
                                                          </i></div>
                                                          <div><i>It
                                                          seems that
                                                          those
                                                          memberships
                                                          are
                                                          going mostly
                                                          to chapters
                                                          and some to
                                                          some projects(highlighted
                                                          in Yellow)
                                                          (ZAP + SAMM)</i></div>
                                                          <div><br>
                                                          </div>
                                                          <div><a
                                                          moz-do-not-send="true"
href="https://docs.google.com/spreadsheets/d/1nVyveCi7nmwYMKK4oWSsVGNvqE9aeUBhamQ7XsZvayU/edit?usp=sharing"
style="font-size:13px" target="_blank"><a class="moz-txt-link-freetext" href="https://docs.google.com/spreadsheets/d/1nVyveCi7nmwYMKK4oWSsVGNvqE9aeUBhamQ7XsZvayU/edit?usp=sharing">https://docs.google.com/spreadsheets/d/1nVyveCi7nmwYMKK4oWSsVGNvqE9aeUBhamQ7XsZvayU/edit?usp=sharing</a></a><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Btw I
                                                          cannot find
                                                          the financial
                                                          report of
                                                          2014, seems as
                                                          it is quite
                                                          behind (since
                                                          we are almost
                                                          end of 2015)</div>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div><Screenshot
                                                          2015-08-21
                                                          10.19.54.png><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Mon, Sep 7,
                                                          2015 at 6:17
                                                          AM, Colin
                                                          Watson <span
                                                          dir="ltr"><<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:colin.watson@owasp.org">colin.watson@owasp.org</a></a>></span> wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">One
                                                          thing about
                                                          membership
                                                          donations to
                                                          projects. Last
                                                          week, the list<br>
                                                          of members was
                                                          posted to the
                                                          leaders list
                                                          for the
                                                          elections:<br>
                                                          <br>
                                                             <a
                                                          moz-do-not-send="true"
href="https://docs.google.com/spreadsheets/d/1Tu2MAdu1xNq8RTaqHWMSb_0qM_OE6aaVgKB54q_fQIs/edit#gid=1075228884"
rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="https://docs.google.com/spreadsheets/d/1Tu2MAdu1xNq8RTaqHWMSb_0qM_OE6aaVgKB54q_fQIs/edit#gid=1075228884">https://docs.google.com/spreadsheets/d/1Tu2MAdu1xNq8RTaqHWMSb_0qM_OE6aaVgKB54q_fQIs/edit#gid=1075228884</a></a><br>
                                                          <br>
                                                          It shows that
                                                          out of 2336
                                                          individual
                                                          members only 2
                                                          have allocated<br>
                                                          their donation
                                                          to project -
                                                          in this case
                                                          "mobile". I
                                                          agree that at
                                                          the<br>
                                                          point of
                                                          joining that
                                                          many people
                                                          might select a
                                                          chapter at
                                                          that time,<br>
                                                          but I am
                                                          wondering if
                                                          this is
                                                          actually
                                                          accurate? It
                                                          doesn't feel<br>
                                                          correct that
                                                          less than 0.1%
                                                          select a
                                                          project.<br>
                                                          <br>
                                                          Last time I
                                                          renewed, I
                                                          changed my
                                                          allocation
                                                          from a chapter
                                                          to a<br>
                                                          project. But
                                                          the membership
                                                          list still
                                                          shows the
                                                          allocation as
                                                          a<br>
                                                          chapter, and
                                                          the chosen
                                                          project didn't
                                                          receive any of
                                                          my membership<br>
                                                          money.<br>
                                                          <br>
                                                              <a
                                                          moz-do-not-send="true"
href="https://docs.google.com/a/owasp.org/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html#"
rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="https://docs.google.com/a/owasp.org/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html#">https://docs.google.com/a/owasp.org/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html#</a></a><br>
                                                          <br>
                                                          Is this a
                                                          fault, and
                                                          which members
                                                          and projects
                                                          have been
                                                          affected by<br>
                                                          this? I wonder
                                                          if it applies
                                                          to all project
                                                          allocation
                                                          selections, or<br>
                                                          only after a
                                                          change is
                                                          requested? Why
                                                          are there so
                                                          many "blanks"
                                                          and<br>
                                                          "none" in the
                                                          list of
                                                          membership,
                                                          and what's the
                                                          difference?
                                                          How long<br>
                                                          has it been
                                                          occurring?<br>
                                                          <span><font
                                                          color="#888888"><br>
                                                          Colin<br>
                                                          </font></span>
                                                          <div>
                                                          <div><br>
                                                          On 6 September
                                                          2015 at 21:47,
                                                          Kevin W. Wall
                                                          <<a
                                                          moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:kevin.w.wall@gmail.com">kevin.w.wall@gmail.com</a></a>>
                                                          wrote:<br>
                                                          > Jumping
                                                          in late to
                                                          this thread. I
                                                          already told
                                                          Simon from day<br>
                                                          > one, when
                                                          he first
                                                          posted this on
                                                          the Board and
                                                          Governance
                                                          list that<br>
                                                          > I agreed
                                                          with him 100%,
                                                          but I just
                                                          wanted to add
                                                          some things.<br>
                                                          ><br>
                                                          > On Thu,
                                                          Sep 3, 2015 at
                                                          4:50 AM,
                                                          psiinon <<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:psiinon@gmail.com">psiinon@gmail.com</a></a>> wrote:<br>
                                                          >> Didnt
                                                          realise this
                                                          thread wasnt
                                                          on the leaders
                                                          list ;)<br>
                                                          >> So
                                                          starting a new
                                                          one here as I
                                                          think its
                                                          important for
                                                          us to discuss.<br>
                                                          >> For
                                                          background
                                                          see:<br>
                                                          >> <a
                                                          moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/governance/2015-September/000697.html"
rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="http://lists.owasp.org/pipermail/governance/2015-September/000697.html">http://lists.owasp.org/pipermail/governance/2015-September/000697.html</a></a><br>
                                                          >> This
                                                          is a copy of
                                                          the email I
                                                          sent to that
                                                          thread..<br>
                                                          >><br>
                                                          >><br>
                                                          >> First
                                                          of all I'd
                                                          like to thank
                                                          Johanna for
                                                          all the effort
                                                          she's put into<br>
                                                          >>
                                                          reviewing the
                                                          projects.<br>
                                                          >> Its
                                                          been a huge
                                                          and mostly
                                                          thankless
                                                          task, and the
                                                          projects as a
                                                          whole have<br>
                                                          >>
                                                          really
                                                          benefited.<br>
                                                          ><br>
                                                          > Amen to
                                                          that. And
                                                          having been
                                                          involved in
                                                          one of the
                                                          projects
                                                          (ESAPI)<br>
                                                          > that was
                                                          demoted from
                                                          Flagship to
                                                          Lab status, I
                                                          know it's not
                                                          always<br>
                                                          > an easy
                                                          thing to
                                                          receive the
                                                          assessments
                                                          that she and
                                                          her team had<br>
                                                          > been
                                                          doing, but we
                                                          need to be
                                                          professional
                                                          about this and
                                                          not shoot<br>
                                                          > the
                                                          messenger.
                                                          Certainly when
                                                          it came to
                                                          ESAPI, while I
                                                          was<br>
                                                          >
                                                          disappointed,
                                                          I pretty much
                                                          agreed with
                                                          the project
                                                          review<br>
                                                          >
                                                          conclusions.<br>
                                                          ><br>
                                                          >>
                                                          Secondly, I'd
                                                          like to wade
                                                          into the
                                                          Projects Vs
                                                          Chapters
                                                          debate :)<br>
                                                          >><br>
                                                          >> I
                                                          have a theory:<br>
                                                          >><br>
                                                          >>
                                                          People who are
                                                          'part' of
                                                          OWASP tend to
                                                          think that the
                                                          Chapters are
                                                          more<br>
                                                          >>
                                                          important
                                                          _to_them_ than
                                                          the projects.<br>
                                                          >>
                                                          Chapters are
                                                          where we meet
                                                          people,
                                                          exchange ideas
                                                          and learn
                                                          things. They
                                                          are<br>
                                                          >>
                                                          social events.<br>
                                                          ><br>
                                                          > The
                                                          exception
                                                          might be for
                                                          those of us
                                                          who attend our
                                                          local OWASP<br>
                                                          > chapter
                                                          meetings but
                                                          who are also
                                                          actively
                                                          involved with
                                                          one or more<br>
                                                          > OWASP
                                                          projects.<br>
                                                          ><br>
                                                          >>
                                                          People outside
                                                          OWASP think
                                                          that the
                                                          Projects are
                                                          more important
                                                          _to_them_<br>
                                                          >> than
                                                          the Chapters.<br>
                                                          >> They
                                                          dont go to
                                                          chapter
                                                          meetings, they
                                                          might not even
                                                          be aware of
                                                          them.<br>
                                                          >> They
                                                          use, or at
                                                          least are
                                                          aware of, the
                                                          main OWASP
                                                          projects,
                                                          mostly the<br>
                                                          >>
                                                          Flagship ones.<br>
                                                          >><br>
                                                          >>
                                                          Anyone agree
                                                          or disagree?<br>
                                                          ><br>
                                                          > I think
                                                          you're
                                                          analysis is
                                                          pretty much
                                                          spot on with
                                                          few exceptions<br>
                                                          > like the
                                                          edge case I
                                                          mentioned
                                                          above.<br>
                                                          ><br>
                                                          >> And
                                                          yes, I'm
                                                          conveniently
                                                          ignoring
                                                          conferences,
                                                          the wiki etc
                                                          etc ;)<br>
                                                          >><br>
                                                          >> I
                                                          think Chapters
                                                          and Projects
                                                          are
                                                          fundamentally
                                                          different
                                                          'beasts', and
                                                          I've<br>
                                                          >>
                                                          started and
                                                          run both :)<br>
                                                          >><br>
                                                          >>
                                                          Chapters are
                                                          relatively
                                                          easy to start
                                                          and maintain.<br>
                                                          >> You
                                                          need to be
                                                          based in a
                                                          city with a
                                                          thriving
                                                          security
                                                          and/or
                                                          software<br>
                                                          >>
                                                          industry.<br>
                                                          >> You
                                                          need to spend
                                                          time
                                                          organising and
                                                          publicising
                                                          events, but
                                                          its not hard -<br>
                                                          >> you
                                                          dont need
                                                          specialized
                                                          skills.<br>
                                                          >> Its
                                                          relatively
                                                          easy to find
                                                          people
                                                          prepared to
                                                          speak, arrange
                                                          rooms and help<br>
                                                          >> with
                                                          other
                                                          organisational
                                                          things.<br>
                                                          >> Its
                                                          something you
                                                          can do in your
                                                          spare time.<br>
                                                          ><br>
                                                          > One thing
                                                          I'll add here.
                                                          The fact that
                                                          people can use
                                                          their time
                                                          spent<br>
                                                          > attending
                                                          OWASP chapter
                                                          meetings as
                                                          CPEs toward
                                                          some security<br>
                                                          >
                                                          certification
                                                          is also a big
                                                          draw I think.
                                                          In the past,
                                                          we've even<br>
                                                          > attracted
                                                          quite a few
                                                          non-OWASP
                                                          members
                                                          because of
                                                          this, or at
                                                          least<br>
                                                          > that
                                                          appeared to be
                                                          their primary
                                                          motivation as
                                                          some of them
                                                          would ask<br>
                                                          > about for
                                                          our chapter
                                                          leads to
                                                          provide
                                                          evidence of
                                                          attendance for<br>
                                                          > their
                                                          CPEs and we'd
                                                          then discover
                                                          that some of
                                                          them were not
                                                          OWASP<br>
                                                          > members
                                                          (not that we
                                                          made a big
                                                          deal about
                                                          that).<br>
                                                          ><br>
                                                          > While
                                                          it's true that
                                                          one can earn
                                                          CPEs working
                                                          on a projects,
                                                          the<br>
                                                          > evidence
                                                          bar seems to
                                                          be a bit
                                                          higher and a
                                                          lot harder to
                                                          measure.<br>
                                                          ><br>
                                                          >>
                                                          Projects are
                                                          much harder.<br>
                                                          >> They
                                                          are relatively
                                                          easy to start
                                                          - you 'just'
                                                          need a good
                                                          idea.<br>
                                                          >> They
                                                          are _really_
                                                          hard to bring
                                                          to fruition
                                                          and maintain.<br>
                                                          >> I'll
                                                          focus on
                                                          software
                                                          projects (as I
                                                          know much more
                                                          about those)
                                                          but I have<br>
                                                          >> no
                                                          doubt
                                                          documentation
                                                          projects can
                                                          be just as
                                                          difficult.<br>
                                                          >> A
                                                          professional
                                                          software
                                                          project is the
                                                          result of the
                                                          hard work of
                                                          managers,<br>
                                                          >>
                                                          designers,
                                                          developers,
                                                          QA, support,
                                                          technical
                                                          authors, sales
                                                          and marketing<br>
                                                          >> (and
                                                          probably
                                                          others I've
                                                          forgotten;).<br>
                                                          >> Its a
                                                          huge amount of
                                                          effort, and is
                                                          ongoing - it
                                                          only lets up
                                                          when you<br>
                                                          >>
                                                          'sunset' the
                                                          project.<br>
                                                          >> Ok,
                                                          so (non
                                                          commercial)
                                                          open source
                                                          projects dont
                                                          need sales
                                                          staff, but
                                                          they<br>
                                                          >> do
                                                          need people
                                                          doing all of
                                                          the other
                                                          roles. Its
                                                          definitely
                                                          _not_ just<br>
                                                          >>
                                                          programming!<br>
                                                          ><br>
                                                          > If
                                                          anything,
                                                          usually people
                                                          are not that
                                                          keen on doing
                                                          those other<br>
                                                          > needed
                                                          roles, such as
                                                          project
                                                          documentation,
                                                          QA,
                                                          buildmeister,
                                                          etc.<br>
                                                          ><br>
                                                          > Also, the
                                                          more
                                                          successful a
                                                          project
                                                          becomes (i.e.,
                                                          as measured in<br>
                                                          > terms of
                                                          the number of
                                                          users) the
                                                          harder it is
                                                          to maintain.
                                                          For<br>
                                                          > example,
                                                          long ago, I've
                                                          noticed that
                                                          people see to
                                                          ask more
                                                          questions<br>
                                                          > on Stack
                                                          Exchange about
                                                          ESAPI than the
                                                          do on either
                                                          the
                                                          ESAPI-Users or<br>
                                                          > ESAPI-Dev
                                                          mailing lists.
                                                          I suspect that
                                                          there are
                                                          other forums<br>
                                                          > elsewhere
                                                          that these
                                                          things get
                                                          discussed.<br>
                                                          ><br>
                                                          >> Its
                                                          way too much
                                                          for one person
                                                          (for a non
                                                          trivial
                                                          project).<br>
                                                          >>
                                                          Luckily we
                                                          have the open
                                                          source
                                                          community, but
                                                          that means a
                                                          project leader<br>
                                                          >> needs
                                                          another skill:
                                                          community
                                                          building!<br>
                                                          ><br>
                                                          > Indeed
                                                          that's one
                                                          where I feel
                                                          that I've
                                                          failed
                                                          miserably. I'm
                                                          not<br>
                                                          >
                                                          particularly a
                                                          people person
                                                          nor do I have
                                                          a lot of
                                                          contacts
                                                          beyond<br>
                                                          > the
                                                          immediate
                                                          colleagues
                                                          that I work
                                                          with, so when
                                                          the current<br>
                                                          > volunteer
                                                          pool dries up
                                                          and stops
                                                          contributing,
                                                          the project
                                                          tends to<br>
                                                          > die
                                                          because of (at
                                                          least in my
                                                          case) the
                                                          inability to
                                                          find new<br>
                                                          >
                                                          volunteers to
                                                          help carry the
                                                          project
                                                          forward.<br>
                                                          ><br>
                                                          >> And
                                                          to be honest
                                                          most
                                                          volunteers are
                                                          developers
                                                          (and security
                                                          people for<br>
                                                          >> OWASP
                                                          projects), its
                                                          very rare for
                                                          people with
                                                          other skills
                                                          to get
                                                          involved.<br>
                                                          ><br>
                                                          > 100%
                                                          agree. Also, I
                                                          personally
                                                          think that we
                                                          do a
                                                          disservice<br>
                                                          > sometimes
                                                          in our
                                                          industry in
                                                          that there's
                                                          an unspoken
                                                          perception of
                                                          a<br>
                                                          > pecking
                                                          order within
                                                          the security
                                                          community so
                                                          that some of
                                                          these very<br>
                                                          > important
                                                          roles are
                                                          greatly
                                                          devalued
                                                          (e.g., those
                                                          who write<br>
                                                          >
                                                          documentation
                                                          or manage
                                                          releases or do
                                                          QA testing or
                                                          provide
                                                          project<br>
                                                          >
                                                          management or
                                                          other
                                                          infrastructure
                                                          support). And
                                                          while we
                                                          generally<br>
                                                          > don't
                                                          come right out
                                                          and express
                                                          it, I think
                                                          it's there and
                                                          those who<br>
                                                          > might
                                                          otherwise step
                                                          up and fill
                                                          those roles
                                                          avoid the
                                                          security<br>
                                                          > community
                                                          for some other
                                                          FOSS projects
                                                          because they
                                                          feel
                                                          under-appreciated.<br>
                                                          ><br>
                                                          >> I
                                                          dont think its
                                                          something you
                                                          can do in your
                                                          spare time, at
                                                          least for long<br>
                                                          >> (I
                                                          did for a
                                                          while, and my
                                                          wife described
                                                          herself as a
                                                          "ZAP widow";)<br>
                                                          ><br>
                                                          > :D<br>
                                                          ><br>
                                                          >> So
                                                          Chapters are
                                                          relatively
                                                          easy to
                                                          maintain,
                                                          projects
                                                          _much_ harder.<br>
                                                          ><br>
                                                          > Making
                                                          free pizza and
                                                          beer available
                                                          at chapter
                                                          meetings
                                                          doesn't hurt! 
                                                          :)<br>
                                                          ><br>
                                                          > We've
                                                          also tried
                                                          holding
                                                          mini-hackathons
                                                          at our local
                                                          OWASP meetings<br>
                                                          > maybe
                                                          once a year.
                                                          It was
                                                          interesting,
                                                          but I can't
                                                          say it was a<br>
                                                          >
                                                          resounding
                                                          success,
                                                          because many
                                                          there did not
                                                          know the
                                                          programming<br>
                                                          > language
                                                          the project
                                                          was written in
                                                          and it took us
                                                          an undue
                                                          amount of<br>
                                                          > time just
                                                          to get to the
                                                          point where
                                                          people got
                                                          their IDE of
                                                          choice<br>
                                                          >
                                                          configured to
                                                          pull the
                                                          project from
                                                          GitHub. Also
                                                          probably about
                                                          1/2<br>
                                                          > of the
                                                          regular
                                                          attenders
                                                          don't really
                                                          program to any
                                                          great extent
                                                          at<br>
                                                          > all but
                                                          rather
                                                          consider
                                                          themselves
                                                          more of pen
                                                          testers, so
                                                          holding<br>
                                                          > these
                                                          mini-hackathons
                                                          effectively
                                                          leaves out
                                                          almost half of
                                                          our<br>
                                                          > regular
                                                          attendees so
                                                          that's not
                                                          going to be
                                                          something that
                                                          works as a<br>
                                                          > long term
                                                          strategy.<br>
                                                          ><br>
                                                          >> I
                                                          suspect OWASP
                                                          as an
                                                          organisation
                                                          supports
                                                          Chapters more
                                                          effectively,
                                                          but<br>
                                                          >> even
                                                          if it supports
                                                          both equally
                                                          Projects dont
                                                          get as much
                                                          support as
                                                          they<br>
                                                          >> need.<br>
                                                          >> I
                                                          think OWASP
                                                          Chapters are
                                                          thriving and
                                                          the Projects
                                                          are (as a
                                                          whole)<br>
                                                          >>
                                                          diminishing.<br>
                                                          >> If
                                                          I'm right and
                                                          people outside
                                                          OWASP see the
                                                          Projects as
                                                          more important<br>
                                                          >> than
                                                          the Chapters
                                                          then this
                                                          leads to the
                                                          impression
                                                          that OWASP is<br>
                                                          >>
                                                          struggling.<br>
                                                          >><br>
                                                          >> What
                                                          to projects
                                                          need?<br>
                                                          >> I
                                                          dont think its
                                                          possible to
                                                          maintain a
                                                          'significant'
                                                          open source
                                                          project<br>
                                                          >>
                                                          unless you are
                                                          able to spend
                                                          the majority
                                                          of your
                                                          working day on
                                                          it.<br>
                                                          >> This
                                                          means projects
                                                          really have to
                                                          be sponsored
                                                          by someone.<br>
                                                          >> This
                                                          is a
                                                          significant
                                                          investment for
                                                          a company, and
                                                          its often
                                                          difficult to<br>
                                                          >>
                                                          justify this
                                                          sort of
                                                          investment.
                                                          Especially if
                                                          its difficult
                                                          to monetise<br>
                                                          >> OWASP
                                                          projects.<br>
                                                          ><br>
                                                          > Indeed,
                                                          back in the
                                                          day when I was
                                                          still on an
                                                          AppSec team
                                                          for a<br>
                                                          > previous
                                                          company, I
                                                          tried to
                                                          convince my
                                                          management to
                                                          allocate about<br>
                                                          > eight
                                                          hours a week
                                                          from our
                                                          entire team to
                                                          contribute to
                                                          ESAPI bug<br>
                                                          > fixing.
                                                          It seemed a
                                                          logical
                                                          extension of
                                                          our internal
                                                          proprietary<br>
                                                          > security
                                                          components
                                                          class library
                                                          which was not
                                                          nearly as
                                                          complete.<br>
                                                          > I was
                                                          unable to
                                                          convince my
                                                          management and
                                                          shortly
                                                          afterwards, I<br>
                                                          > left that
                                                          team (for
                                                          unrelated
                                                          reasons) and
                                                          starting
                                                          working with a<br>
                                                          > team that
                                                          had security
                                                          experience
                                                          that wouldn't
                                                          easily
                                                          translate to<br>
                                                          > ESAPI
                                                          needs.  In
                                                          fact, my
                                                          experience was
                                                          worse than
                                                          that. None of
                                                          my<br>
                                                          >
                                                          colleagues
                                                          ever decided
                                                          to help out
                                                          individually
                                                          either. Not a
                                                          big<br>
                                                          > deal;
                                                          maybe it just
                                                          wasn't their
                                                          cup of tea or
                                                          they had other<br>
                                                          > passions
                                                          that they
                                                          wanted to
                                                          contribute to.
                                                          But gathering
                                                          recruits<br>
                                                          > willing
                                                          to participate
                                                          clearly takes
                                                          skills and
                                                          contacts that
                                                          I<br>
                                                          >
                                                          apparently do
                                                          not possess in
                                                          sufficient
                                                          quantities.
                                                          (Sometimes I<br>
                                                          > feel like
                                                          I'm trying to
                                                          sell screen
                                                          doors for
                                                          submarines.
                                                          Sigh.)<br>
                                                          ><br>
                                                          > All I'm
                                                          saying is that
                                                          getting
                                                          volunteers is
                                                          hard. Each
                                                          sizeable<br>
                                                          > project
                                                          really needs
                                                          someone
                                                          willing to
                                                          fulfill the
                                                          project<br>
                                                          >
                                                          evangelist
                                                          role to keep
                                                          looking for
                                                          new
                                                          contributors.
                                                          For one<br>
                                                          > reason
                                                          (at least it's
                                                          been my
                                                          experience) is
                                                          that KEEPING
                                                          volunteers<br>
                                                          > for
                                                          extended
                                                          periods is
                                                          even harder
                                                          and by and
                                                          large, I think
                                                          if<br>
                                                          > we looked
                                                          at the
                                                          historical
                                                          data of
                                                          contributors
                                                          across all
                                                          OWASP<br>
                                                          > projects
                                                          (say, based on
                                                          commit
                                                          history), that
                                                          the data would
                                                          bear<br>
                                                          > that out.
                                                          In fact, I'd
                                                          bet this
                                                          phenomena goes
                                                          well beyond
                                                          OWASP and<br>
                                                          > is
                                                          experienced by
                                                          many FOSS
                                                          projects.<br>
                                                          ><br>
                                                          >> Does
                                                          OWASP want to
                                                          sponsor
                                                          projects
                                                          directly?<br>
                                                          >> I
                                                          think thats
                                                          what it would
                                                          take to build
                                                          a thriving set
                                                          of Projects.<br>
                                                          >> Is
                                                          that something
                                                          that could be
                                                          done?<br>
                                                          ><br>
                                                          > _COULD_
                                                          it be done?
                                                          Yes. Should it
                                                          be done is
                                                          another
                                                          matter.<br>
                                                          > I'd
                                                          rather not see
                                                          it become
                                                          necessary as I
                                                          really don't
                                                          want OWASP<br>
                                                          > to turn
                                                          into a
                                                          political
                                                          organization
                                                          where the
                                                          project
                                                          leaders are<br>
                                                          > forced to
                                                          lobby for
                                                          funding, and I
                                                          fear that's
                                                          what would
                                                          happen. I<br>
                                                          > think
                                                          also it would
                                                          stifle
                                                          innovation
                                                          because new
                                                          incubator
                                                          projects<br>
                                                          > would
                                                          likely all dry
                                                          up (unless a
                                                          certain amount
                                                          of funds were<br>
                                                          >
                                                          pre-allocated
                                                          to them) as
                                                          they likely
                                                          couldn't
                                                          compete
                                                          against more<br>
                                                          >
                                                          established
                                                          projects.<br>
                                                          ><br>
                                                          > I had
                                                          thought of
                                                          proposing
                                                          allowing
                                                          individual
                                                          OWASP projects
                                                          to<br>
                                                          > somehow
                                                          sell their own
                                                          project-related
                                                          schwag at
                                                          conferences
                                                          and such<br>
                                                          > and keep
                                                          a percentage
                                                          of the profits
                                                          to use for
                                                          their projects
                                                          so that<br>
                                                          > they
                                                          could then use
                                                          that money
                                                          however they
                                                          saw fit (e.g.,
                                                          hiring a<br>
                                                          > technical
                                                          writer to
                                                          write project
                                                          documentation
                                                          for instance).
                                                          But that<br>
                                                          > probably
                                                          would not make
                                                          a major impact
                                                          in funding to
                                                          a project,<br>
                                                          >
                                                          especially if
                                                          all the OWASP
                                                          projects
                                                          started doing
                                                          it.<br>
                                                          ><br>
                                                          >> I'm
                                                          lucky, Mozilla
                                                          allows me to
                                                          spend most of
                                                          my time
                                                          working on
                                                          ZAP, and<br>
                                                          >> thats
                                                          been
                                                          invaluable.<br>
                                                          ><br>
                                                          > I suppose
                                                          that starts
                                                          with a company
                                                          that has a
                                                          culture of
                                                          strongly<br>
                                                          >
                                                          contributing
                                                          to FOSS. Most
                                                          of us do not
                                                          work for such
                                                          companies.
                                                          Most<br>
                                                          > work for
                                                          companies who
                                                          extensively
                                                          rely on such
                                                          software, but
                                                          rarely<br>
                                                          > allow
                                                          their
                                                          companies to
                                                          contribute to
                                                          such things on
                                                          company time<br>
                                                          > because
                                                          they don't
                                                          really see it
                                                          as
                                                          contributing
                                                          directly to
                                                          their<br>
                                                          > bottom
                                                          line. (NOTE: I
                                                          want to make
                                                          clear that
                                                          this is
                                                          strictly my<br>
                                                          > personal
                                                          opinion based
                                                          of a [likely]
                                                          biased
                                                          observation
                                                          and in no<br>
                                                          > way
                                                          represents the
                                                          official
                                                          position of
                                                          either my
                                                          current nor
                                                          any<br>
                                                          > of my
                                                          previous
                                                          employers. And
                                                          they didn't
                                                          even make me
                                                          say that! :)<br>
                                                          ><br>
                                                          >> But
                                                          I'd love to be
                                                          able to employ
                                                          some of the
                                                          ZAP
                                                          contributors
                                                          to work full<br>
                                                          >> time
                                                          on ZAP :)<br>
                                                          >> Would
                                                          OWASP pay for
                                                          that??<br>
                                                          ><br>
                                                          > Great
                                                          question and I
                                                          think you're
                                                          not the only
                                                          project that
                                                          might<br>
                                                          > benefit
                                                          from that.
                                                          Although, if
                                                          that means
                                                          lobbying for
                                                          funds by<br>
                                                          > competing
                                                          against other
                                                          OWASP
                                                          projects, them
                                                          I'm out
                                                          because I<br>
                                                          > just
                                                          don't have the
                                                          stomach for
                                                          that. It gets
                                                          bad enough
                                                          competing<br>
                                                          > for
                                                          resources at
                                                          Google Summer
                                                          of Code and
                                                          various OWASP
                                                          code sprints,<br>
                                                          > and I
                                                          fear if we
                                                          increased
                                                          OWASP funding
                                                          to amounts
                                                          needed to
                                                          sustain<br>
                                                          > OWASP
                                                          projects, it
                                                          could lead to
                                                          divisions in
                                                          OWASP as
                                                          people aligned<br>
                                                          >
                                                          themselves
                                                          with one
                                                          project or
                                                          another.<br>
                                                          ><br>
                                                          >> It
                                                          would require
                                                          much more
                                                          'project
                                                          management' -
                                                          the kind of
                                                          things that<br>
                                                          >>
                                                          people _think_
                                                          OWASP is
                                                          doing, but it
                                                          doesnt.<br>
                                                          >> I
                                                          often see
                                                          posts from
                                                          people asking
                                                          "why the hell
                                                          is OWASP
                                                          developing X".<br>
                                                          >> They
                                                          seem to think
                                                          that theres an
                                                          OWASP
                                                          committee that
                                                          meets and goes
                                                          "We<br>
                                                          >> think
                                                          we should have
                                                          project X".
                                                          Whereas its
                                                          actually an
                                                          individual
                                                          coming<br>
                                                          >> to
                                                          OWASP and
                                                          saying "I'm
                                                          doing X, could
                                                          this be an
                                                          OWASP
                                                          project?".<br>
                                                          >> OWASP
                                                          Projects are
                                                          very much
                                                          'bottom up'
                                                          rather than
                                                          'top down'.<br>
                                                          ><br>
                                                          > Well,
                                                          their
                                                          perception
                                                          could also be
                                                          more of a
                                                          notion of "why
                                                          aren't<br>
                                                          > they
                                                          doing Y
                                                          instead?" or
                                                          even "wouldn't
                                                          make more
                                                          sense if it
                                                          were<br>
                                                          > a
                                                          {Apache,Spring,<insert-your-favorite-FOSS-brand-here>}
                                                          project<br>
                                                          > instead?"
                                                          And truth be
                                                          told, I've
                                                          also asked
                                                          that question
                                                          myself, but<br>
                                                          > more
                                                          because it was
                                                          like "OWASP
                                                          already has a
                                                          project Z that
                                                          does<br>
                                                          > almost
                                                          exactly what
                                                          project X is
                                                          proposing. Why
                                                          don't they
                                                          just join<br>
                                                          > project Z
                                                          instead of
                                                          spinning of a
                                                          similar
                                                          project?".<br>
                                                          ><br>
                                                          > I think
                                                          any of those,
                                                          as well as
                                                          your
                                                          conjecture,
                                                          are possible
                                                          reasons<br>
                                                          > for them
                                                          asking that
                                                          question.<br>
                                                          ><br>
                                                          >> It
                                                          may surprise
                                                          people outside
                                                          of OWASP that
                                                          I get _no_
                                                          direction at
                                                          all<br>
                                                          >> from
                                                          OWASP as to
                                                          how ZAP should
                                                          move forward.<br>
                                                          >> note
                                                          that I'm
                                                          _really_ not
                                                          complaining
                                                          about that ;)<br>
                                                          ><br>
                                                          >
                                                          Hmmm...well,
                                                          THAT would
                                                          explain some
                                                          things!<br>
                                                          ><br>