[Owasp-leaders] 60/40 Membership Drive @ OWASP

AF antonio.fontes at gmail.com
Mon Dec 8 04:30:22 EST 2008

>How do other people on the list respond to this?

As one contributes, I think he/she should not feel like he/she is
"paying for accessing tools and documents, which are free anyway" but
that they help contributors build and improve these projects in the
best conditions, from both a technical and organisational standpoint.

Some people don't even think that there are thousands of unpaid work
hours behind these projects, that contributors might benefit from paid
events access including travel and all fee expenses, being coached
during their seasons of code by talented people and having the right
tools to support their own ones.

The benefit from being an OWASP member, from my point of view, is not
"paying for these tools" but "supporting that openness." (I don't know
whether this word actually exists...) When I became a member, I didn't
expect anything more but the authorisation to put an OWASP logo on my
blog and link it to the website, and putting "OWASP member" on my CV.
That's all, this is already premium feature!

Attending the recent summit in Faro clearly gave me a better
understanding of what happens behind OWASP.org. This reminded me of a
similar experience I had.

Some time ago, some friends of mine and myself used to organise LAN
parties. At some time, the 5$ participation fee including a free
drink was not enough anymore and we started getting complaints of
players about our higher entrance fees. Someone told us that "bringing
a big switch in a room does not justify paying hundreds!" There was
clearly a gap between the perceived value of the event and its
effective value. In order to reduce this gap, we made a full featured
document describing the lifecycle of a lan-party, from drawing the
concept to establishing the "feedback and impressions from the LAN"
form, including pictures taken during the preparation of the LAN
event, often starting months before the actual event.

This helped a lot and let us increase the prices drastically. Not
because we wanted to buy ourselves a brand new PS1 but because the
players actually understood how much work was being done behind the
scenes and that we just wanted to provide them a better gaming

Your first challenge, at the leader level, I guess, is about getting
people to clearly measure what is being done behind the scenes. When I
go on the Code Review project page for example, I don't know how many
hours were spent on it. This is something we all learn at school and
that I experience on a daily basis at work: metrics make value. When I
started working where I work now, I had to put the time/costs
breakdown in the code review report to make people understand why the
report wasn't delivered just 30 minutes after sending a 'CR' request
to my office.

When the OWASP gets people to understand what is 'behind' the scenes,
donations should come right after. If they don't, I guess the OWASP
would have to consider re-targetting its audience...

>From my (extremely humble) 2 cents opinion...

(ps: happy birthday Paulo!)

More information about the OWASP-Leaders mailing list