[Owasp-leaders] OWASP Project Sponsorship - What Model does OWASP want?

Chris Schmidt chris.schmidt at owasp.org
Thu Oct 10 03:33:28 UTC 2013


Another point worth bringing up is that I think it is a mistake to posit
that organizations cannot target their contributions to a specific
project simply because while we may wish that organizations would
embrace OWASP as a whole, it is much more likely that they are embracing
projects that they use, and being selfish "individuals", orgs want to
further development on the stuff that they are actively using. There are
exceptions to every rule, but my gut feel is that organizations are far
more likely to contribute funds to the stuff their people are using
simply because they have a vested interest in those projects already.

As for the statement of altruism, I think that most of the people that
are working on projects will happily continue to do so for free, but
there are things that are certainly *not* free that enable them to take
their projects to the next level. Marketing, site hosting, graphic
design, printed materials, (and the list goes on and on). There are a
great many reasons that a project needs a budget, and to cut those
projects off at the knees is a surefire way IMHO to cripple them to
obsolescence in the long run.

Just my humble $0.02.

On 10/9/13 4:57 PM, Michael Coates wrote:
> Chris,
>
> I think that is a good point with any guidance/policy. We define the
> normal path on how we do things with a realization that we won't be
> solving for 100% of the scenarios. In the event someone feels they
> fall outside of the normal path then we have clear information on the
> proper way to do it differently. This could be anything from noting
> that you are doing something different to a formal approval process. I
> should be clear that I'm for minimum viable red tape to handle those
> scenarios.
>
> But back to your main point we should definitely realize there will be
> exceptions to everything and make sure we clearly address how to
> handle those.
>
> Thanks for the feedback!
>
> -Michael
>
>
> --
> Michael Coates | OWASP | @_mwc
>
>
>
> On Wed, Oct 9, 2013 at 2:51 PM, Chris Schmidt <chris.schmidt at owasp.org
> <mailto:chris.schmidt at owasp.org>> wrote:
>
>     I think these are a good starting point, however I think text
>     needs to be added to each that allows for amending on a case by
>     case basis. As most know, I am a strong advocate for
>     standardization across the entire OWASP Projects Portfolio, but I
>     also understand that there is no one-size-fits-all solution to
>     issues like this. I leave it up to someone smarter than me to word
>     it, but I think it is an important aspect of Options 2 and 3.
>
>     ~C
>
>
>     On 10/9/13 3:08 PM, Michael Coates wrote:
>>     I noticed we haven't had many emails on this topic. Are people
>>     happy with the three options? I'd like to make sure we have the
>>     positives and negatives fully captured.
>>
>>     If we're good then the following will be added to the election
>>     ballot.
>>
>>     Proposed Text:
>>
>>
>>
>>     OWASP is defining our project sponsorship and branding model.
>>     Which of the following model do you want for OWASP? The voice of
>>     the community will decide this issue.
>>
>>     Full information and and details for each option is listed here:
>>     https://www.owasp.org/index.php/Governance/ProjectSponsorship
>>     The additional information covers many more elements of each
>>     option and you're strongly encouraged to review.
>>
>>     Option 1: **Projects can be sponsored. *Project leaders decide
>>     all items including how all contributors are recognized, location
>>     of logos, criteria for logos, etc.
>>
>>     *
>>     Option 2: *Projects can be sponsored. Standard process across
>>     OWASP projects for items such as ***how all contributors are
>>     recognized,* **location of logos, criteria for logos, etc.
>>
>>     *
>>     Option 3:***Projects can not be sponsored. Organizations can
>>     support the foundation and the foundation can support projects
>>     through programs (summer of code, project reboot etc). OWASP
>>     foundation supporters have their logo on a dedicated OWASP
>>     foundation page.
>>     *
>>
>>
>>     --
>>     Michael Coates | OWASP | @_mwc
>>
>>
>>
>>     On Tue, Oct 8, 2013 at 11:02 AM, Michael Coates
>>     <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>>
>>         Leaders,
>>
>>         _*TLDR -*_ We want leaders to debate various project
>>         sponsorship models (update as necessary) and vote on the one
>>         they support in the upcoming annual elections (Oct 14 -25).
>>
>>         https://www.owasp.org/index.php/Governance/ProjectSponsorship
>>
>>
>>         _*More Info*_
>>
>>         Project sponsorship and branding is an item that we've been
>>         working on at the board for quite some time. Through
>>         discussion we've realized there is not a single right model
>>         for OWASP. Instead there is a spectrum of approaches
>>         (decentralized decisions on branding vs centralized, logos or
>>         no logos, project sponsorship or foundation sponsorship etc).
>>         Each of these items have their own positives and negatives.
>>
>>         However, one thing is clear. For OWASP to scale and grow we
>>         need to pick an approach and document it. This way everyone
>>         understands what the rules are, how to bring in new
>>         contributors and how to correctly acknowledge supporters &
>>         contributors.
>>
>>         We'd like the OWASP community to cast a vote for the model
>>         they believe is best for OWASP. Before we vote on the issue
>>         we also want our community to help identify considerations
>>         for each model. What are the positives and negatives? Is
>>         there another approach that we should consider? Is there
>>         something we're not considering?
>>
>>         The 3 approaches are listed here in the wiki
>>         https://www.owasp.org/index.php/Governance/ProjectSponsorship
>>
>>         Please update and add additional considerations. Please don't
>>         remove existing text. Instead use the comment section at the
>>         bottom to explain areas you may disagree with.
>>
>>
>>         Thanks!
>>
>>
>>         --
>>         Michael Coates | OWASP | @_mwc
>>
>>
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131009/a34da805/attachment.html>


More information about the OWASP-Leaders mailing list