[Owasp-leaders] Proposed model for SI to hire Sandra as an OWASP resource

Michael Coates michael.coates at owasp.org
Tue Feb 1 12:00:42 EST 2011


On Feb 1, 2011 1:00 AM, "Konstantinos Papapanagiotou" <conpap at di.uoa.gr>
wrote:
> On Mon, Jan 31, 2011 at 10:06 PM, Jerry Hoff <jerry at jerryhoff.net> wrote:
>>
>> I think if OWASP wants professional, open source, cc training materials
it
>> should hire sandra directly (via fundraising, etc), *especially* if these
>> are the materials that will be used at OWASP conferences and OWASP
>> academies.
>
> Can't agree more.
> SI's proposition is very generous but if we want to push the
> Academies, we also need to provide the necessary resources on our own.
>
> Kostas

This is a really interesting situation and highlights a few issues that
OWASP is dealing with (in my opinion):

1. OWASP needs to focus on quality, not quantiy - This is a good example of
taking a professional approach to developing video training materials; a
much needed resource.

2. OWASP seems to be massively lacking in available funding. If we had the
funding, wouldn't we just hire a professional resource directly as others
have suggested.

3. We are reaching the point where we our principles are being tested. The
allure of funding is great (see item #2); but every time we put a company
label on a project it may lower the perception of our principle "Not driven
by commercial interests".  If we're not careful we could end up like a race
car covered in advertisements (US readers: think NASCAR ). While each
agreement may be formed in the best interest of both parties, the public
opinion and perception of OWASP will shift from "Not driven by commercial
interests" to "Funded (aka driven) by commercial interests that don't seem
too bad".

This issue brings me back to a discussion that others have raised (see
Jeremiah's blog post) and I think is of critical importance for the growth
of OWASP; what do we want to accomplish? We need a clear direction, a
mission statement/manifesto, we need people to be on board with this
direction and we need to figure out the resources to make this happen
(money, volunteers, professional resources, etc).  I think that OWASP
Academies could very well be the direction we need to go. But, I want OWASP
to decide upon this formally.

After that, let's look at the finances.
Where can we raise the necessary funds?
Do companies want to support the overall mission by donating funds (but not
controlling projects) - we are a 403c?
What funding do we need from membership and conferences to achieve or stated
goals?
Are we spending money in the right areas?


(Anyone else gearing up for Portugal? Hopefully this thread can provide some
good discussion points)

- Michael Coates
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110201/ab00f1ff/attachment.html 


More information about the OWASP-Leaders mailing list