[Owasp-leaders] OWASP "Certification"

martin.knobloch at owasp.org martin.knobloch at owasp.org
Wed Jul 3 08:16:59 UTC 2013


Yes, OWASP needs money to pursuit the mission.
OWASP has gained reputation because of being independent!
If we sell-out OWASP, we can kill the reputation!

We do have money for out employees and initiatives as 'OWASP on the Move', so I do not see where this comes from!


Sent from my BlackBerry® smartphone

-----Original Message-----
From: "Dennis Groves" <dennis.groves at owasp.org>
Sender: owasp-leaders-bounces at lists.owasp.org
Date: Wed, 03 Jul 2013 01:04:18 
To: Tobias Glemser<tobias.glemser at owasp.org>
Cc: <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] OWASP "Certification"

On 3 Jul 2013, at 0:12, Tobias Glemser wrote:

> Dennis,
> what is our goal? Make money or keep up the fantastic work of 
> volunteers
> which made the brand what it is today.

I believe our goal is very clear, it is definitely a machine to enable 
volunteers! And in a perfect world we could pursue our altruism 
exclusively. Unfortunately, we live in a world that requires money to 
pursue our mission.

They say you have to be able to help yourself before you can help 
another person.
Warren Buffet and Bill Gates are arguably able to help more people than 
you and I through their notorious charities, which are enabled a result 
of their wealth.

Similarly for a non-profit like OWASP; if we do not pay the bills - we 
are not going to be able to help anybody for very long. Therefore, I do 
not see the question as an XOR as you described above; I see it as AND - 
how do we marry our mission and money?

Let me ask you another question - do you think we should fire the 
employee's or do you think they create value for the organisation? Do 
you think things like AppSec conferences are valuable to the community 
or should we abandon them? What about having world class speakers, speak 
at your local chapter like Jim Manico, Dinis Cruz, John Wilander or 
Jerry Hoff through 'OWASP on the move'??

Did you know that our 'sponsorships and memberships' are not paying the 
bills? Did you know we finance OWASP entirely through the AppSec 
conferences? Did you know that if we loose money at any AppSec event, 
OWASP faces bankruptcy and may fail to exist entirely?

All that stuff costs money, and there is so much, much more we could do 
if we had more money! Currently, OWASP operates on a very nearly break 
even basis. If we want to do more, we need more money! Licensing the 
brand is one very obvious and low maintenance way to provide that 
revenue so we can do more awesome stuff at OWASP!

Did you know that we pay Matt only $12k per year to maintain the entire 
IT operations of OWASP? Matt works a full-time job elsewhere and takes 
his personal holidays to volunteer for OWASP. This time belongs to him 
and his family, not to OWASP! While I am very grateful for his service, 
Matt totally deserves a living wage, and OWASP should be providing him 
time with his family on his holidays not taking it from him! In fact he 
really should have enough money to hire some relief! While Matt does an 
incredible job for the community, I think that OWASP can and should be 
doing much better than this.

And, that is a single example, I could go on for days… And I have no 
doubt that I am not alone in how money can be used to make OWASP better.

Josh Sokol, for example has one of the most successful and profitable 
OWASP chapters in the United States, and he very definitely knows how 
his chapter benefits from money, but he also knows how to make those 
investments support OWASP. His chapter recently provided $150k to the 
OWASP foundation, which is being used to enable AppSec New York. Without 
Josh, OWASP would be much poorer indeed. Josh is a chapter leader we can 
all learn from, and I bet he runs his chapter like a business.

As a community I believe we need to accept the fact that when OWASP 
profits, we are all in a much better position to pursue our altruistic 


>> -----Ursprüngliche Nachricht-----
>> Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
>> bounces at lists.owasp.org] Im Auftrag von Dennis Groves
>> Gesendet: Dienstag, 2. Juli 2013 23:03
>> An: Dirk Wetter
>> Cc: owasp-leaders at lists.owasp.org
>> Betreff: Re: [Owasp-leaders] OWASP "Certification" [ Z1 UNGESICHERT ]
>> This is really great, it is essentially free marketing for OWASP.
>> However, this is an example of how we fail to capture value. What is 
>> lost
> is an
>> opportunity to license the use of the 'OWASP' brand - which is one 
>> way we
>> have historically left money on the table. (Samantha's
>> Idea...)
>> A non-profit can not exist on handouts alone; that is we will be 
>> bankrupt
>> before long if we keep asking for sponsorships. This is why it is
> **critical**
>> we start acting like a proper business, and move to profit generating
> revenue
>> models.
>> Cheers,
>> Dennis
>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>> I believe the board is aware and we reached out. How great are we
>>>> that people want to rip off our brand, congrats all :) I'd probably
>>>> expect more of this to come from countries which do not respect
>>>> intellectual property or tradark rights.
>>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>>> Dear board: pls set up a plan how to deal with those case
>>> appropriately and then just do it.
>>> Cheers,
>>> Dirk

[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 

> "Unless someone like you...cares a whole awful lot...nothing is going 
> to get better...It's not." -- The Lorax
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list