[Owasp-leaders] OWASP "Certification"

Ralf Reinhardt ralf.reinhardt at owasp.org
Wed Jul 3 08:20:54 UTC 2013

Hi Dennis,

nice talk, but for my taste a little too pathetic.

If OWASP starts to "sell any products" like certifications, integrity is
lost. IMHO that's worse than bankruptcy.

Cheers, Ralf

Am Mittwoch, den 03.07.2013, 01:04 -0700 schrieb Dennis Groves:
> On 3 Jul 2013, at 0:12, Tobias Glemser wrote:
> > Dennis,
> >
> > what is our goal? Make money or keep up the fantastic work of 
> > volunteers
> > which made the brand what it is today.
> I believe our goal is very clear, it is definitely a machine to enable 
> volunteers! And in a perfect world we could pursue our altruism 
> exclusively. Unfortunately, we live in a world that requires money to 
> pursue our mission.
> They say you have to be able to help yourself before you can help 
> another person.
> Warren Buffet and Bill Gates are arguably able to help more people than 
> you and I through their notorious charities, which are enabled a result 
> of their wealth.
> Similarly for a non-profit like OWASP; if we do not pay the bills - we 
> are not going to be able to help anybody for very long. Therefore, I do 
> not see the question as an XOR as you described above; I see it as AND - 
> how do we marry our mission and money?
> Let me ask you another question - do you think we should fire the 
> employee's or do you think they create value for the organisation? Do 
> you think things like AppSec conferences are valuable to the community 
> or should we abandon them? What about having world class speakers, speak 
> at your local chapter like Jim Manico, Dinis Cruz, John Wilander or 
> Jerry Hoff through 'OWASP on the move'??
> Did you know that our 'sponsorships and memberships' are not paying the 
> bills? Did you know we finance OWASP entirely through the AppSec 
> conferences? Did you know that if we loose money at any AppSec event, 
> OWASP faces bankruptcy and may fail to exist entirely?
> All that stuff costs money, and there is so much, much more we could do 
> if we had more money! Currently, OWASP operates on a very nearly break 
> even basis. If we want to do more, we need more money! Licensing the 
> brand is one very obvious and low maintenance way to provide that 
> revenue so we can do more awesome stuff at OWASP!
> Did you know that we pay Matt only $12k per year to maintain the entire 
> IT operations of OWASP? Matt works a full-time job elsewhere and takes 
> his personal holidays to volunteer for OWASP. This time belongs to him 
> and his family, not to OWASP! While I am very grateful for his service, 
> Matt totally deserves a living wage, and OWASP should be providing him 
> time with his family on his holidays not taking it from him! In fact he 
> really should have enough money to hire some relief! While Matt does an 
> incredible job for the community, I think that OWASP can and should be 
> doing much better than this.
> And, that is a single example, I could go on for days… And I have no 
> doubt that I am not alone in how money can be used to make OWASP better.
> Josh Sokol, for example has one of the most successful and profitable 
> OWASP chapters in the United States, and he very definitely knows how 
> his chapter benefits from money, but he also knows how to make those 
> investments support OWASP. His chapter recently provided $150k to the 
> OWASP foundation, which is being used to enable AppSec New York. Without 
> Josh, OWASP would be much poorer indeed. Josh is a chapter leader we can 
> all learn from, and I bet he runs his chapter like a business.
> As a community I believe we need to accept the fact that when OWASP 
> profits, we are all in a much better position to pursue our altruistic 
> mission.
> Dennis
> >> -----Ursprüngliche Nachricht-----
> >> Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
> >> bounces at lists.owasp.org] Im Auftrag von Dennis Groves
> >> Gesendet: Dienstag, 2. Juli 2013 23:03
> >> An: Dirk Wetter
> >> Cc: owasp-leaders at lists.owasp.org
> >> Betreff: Re: [Owasp-leaders] OWASP "Certification" [ Z1 UNGESICHERT ]
> >>
> >> This is really great, it is essentially free marketing for OWASP.
> >>
> >> However, this is an example of how we fail to capture value. What is 
> >> lost
> > is an
> >> opportunity to license the use of the 'OWASP' brand - which is one 
> >> way we
> >> have historically left money on the table. (Samantha's
> >> Idea...)
> >>
> >> A non-profit can not exist on handouts alone; that is we will be 
> >> bankrupt
> >> before long if we keep asking for sponsorships. This is why it is
> > **critical**
> >> we start acting like a proper business, and move to profit generating
> > revenue
> >> models.
> >>
> >> Cheers,
> >> Dennis
> >>
> >>
> >>
> >> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
> >>
> >>> Am 07/02/2013 04:22 PM, schrieb Owasp:
> >>>> I believe the board is aware and we reached out. How great are we
> >>>> that people want to rip off our brand, congrats all :) I'd probably
> >>>> expect more of this to come from countries which do not respect
> >>>> intellectual property or tradark rights.
> >>>
> >>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
> >>>
> >>> Dear board: pls set up a plan how to deal with those case
> >>> appropriately and then just do it.
> >>>
> >>> Cheers,
> >>>
> >>> Dirk

More information about the OWASP-Leaders mailing list