[Owasp-leaders] OWASP "Certification"

Dennis Groves dennis.groves at owasp.org
Wed Jul 3 08:27:33 UTC 2013

Hello Martin,

Your voice is a voice I love to hear. You have dedicated years and years 
of hard work building the OWASP community. So, I take what you say very 
seriously. I am not saying I have any answers here; and I for certain 
don't know everything. So let me propose a question.

Martin, people are already using and abusing the OWASP brand. Is it 
really 'selling out' for us to at least 'charge a fee' for the use of 
the brand?

Of course, I am assuming that if we did charge a fee, we would hire a 
Solicitor/Lawyer to clarify the conditions on how the brand maybe used 
and what the fee's are.


On 3 Jul 2013, at 1:16, martin.knobloch at owasp.org wrote:

> Dennis,
> Yes, OWASP needs money to pursuit the mission.
> But..
> OWASP has gained reputation because of being independent!
> If we sell-out OWASP, we can kill the reputation!
> We do have money for out employees and initiatives as 'OWASP on the 
> Move', so I do not see where this comes from!
> Cheers,
> -martin
> Sent from my BlackBerry® smartphone
> -----Original Message-----
> From: "Dennis Groves" <dennis.groves at owasp.org>
> Sender: owasp-leaders-bounces at lists.owasp.org
> Date: Wed, 03 Jul 2013 01:04:18
> To: Tobias Glemser<tobias.glemser at owasp.org>
> Cc: <owasp-leaders at lists.owasp.org>
> Subject: Re: [Owasp-leaders] OWASP "Certification"
> On 3 Jul 2013, at 0:12, Tobias Glemser wrote:
>> Dennis,
>> what is our goal? Make money or keep up the fantastic work of
>> volunteers
>> which made the brand what it is today.
> I believe our goal is very clear, it is definitely a machine to enable
> volunteers! And in a perfect world we could pursue our altruism
> exclusively. Unfortunately, we live in a world that requires money to
> pursue our mission.
> They say you have to be able to help yourself before you can help
> another person.
> Warren Buffet and Bill Gates are arguably able to help more people 
> than
> you and I through their notorious charities, which are enabled a 
> result
> of their wealth.
> Similarly for a non-profit like OWASP; if we do not pay the bills - we
> are not going to be able to help anybody for very long. Therefore, I 
> do
> not see the question as an XOR as you described above; I see it as AND 
> -
> how do we marry our mission and money?
> Let me ask you another question - do you think we should fire the
> employee's or do you think they create value for the organisation? Do
> you think things like AppSec conferences are valuable to the community
> or should we abandon them? What about having world class speakers, 
> speak
> at your local chapter like Jim Manico, Dinis Cruz, John Wilander or
> Jerry Hoff through 'OWASP on the move'??
> Did you know that our 'sponsorships and memberships' are not paying 
> the
> bills? Did you know we finance OWASP entirely through the AppSec
> conferences? Did you know that if we loose money at any AppSec event,
> OWASP faces bankruptcy and may fail to exist entirely?
> All that stuff costs money, and there is so much, much more we could 
> do
> if we had more money! Currently, OWASP operates on a very nearly break
> even basis. If we want to do more, we need more money! Licensing the
> brand is one very obvious and low maintenance way to provide that
> revenue so we can do more awesome stuff at OWASP!
> Did you know that we pay Matt only $12k per year to maintain the 
> entire
> IT operations of OWASP? Matt works a full-time job elsewhere and takes
> his personal holidays to volunteer for OWASP. This time belongs to him
> and his family, not to OWASP! While I am very grateful for his 
> service,
> Matt totally deserves a living wage, and OWASP should be providing him
> time with his family on his holidays not taking it from him! In fact 
> he
> really should have enough money to hire some relief! While Matt does 
> an
> incredible job for the community, I think that OWASP can and should be
> doing much better than this.
> And, that is a single example, I could go on for days… And I have no
> doubt that I am not alone in how money can be used to make OWASP 
> better.
> Josh Sokol, for example has one of the most successful and profitable
> OWASP chapters in the United States, and he very definitely knows how
> his chapter benefits from money, but he also knows how to make those
> investments support OWASP. His chapter recently provided $150k to the
> OWASP foundation, which is being used to enable AppSec New York. 
> Without
> Josh, OWASP would be much poorer indeed. Josh is a chapter leader we 
> can
> all learn from, and I bet he runs his chapter like a business.
> As a community I believe we need to accept the fact that when OWASP
> profits, we are all in a much better position to pursue our altruistic
> mission.
> Dennis
>>> -----Ursprüngliche Nachricht-----
>>> Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
>>> bounces at lists.owasp.org] Im Auftrag von Dennis Groves
>>> Gesendet: Dienstag, 2. Juli 2013 23:03
>>> An: Dirk Wetter
>>> Cc: owasp-leaders at lists.owasp.org
>>> Betreff: Re: [Owasp-leaders] OWASP "Certification" [ Z1 UNGESICHERT 
>>> ]
>>> This is really great, it is essentially free marketing for OWASP.
>>> However, this is an example of how we fail to capture value. What is
>>> lost
>> is an
>>> opportunity to license the use of the 'OWASP' brand - which is one
>>> way we
>>> have historically left money on the table. (Samantha's
>>> Idea...)
>>> A non-profit can not exist on handouts alone; that is we will be
>>> bankrupt
>>> before long if we keep asking for sponsorships. This is why it is
>> **critical**
>>> we start acting like a proper business, and move to profit 
>>> generating
>> revenue
>>> models.
>>> Cheers,
>>> Dennis
>>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>>> I believe the board is aware and we reached out. How great are we
>>>>> that people want to rip off our brand, congrats all :) I'd 
>>>>> probably
>>>>> expect more of this to come from countries which do not respect
>>>>> intellectual property or tradark rights.
>>>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>>>> Dear board: pls set up a plan how to deal with those case
>>>> appropriately and then just do it.
>>>> Cheers,
>>>> Dirk
> -- 
> [Dennis Groves](http://about.me/dennis.groves), MSc
> [Email me](mailto:dennis.groves at owasp.org) or [schedule a
> meeting](http://goo.gl/8sPIy).
>> "Unless someone like you...cares a whole awful lot...nothing is going
>> to get better...It's not." -- The Lorax
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 

> "Unless someone like you...cares a whole awful lot...nothing is going 
> to get better...It's not." -- The Lorax

More information about the OWASP-Leaders mailing list