[Owasp-leaders] OWASP Project Sponsorship - What can we spend money on?

Abraham Aranguren abraham.aranguren at owasp.org
Wed Oct 9 20:52:01 UTC 2013

Good trick Simon, I read the email :)

Thanks for the plug to the OWTF CFP funds contest too, appreciated.

We got no entries for the OWTF CFP yet, but based on the experience from
the GSoC I'd not be surprised if all the entries came on the last day
-even though you can edit the proposal before the deadline as many times
as you want- :)
Deadline is October 15th btw (all details + form here:

I believe the google form is "solid enough" to firewall out "garbage
proposals", it forces you to enter a quality submission with estimates,
proposed start and end dates, etc. (all mandatory fields). This is
something the Brucon crew requires to pay out the funds (they were
awarded to OWTF but the money is technically with Brucon until the work
is implemented). In short, I expect "less but greater submissions"
because of this.

re Projet leaders vs. donated money: I agree this is a bit tricky, if I
chose the funds to pay myself it would *feel* wrong (to me), even though
it's technically not wrong to be paid for work on open source software
imho. My decision to "give it away" has been more based on "what is best
for the project" than "what others might think about it". I honestly
think some young motivated students without girlfriends, wifes,
families, day jobs, cats, etc. can simply do more than I would myself
for less money.

I will keep you guys posted on how this experiment goes. Volunteers
still welcome, both for the CFP Panel as well as submissions :)



On 10/09/2013 11:01 AM, psiinon wrote:
> Andrew,
> I agree - we should have this discussion - I've changed the title so
> we can use this thread for it if anyone else wants to chip in.
> I also agree that we should be able to pay people to work on OWASP
> projects.
> However we should have checks and balances to ensure that a 'rogue'
> leader doesnt contrive to appropriate donated money without
> contributing a suitable amount of effort.
> Hopefully thats extremely unlikely, but we should aim to be seen as
> whiter than white.
> Note that we have actually started down this route - see Abraham's
> OWTF CFP: http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html
> Abraham - have you had any responses to this?
> Cheers,
> Simon
> On Wed, Oct 9, 2013 at 2:17 AM, vanderaj vanderaj <vanderaj at owasp.org
> <mailto:vanderaj at owasp.org>> wrote:
>     This is an excellent discussion. 
>     However, although it is fine to have this discussion, I think
>     there is "what can (project leaders)|(or the project)|(or OWASP)
>     spend raised sponsorship money on". 
>     I've made it perfectly plain over many years that for whatever
>     reason, I don't get time off to do my work at OWASP, so
>     sponsorship for me is about taking a sabbatical to work on
>     projects. The idea that the only people who can get paid for OWASP
>     projects are not the people writing them is insane. Our project is
>     big enough to support a few key individuals to get things really
>     moving, a la Linux Foundation and their fellowships. 
>     I'd like for "how can projects spend their money" to be a separate
>     question to the proposed model question. 
>     thanks,
>     Andrew 
>     On Wed, Oct 9, 2013 at 5:02 AM, Michael Coates
>     <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>         Leaders,
>         _*TLDR -*_ We want leaders to debate various project
>         sponsorship models (update as necessary) and vote on the one
>         they support in the upcoming annual elections (Oct 14 -25).
>         https://www.owasp.org/index.php/Governance/ProjectSponsorship
>         _*More Info*_
>         Project sponsorship and branding is an item that we've been
>         working on at the board for quite some time. Through
>         discussion we've realized there is not a single right model
>         for OWASP. Instead there is a spectrum of approaches
>         (decentralized decisions on branding vs centralized, logos or
>         no logos, project sponsorship or foundation sponsorship etc).
>         Each of these items have their own positives and negatives.
>         However, one thing is clear. For OWASP to scale and grow we
>         need to pick an approach and document it. This way everyone
>         understands what the rules are, how to bring in new
>         contributors and how to correctly acknowledge supporters &
>         contributors.
>         We'd like the OWASP community to cast a vote for the model
>         they believe is best for OWASP. Before we vote on the issue we
>         also want our community to help identify considerations for
>         each model. What are the positives and negatives? Is there
>         another approach that we should consider? Is there something
>         we're not considering?
>         The 3 approaches are listed here in the wiki
>         https://www.owasp.org/index.php/Governance/ProjectSponsorship
>         Please update and add additional considerations. Please don't
>         remove existing text. Instead use the comment section at the
>         bottom to explain areas you may disagree with.
>         Thanks!
>         --
>         Michael Coates | OWASP | @_mwc
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader

More information about the OWASP-Leaders mailing list