[Owasp-leaders] OWASP Project Sponsorship - What can we spend money on?

Michael Coates michael.coates at owasp.org
Thu Oct 10 17:32:43 UTC 2013


How owasp pays contributors is an interesting topic with a few different
possible approaches and many different opinions. I'm interested in building
a similar matrix of options after we decide on project sponsorship/branding.

There are lots of different options (non)payment/incentives/badges/etc and
I'm guessing we'll see a variety of viable approaches.

It will be a good exercise and item for us to tackle next.




--
Michael Coates | OWASP | @_mwc



On Thu, Oct 10, 2013 at 12:50 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> My view is that OWASP can't pay its leaders (see
> http://blog.diniscruz.com/2012/04/why-owasp-cant-pay-owasp-leaders.htmlfor a detailed explanation why)
>
> Abraham solution is one that works (and kudos to him for choosing that
> model)
>
> Google Summer of Code like activities are another
>
> The Owasp project partnership model is another :
> https://www.owasp.org/index.php/OWASP_Project_Partnership_Model
>
> And the best is to work for a company that believes so much in an OWASP
> project that is willing to pay its employees to spend time on OWASP
> projects
> On 9 Oct 2013 21:52, "Abraham Aranguren" <abraham.aranguren at owasp.org>
> wrote:
>
>> Good trick Simon, I read the email :)
>>
>> Thanks for the plug to the OWTF CFP funds contest too, appreciated.
>>
>> We got no entries for the OWTF CFP yet, but based on the experience from
>> the GSoC I'd not be surprised if all the entries came on the last day
>> -even though you can edit the proposal before the deadline as many times
>> as you want- :)
>> Deadline is October 15th btw (all details + form here:
>> http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html).
>>
>> I believe the google form is "solid enough" to firewall out "garbage
>> proposals", it forces you to enter a quality submission with estimates,
>> proposed start and end dates, etc. (all mandatory fields). This is
>> something the Brucon crew requires to pay out the funds (they were
>> awarded to OWTF but the money is technically with Brucon until the work
>> is implemented). In short, I expect "less but greater submissions"
>> because of this.
>>
>> re Projet leaders vs. donated money: I agree this is a bit tricky, if I
>> chose the funds to pay myself it would *feel* wrong (to me), even though
>> it's technically not wrong to be paid for work on open source software
>> imho. My decision to "give it away" has been more based on "what is best
>> for the project" than "what others might think about it". I honestly
>> think some young motivated students without girlfriends, wifes,
>> families, day jobs, cats, etc. can simply do more than I would myself
>> for less money.
>>
>> I will keep you guys posted on how this experiment goes. Volunteers
>> still welcome, both for the CFP Panel as well as submissions :)
>>
>> Thanks!
>>
>> Abe
>>
>> On 10/09/2013 11:01 AM, psiinon wrote:
>> > Andrew,
>> >
>> > I agree - we should have this discussion - I've changed the title so
>> > we can use this thread for it if anyone else wants to chip in.
>> >
>> > I also agree that we should be able to pay people to work on OWASP
>> > projects.
>> > However we should have checks and balances to ensure that a 'rogue'
>> > leader doesnt contrive to appropriate donated money without
>> > contributing a suitable amount of effort.
>> > Hopefully thats extremely unlikely, but we should aim to be seen as
>> > whiter than white.
>> >
>> > Note that we have actually started down this route - see Abraham's
>> > OWTF CFP: http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html
>> >
>> > Abraham - have you had any responses to this?
>> >
>> > Cheers,
>> >
>> > Simon
>> >
>> >
>> > On Wed, Oct 9, 2013 at 2:17 AM, vanderaj vanderaj <vanderaj at owasp.org
>> > <mailto:vanderaj at owasp.org>> wrote:
>> >
>> >     This is an excellent discussion.
>> >
>> >     However, although it is fine to have this discussion, I think
>> >     there is "what can (project leaders)|(or the project)|(or OWASP)
>> >     spend raised sponsorship money on".
>> >
>> >     I've made it perfectly plain over many years that for whatever
>> >     reason, I don't get time off to do my work at OWASP, so
>> >     sponsorship for me is about taking a sabbatical to work on
>> >     projects. The idea that the only people who can get paid for OWASP
>> >     projects are not the people writing them is insane. Our project is
>> >     big enough to support a few key individuals to get things really
>> >     moving, a la Linux Foundation and their fellowships.
>> >
>> >     I'd like for "how can projects spend their money" to be a separate
>> >     question to the proposed model question.
>> >
>> >     thanks,
>> >     Andrew
>> >
>> >
>> >     On Wed, Oct 9, 2013 at 5:02 AM, Michael Coates
>> >     <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>> >
>> >         Leaders,
>> >
>> >         _*TLDR -*_ We want leaders to debate various project
>> >         sponsorship models (update as necessary) and vote on the one
>> >         they support in the upcoming annual elections (Oct 14 -25).
>> >
>> >         https://www.owasp.org/index.php/Governance/ProjectSponsorship
>> >
>> >
>> >         _*More Info*_
>> >
>> >         Project sponsorship and branding is an item that we've been
>> >         working on at the board for quite some time. Through
>> >         discussion we've realized there is not a single right model
>> >         for OWASP. Instead there is a spectrum of approaches
>> >         (decentralized decisions on branding vs centralized, logos or
>> >         no logos, project sponsorship or foundation sponsorship etc).
>> >         Each of these items have their own positives and negatives.
>> >
>> >         However, one thing is clear. For OWASP to scale and grow we
>> >         need to pick an approach and document it. This way everyone
>> >         understands what the rules are, how to bring in new
>> >         contributors and how to correctly acknowledge supporters &
>> >         contributors.
>> >
>> >         We'd like the OWASP community to cast a vote for the model
>> >         they believe is best for OWASP. Before we vote on the issue we
>> >         also want our community to help identify considerations for
>> >         each model. What are the positives and negatives? Is there
>> >         another approach that we should consider? Is there something
>> >         we're not considering?
>> >
>> >         The 3 approaches are listed here in the wiki
>> >         https://www.owasp.org/index.php/Governance/ProjectSponsorship
>> >
>> >         Please update and add additional considerations. Please don't
>> >         remove existing text. Instead use the comment section at the
>> >         bottom to explain areas you may disagree with.
>> >
>> >
>> >         Thanks!
>> >
>> >
>> >         --
>> >         Michael Coates | OWASP | @_mwc
>> >
>> >
>> >         _______________________________________________
>> >         OWASP-Leaders mailing list
>> >         OWASP-Leaders at lists.owasp.org
>> >         <mailto:OWASP-Leaders at lists.owasp.org>
>> >         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> >
>> >
>> >     _______________________________________________
>> >     OWASP-Leaders mailing list
>> >     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org
>> >
>> >     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> >
>> >
>> >
>> > --
>> > OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131010/db8ea7e9/attachment.html>


More information about the OWASP-Leaders mailing list