[Owasp-leaders] Measuring Intent and Funding Things
yvanboily at gmail.com
Mon Mar 24 15:17:14 UTC 2014
My impression is that project funds should be used to help project leads
advance the state of their projects. For example, a project leader might
use project funds to do a "Summer of Code" style project where a specific
individual (in this case, a student), implements a much desired feature for
a project such as ZAP, or writes an extremely detailed section on a
technically challenging portion of the testing guide. Periodically OWASP
projects reach milestones (either as goals, or along a release cycle) where
the projects are "production ready". In this case, for example, for the
testing guide, or other documents a good use of project funds would be to
engage professional layout and design folks.
Once this work is done, I don't think the onus should be on individual
projects to cover the cost of production runs of things. I suggested
crowdfunding as an opt-in model, and one that works really well for things
like Cornucopia or other items that may not have universal appeal, but for
things like printed versions of the testing guide, or cheat sheets that
would probably be highly desirable on the open market, the OWASP project
should handle (either directly, or through a partner) production, sales,
and fulfillment of those items. My take on this is that using project
funds, and leaving the onus on project leads detracts away from the time
those leads could spend on improving/innovating/being awesome at their
The whole reason this came up for me is that I have money from several
buckets (mine, my employers, other groups I belong to) to use for advancing
my objectives within the owners of those buckets.
I don't think that OWASP funds should be used to provide these things for
free, especially if they are for commercial use (using the example of
giving out fancy laminated coding cheat sheets to our devs at my employer
as they walk in the door on first day).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders