[OCC] [Global_membership_committee] OWASP Local Government Supporters

Paulo Coimbra paulo.coimbra at owasp.org
Thu Feb 25 18:53:44 EST 2010

As far as I can understand the issue at stake, we are dealing here with
cultural and economic variables and, even though nobody has asked my
opinion, being from a peripheral country and having studied a bit of
economics, I can’t help but give my 2 cents.


In my perspective, being a worldwide organization, one of OWASP´s biggest
strengths is its inclusive and non-ethnocentric feature, its respect for
individuality and historic circumstances.  In my opinion, this
characteristic alone is not enough to explain why OWASP has such a
culturally diverse range of contributors but it might be of use to explain
how these contributions have been kept throughout time.


In addition, as I see the process, another distinctive OWASP trait is what
appears to be its continuous willingness to explore economic alternatives to
make itself a sustainable organization – we don’t sell anything; we don’t
pay and we don’t charge for the knowledge we make available, even though we
aspire to have the resources needed to support both our contributor’s
activity and the organizational structure cost. I can of course be wrong but
from my experience, regarding financial balance, it seems to me that OWASP
seeks to create a situation in which both the recognition of its mission
importance and the ethics of its practice have been sufficiently recognized
that a third party can evaluate the association of its name to OWASP´s as a
lucrative partnership, and, by doing so, consider contributing financially
to its mission.


So, having said all the above, I couldn’t find the idea of not charging a
small Peruvian governmental agency anything but interesting  as we would be
creating a situation where any of their potential future suppliers might
come to evaluate an OWASP membership as a competitive advantage. I know this
strategy doesn’t solve our short term financial needs but could be used at
least to deal with situations in which a government arm has the willingness
to support OWASP despite lacking the financial means.  


Only my 2 cents, anyway. Thanks for reading.   


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: global_membership_committee-bounces at lists.owasp.org
[mailto:global_membership_committee-bounces at lists.owasp.org] On Behalf Of
Matt Tesauro
Sent: quinta-feira, 25 de Fevereiro de 2010 20:12
To: global_membership_committee at lists.owasp.org
Cc: owasp-connections-committee; global_education_committee
Subject: [Global_membership_committee] OWASP Local Government Supporters


Based on reading the interchange between Fabio Cerullo and Dan Cornell [1]
and the Global Education Committee meeting we had yesterday where this came
up, I have a bit of input I'd like to throw into the mix.


For smaller entities like the national public health insurance organization
in Peru that Fabio mentioned, having a model where to support OWASP means
contributing $5,000 USD is basically like telling them 'no'.


I work for a state agency which barely acknowledges the existence of other
US states (yeah, its Texas), let alone other countries.  For example, I've
failed several times to buy the commercial Burb Suite since its priced in
British Pounds.  Trying to get that though the purchasing bureaucracy is
fail from the word go.  I can't imagine how painful it would be for a
smaller agency in Peru to try to get $5,000 in US _dollars_ into a budget
let alone the equivalent in their native currency.


I see this as very similar to the initiative we are doing for Universities.
If there are government agencies of any size that want to publicly pronounce
their use and support of OWASP, then we should find a vehicle for them to do


I also have a hard time finding a downside for OWASP if government agencies
have a method to day "We use and recommend OWASP".  If we had such a
program, I'd bet I could get my agency on that list as well.  I certainly
would have an easier time doing so without having to find budget for it.


Perhaps this isn't membership in the traditional sense.  Maybe this is a
matter of coming up with a different type/class/method for government
agencies to demonstrate their use and endorsement of OWASP.  


I also see the potential for some positive viral effects:

Suppose a government agency lists their endorsement of OWASP - both on their
site(s) and on the OWASP site.  Say you're a vendor trying to get a contract
with that agency.  Being an OWASP member company might just help separate
you from other vendors going for that contract.


That would be a great problem for OWASP to have.











-- Matt Tesauro

OWASP Board Member

OWASP Live CD Project Lead


http://AppSecLive.org - Community and Download site





Global_membership_committee mailing list

Global_membership_committee at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-connections-committee/attachments/20100225/1f0d0b5c/attachment.html 

More information about the Owasp-connections-committee mailing list