[Owasp-leaders] Proposed model for SI to hire Sandra as an OWASP resource

Michael Coates michael.coates at owasp.org
Tue Feb 1 12:26:06 EST 2011

Dah. Well played.  But at least I didn't typo the word "quality", right?

Also, I wanted to further state that the SI deal might very well be a good option. But I want us to solve the big issues before we go down any particular path.

Michael Coates

On Feb 1, 2011, at 9:22 AM, Chris Schmidt wrote:

> I just thought I would point out the ironic typo in your point about quality over 'quantiy' 
> :)
> These are great topis for Portugal and I am looking forward to exploring where this all leads!
> Sent from my iPwn
> On Feb 1, 2011, at 10:00 AM, Michael Coates <michael.coates at owasp.org> wrote:
>> On Feb 1, 2011 1:00 AM, "Konstantinos Papapanagiotou" <conpap at di.uoa.gr> wrote:
>> > On Mon, Jan 31, 2011 at 10:06 PM, Jerry Hoff <jerry at jerryhoff.net> wrote:
>> >>
>> >> I think if OWASP wants professional, open source, cc training materials it
>> >> should hire sandra directly (via fundraising, etc), *especially* if these
>> >> are the materials that will be used at OWASP conferences and OWASP
>> >> academies.
>> > 
>> > Can't agree more.
>> > SI's proposition is very generous but if we want to push the
>> > Academies, we also need to provide the necessary resources on our own.
>> > 
>> > Kostas
>> This is a really interesting situation and highlights a few issues that OWASP is dealing with (in my opinion):
>> 1. OWASP needs to focus on quality, not quantiy - This is a good example of taking a professional approach to developing video training materials; a much needed resource.
>> 2. OWASP seems to be massively lacking in available funding. If we had the funding, wouldn't we just hire a professional resource directly as others have suggested.
>> 3. We are reaching the point where we our principles are being tested. The allure of funding is great (see item #2); but every time we put a company label on a project it may lower the perception of our principle "Not driven by commercial interests".  If we're not careful we could end up like a race car covered in advertisements (US readers: think NASCAR ). While each agreement may be formed in the best interest of both parties, the public opinion and perception of OWASP will shift from "Not driven by commercial interests" to "Funded (aka driven) by commercial interests that don't seem too bad". 
>> This issue brings me back to a discussion that others have raised (see Jeremiah's blog post) and I think is of critical importance for the growth of OWASP; what do we want to accomplish? We need a clear direction, a mission statement/manifesto, we need people to be on board with this direction and we need to figure out the resources to make this happen (money, volunteers, professional resources, etc).  I think that OWASP Academies could very well be the direction we need to go. But, I want OWASP to decide upon this formally. 
>> After that, let's look at the finances. 
>> Where can we raise the necessary funds? 
>> Do companies want to support the overall mission by donating funds (but not controlling projects) - we are a 403c?  
>> What funding do we need from membership and conferences to achieve or stated goals?
>> Are we spending money in the right areas?
>> (Anyone else gearing up for Portugal? Hopefully this thread can provide some good discussion points)
>> - Michael Coates
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list