[Owasp-leaders] What is the OWASP definition of Open Source?

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Wed Nov 19 09:44:40 EST 2008

 Several thoughts:

1. I am of the belief that chapter leaders do their part to help OWASP
grow and that any contribution they make is icing on the cake. If I
added up the amount of hours I spend on chapter related activities and
placed a value of $100 against it, the return on bagging fries at
McDonalds after work would be higher. So, if contributions aren't at
100%, then maybe a discussion of affordability (I predict folks in Asia
would have trouble) or just value proposition would be in order.

2. The spirit of open source says that a person can contribute in a
variety of ways whether via financial or time, we should acknowledge
them equally as time is money. I think this aspect of PR is somewhat

3. The model of open source says that folks should be able to try
software to see if it provides value to them. If it does provide value
then they would be more willing to reach into their wallets and
corporations have pretty big ones. But all this goes to waste if
something as simple to resolve as licensing becomes an impediment. Our
value proposition isn't to just those who are members, but those who
would make great future members as well.

4. We also have a duty to not just stick to Stallman'ish principles even
when they cause harm. Lots of people may spend time away from their
friends and family writing high quality valuable software. The thing
that is more important that being open (flamebait?) is in ensuring that
their time is not wasted and the thing that will keep them contributing
is in knowing that their craft is appreciated by a growing number of
folks who actually use it.

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Calderon,
Juan Carlos (GE, Corporate,consultant)
Sent: Tuesday, November 18, 2008 11:24 AM
To: Ivan Ristic; Stephen Craig Evans
Cc: Booth, Rex; owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] What is the OWASP definition of Open

Well, actually my comment was on that sense, when I say "Do we care
about them?" I mean do we care what our corporate members have to say?.

I don't know if we can consider that they were covered by their
representatives at the Summit or if even there were any representative
of the around 50 corporate members at the Summit. IMO we all should be
taken in consideration, including leaders, individual members and
corporate members.

I think Dual license is more about peace of mind for Corporate members,
they need to have something more "solid" than open source license to
feel comfortable and distribute OWASP materials in their organizations.
Which is good because they can distribute/teach/evangelize to a
considerable amount of people at once. Remember our objective make
application security visible and if at the same time we have resources
for a Summer of Code or a Summit in beautiful Portugal to speak about
security, that's even better.

Be honest, how many of you have paid your individual membership this
year? There are 200 leaders on this list and only a total of 140
individual memberships paid for 2008 (I think that was the number
mentioned by Tom Brennan, correct me if I am wrong). In the mood of
being open we might be actually closing the doors to some visibility
channels like corporations and to OWASP to have a financial support that
proved to work.

So... We dumped our dual license... any corporate member on this list
that was affected? Are you thinking on renew your membership in 2009? 

PS. If you are wondering, No I am not part of a corporate member. Also
please do not make this treat a corporate "evil/good" discussion but
rather focus on the licensing discussion.

Juan Carlos Calderon
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.

More information about the OWASP-Leaders mailing list