[Owasp-leaders] Measuring Intent and Funding Things

Yvan Boily yvanboily at gmail.com
Tue Mar 25 05:19:50 UTC 2014


To be clear, the reason I keep asking permission instead of just moving
forward is for one reason -

Running a kickstarter for the OWASP community (or anyone else who
participates) means collecting funds.  I am happy to provide a complete
accounting of the funds collected, and donate any extra funds collected to
OWASP, but I want this activity blessed by the OWASP Board or whoever the
right folks involved are before proceeding.

Cheers,
Yvan

ps - irrational exuberance is the reason I do community stuff... a career
in infosec has made me somewhat cynical, doing awesome community stuff
ameliorates that ;)


On Mon, Mar 24, 2014 at 10:12 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  Yvan,
>
> For certain you are way too excited to get a copy. Greenspan talked about
> this as a form of "irrational exuberance".  ;)
>
> By the same token, I think a crowdfunding campaign is a fantastic idea. I
> say go for it. This might be a great way to fund future endeavors. If you
> need any help reviewing the campaign copy before you go live, just give me
> a shout.
>
> Awesome + Aloha,
> Jim
>
>
>
>
>   I requested some a copy of the Cornucopia materials from blackfoot.
>
>  I am happy to coordinate a print run of the cards, but in order to
> dramatically simplify things I would prefer to run an crowdfunding campaign
> to get a pile of them mass produced.  Basically the goal would be to get an
> estimate on the production run, coordinate with (Sam|Kate|Colin|?!?) to get
> some nice OWASP branded packaging (I haven't seen the controversial (?)
> packaging mentioned in other threads).
>
>  If there is media (videos of folks playing, copy about the game, etc)
> that would also be helpful.  The great thing about running something like
> this through kickstarter is that you can allow people to order them at unit
> cost, or to pay more to support this or other OWASP projects.
>
>  I also think this is a better way to allow community members (including
> myself) to vote with their wallets rather than spending sparse project
> funds to get something produced.  Any objections?  Am I putting the cart
> before the horse here?  Maybe I am just a little too excited to get a copy?
>
> :)
>
>
> On Mon, Mar 24, 2014 at 9:43 PM, Samantha Groves <
> samantha.groves at owasp.org> wrote:
>
>> Sorry, rules of engagement can be found here:
>> https://www.owasp.org/index.php/Funding
>>
>>
>> On Mon, Mar 24, 2014 at 9:42 PM, Samantha Groves <
>> samantha.groves at owasp.org> wrote:
>>
>>> We have about $18,000 available for project development:
>>> https://www.owasp.org/index.php/Community_Engagement_-_Payments
>>>
>>>  I just need to update this page with what has already been spent.
>>>
>>>  In regard to ordering the books... what are these for? I ask because
>>> there might be another budget this expense will come from if they fall
>>> under another category.
>>>
>>>
>>>
>>> On Mon, Mar 24, 2014 at 4:55 PM, Dinis Cruz <dinis.cruz at owasp.org>wrote:
>>>
>>>> Cool how much is it and what are the rules of engagement?
>>>>
>>>> Can I start by ordering 10x copies of OpenSAMM and 10x copies of latest
>>>> top 10?
>>>>  On 24 Mar 2014 14:55, "Samantha Groves" <samantha.groves at owasp.org>
>>>> wrote:
>>>>
>>>>> Just an FYI... There is a project fund bucket that was given to us
>>>>> this year. It is not much, but it is a start. The question now is... What
>>>>> do you want to do with it?
>>>>>
>>>>>
>>>>> On Thu, Mar 20, 2014 at 10:38 AM, Yvan Boily <yvanboily at gmail.com>wrote:
>>>>>
>>>>>>  I fully support using chapter funds to produce materials for OWASP
>>>>>> chapters, chapter leads, and to support projects and stuff.
>>>>>>
>>>>>>  What I am looking for here is to find a way to fund the production
>>>>>> of OWASP branded materials for non-OWASP stuff, for example if I want a
>>>>>> case of OWASP cheat sheets that are professionally produced so I can have
>>>>>> our HR team include them in the new hire kit for every new dev my employer
>>>>>> hires, OWASP shouldn't foot the bill for that :)  (something like this -
>>>>>> http://www.amazon.com/Microsoft-Introduction-Reference-Instructions-Shortcuts/dp/1936220156/ref=sr_1_14?ie=UTF8&qid=1395336990&sr=8-14&keywords=cheat+sheetas opposed to a simple sheet of paper).
>>>>>>
>>>>>>  I guess maybe I am looking for a way to vote with my wallet for
>>>>>> stuff that might eventually be available as a general order product (which
>>>>>> I suspect will raise hackles, but hey, if OWASP doesn't do it, someone else
>>>>>> will, and pocket the money instead of investing it in community projects).
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 20, 2014 at 7:07 AM, Dinis Cruz <dinis.cruz at owasp.org>wrote:
>>>>>>
>>>>>>> I think having those professional materials are super important for
>>>>>>> OWASP and I also tend to have the OpenSAMM printed book at hand
>>>>>>> since it one of most professional ones we have :)
>>>>>>>
>>>>>>>  So yes, Yvan you are spot on (from my point of view) on your
>>>>>>> analysis and OWASP should be helping to pay for those materials (specially
>>>>>>> since they are an investment into the OWASP brand, and who knows how many
>>>>>>> new members and conference attendees we would get from the recipients of
>>>>>>> those materials)
>>>>>>>
>>>>>>>  My view is that we should be using some of the OWASP funds
>>>>>>> (currently available) to pay for this type of materials (so that our
>>>>>>> leaders can distribute it). I'm still waiting for the idea of '*OWASP
>>>>>>> Projects Funds bucket*' or '*OWASP Chapters Funds bucket'* so that
>>>>>>> us (the OWASP leaders) can 'just get on with it' and distribute the great
>>>>>>> stuff that is created at OWASP.
>>>>>>>
>>>>>>>  Basically Yvan should be able to quickly order the materials he
>>>>>>> mentions below (all from a global fund that is available to all OWASP
>>>>>>> leaders).
>>>>>>>
>>>>>>>  That is what I tried to do with the OWASP GSD project<https://www.owasp.org/index.php/OWASP_GSD_Project>,and
>>>>>>> as you can see on https://www.owasp.org/index.php/OWASP_GSD_Projectthat money has been put to good use (
>>>>>>> Yvan I think there is still some in there, so feel free to use it).
>>>>>>>
>>>>>>>  BTW.. and if we can't get the 'OWASP Projects Funds bucket' setup
>>>>>>> in the next months, *what about topping up the GSD projects fund?*
>>>>>>>
>>>>>>>  Dinis
>>>>>>>
>>>>>>>
>>>>>>>   On 20 March 2014 12:22, Yvan Boily <yvanboily at gmail.com> wrote:
>>>>>>>
>>>>>>>>      Hi Leaders,
>>>>>>>>
>>>>>>>>  After seeing Jim's post about Cornucopia and buying a couple of
>>>>>>>> copies of the nicely produced OpenSAMM documents at AppSecEU last year, I
>>>>>>>> was about to post a response, but I realized that I had a bigger question.
>>>>>>>>
>>>>>>>>  For BSidesVancouver this year we used crowd-funding and I learned
>>>>>>>> that it is a powerful way for the community involved with that to signal
>>>>>>>> intent about priorities when organizing the event.  It worked out really
>>>>>>>> well, and allowed us to keep our event 100% free for those who couldn't or
>>>>>>>> chose not to pay to attend.  Since it was super successful, I pretty much
>>>>>>>> drank the crowd funding kool-aid.   Later this year some gaming (as in
>>>>>>>> playing dungeons and dragons every sunday night) folks and I will be
>>>>>>>> running a separate kickstarter to collect funds to print something that we
>>>>>>>> have been working on as a hobby; we have had a number of people say they
>>>>>>>> would buy a copy, but using crowdfunding will allow us to figure out how
>>>>>>>> much to spend on printing stuff and potentially allow us to get a higher
>>>>>>>> volume printed so we can reduce the unit cost.
>>>>>>>>
>>>>>>>>  In addition to this, I have pitched using crowd-funding to fund
>>>>>>>> the development of high quality training materials to at least one other
>>>>>>>> OWASP leader.
>>>>>>>>
>>>>>>>>  Has anyone else in the OWASP community investigated using
>>>>>>>> crowd-funding via Indie Go-Go, Kickstarter, or others to measure intent and
>>>>>>>> make physical copies of things available?
>>>>>>>>
>>>>>>>>  The reason I ask is:
>>>>>>>>
>>>>>>>>  * I would like a professionally manufactured version of Cornucopia
>>>>>>>> (I am talking print quality, not anything else).  This is expensive.  Also,
>>>>>>>> I want about 12 copies, not 1.
>>>>>>>>
>>>>>>>>  * I love the quality of the OpenSAMM guide; I literally carry it
>>>>>>>> around with me when I am attending security meetups and cons where I might
>>>>>>>> talk about OWASP because it's production values are simply superb.
>>>>>>>>
>>>>>>>>  * I really wish I could buy (by the case) professional quality
>>>>>>>> printouts of the OWASP cheat sheets to give devs in my community, and at
>>>>>>>> work.
>>>>>>>>
>>>>>>>>  These things are expensive to produce (both the cost of
>>>>>>>> manufacturing, and the cost of producing good quality print materials).
>>>>>>>>
>>>>>>>> Is this something that people are interested in looking at it?  Is
>>>>>>>> it a viable option?  Are people going to freak out[1] for my suggesting
>>>>>>>> it?
>>>>>>>>
>>>>>>>>  Cheers,
>>>>>>>> Yvan
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>  [1] omg drama talking about crowdfunding in some other communities
>>>>>>>> I am involved with (gaming, local activism, etc)
>>>>>>>>
>>>>>>>>  _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>  --
>>>>>
>>>>> *Samantha Groves, MBA*
>>>>>
>>>>> *OWASP Projects Manager*
>>>>>
>>>>>
>>>>>  The OWASP Foundation
>>>>>
>>>>> Phoenix, USA
>>>>>
>>>>> Email: samantha.groves at owasp.org
>>>>>
>>>>> Skype: samanthahz
>>>>>
>>>>>
>>>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>  --
>>>
>>> *Samantha Groves, MBA*
>>>
>>> *OWASP Projects Manager*
>>>
>>>
>>>  The OWASP Foundation
>>>
>>> Phoenix, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>
>>
>>  --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>>  The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140324/6b469587/attachment-0001.html>


More information about the OWASP-Leaders mailing list