[Owasp-leaders] OWASP Project Sponsorship - What can we spend money on?

psiinon psiinon at gmail.com
Wed Oct 9 09:01:26 UTC 2013


I agree - we should have this discussion - I've changed the title so we can
use this thread for it if anyone else wants to chip in.

I also agree that we should be able to pay people to work on OWASP projects.
However we should have checks and balances to ensure that a 'rogue' leader
doesnt contrive to appropriate donated money without contributing a
suitable amount of effort.
Hopefully thats extremely unlikely, but we should aim to be seen as whiter
than white.

Note that we have actually started down this route - see Abraham's OWTF
CFP: http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html

Abraham - have you had any responses to this?



On Wed, Oct 9, 2013 at 2:17 AM, vanderaj vanderaj <vanderaj at owasp.org>wrote:

> This is an excellent discussion.
> However, although it is fine to have this discussion, I think there is
> "what can (project leaders)|(or the project)|(or OWASP) spend raised
> sponsorship money on".
> I've made it perfectly plain over many years that for whatever reason, I
> don't get time off to do my work at OWASP, so sponsorship for me is about
> taking a sabbatical to work on projects. The idea that the only people who
> can get paid for OWASP projects are not the people writing them is insane.
> Our project is big enough to support a few key individuals to get things
> really moving, a la Linux Foundation and their fellowships.
> I'd like for "how can projects spend their money" to be a separate
> question to the proposed model question.
> thanks,
> Andrew
> On Wed, Oct 9, 2013 at 5:02 AM, Michael Coates <michael.coates at owasp.org>wrote:
>> Leaders,
>> *TLDR -* We want leaders to debate various project sponsorship models
>> (update as necessary) and vote on the one they support in the upcoming
>> annual elections (Oct 14 -25).
>> https://www.owasp.org/index.php/Governance/ProjectSponsorship
>> *More Info*
>> Project sponsorship and branding is an item that we've been working on at
>> the board for quite some time. Through discussion we've realized there is
>> not a single right model for OWASP. Instead there is a spectrum of
>> approaches (decentralized decisions on branding vs centralized, logos or no
>> logos, project sponsorship or foundation sponsorship etc). Each of these
>> items have their own positives and negatives.
>> However, one thing is clear. For OWASP to scale and grow we need to pick
>> an approach and document it. This way everyone understands what the rules
>> are, how to bring in new contributors and how to correctly acknowledge
>> supporters & contributors.
>> We'd like the OWASP community to cast a vote for the model they believe
>> is best for OWASP. Before we vote on the issue we also want our community
>> to help identify considerations for each model. What are the positives and
>> negatives? Is there another approach that we should consider? Is there
>> something we're not considering?
>> The 3 approaches are listed here in the wiki
>> https://www.owasp.org/index.php/Governance/ProjectSponsorship
>> Please update and add additional considerations. Please don't remove
>> existing text. Instead use the comment section at the bottom to explain
>> areas you may disagree with.
>> Thanks!
>> --
>> Michael Coates | OWASP | @_mwc
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131009/c6f2da63/attachment.html>

More information about the OWASP-Leaders mailing list