[Owasp-leaders] Measuring Intent and Funding Things

Jim Manico jim.manico at owasp.org
Tue Mar 25 05:29:46 UTC 2014


Yvan,

Of course please use our brand guidelines 
https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES 
and kick start this funding idea. Raising funds for our non profit 
foundation is something we need to support and encourage. When you set 
up a kickstarter or similar campaign, can you give the credentials to 
Sarah Baso and/or work with her to ensure the funds to directly to the 
foundation?

I might be smacked a bit for jumping the gun here, but that is ok. It's 
my duty as a board member to support raising funds for the foundation, 
so please charge ahead and I'll take responsibility for any flack for 
moving fast on this.

Aloha,
Jim



On 3/25/14, 10:49 AM, Yvan Boily wrote:
> To be clear, the reason I keep asking permission instead of just 
> moving forward is for one reason -
>
> Running a kickstarter for the OWASP community (or anyone else who 
> participates) means collecting funds.  I am happy to provide a 
> complete accounting of the funds collected, and donate any extra funds 
> collected to OWASP, but I want this activity blessed by the OWASP 
> Board or whoever the right folks involved are before proceeding.
>
> Cheers,
> Yvan
>
> ps - irrational exuberance is the reason I do community stuff... a 
> career in infosec has made me somewhat cynical, doing awesome 
> community stuff ameliorates that ;)
>
>
> On Mon, Mar 24, 2014 at 10:12 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Yvan,
>
>     For certain you are way too excited to get a copy. Greenspan
>     talked about this as a form of "irrational exuberance".  ;)
>
>     By the same token, I think a crowdfunding campaign is a fantastic
>     idea. I say go for it. This might be a great way to fund future
>     endeavors. If you need any help reviewing the campaign copy before
>     you go live, just give me a shout.
>
>     Awesome + Aloha,
>     Jim
>
>
>
>>     I requested some a copy of the Cornucopia materials from blackfoot.
>>
>>     I am happy to coordinate a print run of the cards, but in order
>>     to dramatically simplify things I would prefer to run an
>>     crowdfunding campaign to get a pile of them mass produced.
>>     Basically the goal would be to get an estimate on the production
>>     run, coordinate with (Sam|Kate|Colin|?!?) to get some nice OWASP
>>     branded packaging (I haven't seen the controversial (?) packaging
>>     mentioned in other threads).
>>
>>     If there is media (videos of folks playing, copy about the game,
>>     etc) that would also be helpful.  The great thing about running
>>     something like this through kickstarter is that you can allow
>>     people to order them at unit cost, or to pay more to support this
>>     or other OWASP projects.
>>
>>     I also think this is a better way to allow community members
>>     (including myself) to vote with their wallets rather than
>>     spending sparse project funds to get something produced.  Any
>>     objections? Am I putting the cart before the horse here? Maybe I
>>     am just a little too excited to get a copy?
>>
>>     :)
>>
>>
>>     On Mon, Mar 24, 2014 at 9:43 PM, Samantha Groves
>>     <samantha.groves at owasp.org <mailto:samantha.groves at owasp.org>> wrote:
>>
>>         Sorry, rules of engagement can be found here:
>>         https://www.owasp.org/index.php/Funding
>>
>>
>>         On Mon, Mar 24, 2014 at 9:42 PM, Samantha Groves
>>         <samantha.groves at owasp.org
>>         <mailto:samantha.groves at owasp.org>> wrote:
>>
>>             We have about $18,000 available for project development:
>>             https://www.owasp.org/index.php/Community_Engagement_-_Payments
>>
>>
>>             I just need to update this page with what has already
>>             been spent.
>>
>>             In regard to ordering the books... what are these for? I
>>             ask because there might be another budget this expense
>>             will come from if they fall under another category.
>>
>>
>>
>>             On Mon, Mar 24, 2014 at 4:55 PM, Dinis Cruz
>>             <dinis.cruz at owasp.org <mailto:dinis.cruz at owasp.org>> wrote:
>>
>>                 Cool how much is it and what are the rules of engagement?
>>
>>                 Can I start by ordering 10x copies of OpenSAMM and
>>                 10x copies of latest top 10?
>>
>>                 On 24 Mar 2014 14:55, "Samantha Groves"
>>                 <samantha.groves at owasp.org
>>                 <mailto:samantha.groves at owasp.org>> wrote:
>>
>>                     Just an FYI... There is a project fund bucket
>>                     that was given to us this year. It is not much,
>>                     but it is a start. The question now is... What do
>>                     you want to do with it?
>>
>>
>>                     On Thu, Mar 20, 2014 at 10:38 AM, Yvan Boily
>>                     <yvanboily at gmail.com
>>                     <mailto:yvanboily at gmail.com>> wrote:
>>
>>                         I fully support using chapter funds to
>>                         produce materials for OWASP chapters, chapter
>>                         leads, and to support projects and stuff.
>>
>>                         What I am looking for here is to find a way
>>                         to fund the production of OWASP branded
>>                         materials for non-OWASP stuff, for example if
>>                         I want a case of OWASP cheat sheets that are
>>                         professionally produced so I can have our HR
>>                         team include them in the new hire kit for
>>                         every new dev my employer hires, OWASP
>>                         shouldn't foot the bill for that :)
>>                         (something like this -
>>                         http://www.amazon.com/Microsoft-Introduction-Reference-Instructions-Shortcuts/dp/1936220156/ref=sr_1_14?ie=UTF8&qid=1395336990&sr=8-14&keywords=cheat+sheet
>>                         as opposed to a simple sheet of paper).
>>
>>                         I guess maybe I am looking for a way to vote
>>                         with my wallet for stuff that might
>>                         eventually be available as a general order
>>                         product (which I suspect will raise hackles,
>>                         but hey, if OWASP doesn't do it, someone else
>>                         will, and pocket the money instead of
>>                         investing it in community projects).
>>
>>
>>
>>                         On Thu, Mar 20, 2014 at 7:07 AM, Dinis Cruz
>>                         <dinis.cruz at owasp.org
>>                         <mailto:dinis.cruz at owasp.org>> wrote:
>>
>>                             I think having those professional
>>                             materials are super important for OWASP
>>                             and I also tend to have the OpenSAMM
>>                             printed book at hand since it one of most
>>                             professional ones we have :)
>>
>>                             So yes, Yvan you are spot on (from my
>>                             point of view) on your analysis and OWASP
>>                             should be helping to pay for those
>>                             materials (specially since they are an
>>                             investment into the OWASP brand, and who
>>                             knows how many new members and conference
>>                             attendees we would get from
>>                             the recipients of those materials)
>>
>>                             My view is that we should be using some
>>                             of the OWASP funds (currently available)
>>                             to pay for this type of materials (so
>>                             that our leaders can distribute it). I'm
>>                             still waiting for the idea of '*/OWASP
>>                             Projects Funds bucket/*' or '*/OWASP
>>                             Chapters Funds bucket'/* so that us (the
>>                             OWASP leaders) can 'just get on with it'
>>                             and distribute the great stuff that is
>>                             created at OWASP.
>>
>>                             Basically Yvan should be able to quickly
>>                             order the materials he mentions below
>>                             (all from a global fund that is available
>>                             to all OWASP leaders).
>>
>>                             That is what I tried to do with the OWASP
>>                             GSD project
>>                             <https://www.owasp.org/index.php/OWASP_GSD_Project>,and
>>                             as you can see on
>>                             https://www.owasp.org/index.php/OWASP_GSD_Project
>>                             that money has been put to good use (Yvan
>>                             I think there is still some in there, so
>>                             feel free to use it).
>>
>>                             BTW.. and if we can't get the 'OWASP
>>                             Projects Funds bucket' setup in the next
>>                             months, */what about topping up the GSD
>>                             projects fund?/*
>>
>>                             Dinis
>>
>>
>>                             On 20 March 2014 12:22, Yvan Boily
>>                             <yvanboily at gmail.com
>>                             <mailto:yvanboily at gmail.com>> wrote:
>>
>>                                 Hi Leaders,
>>
>>                                 After seeing Jim's post about
>>                                 Cornucopia and buying a couple of
>>                                 copies of the nicely produced
>>                                 OpenSAMM documents at AppSecEU last
>>                                 year, I was about to post a response,
>>                                 but I realized that I had a bigger
>>                                 question.
>>
>>                                 For BSidesVancouver this year we used
>>                                 crowd-funding and I learned that it
>>                                 is a powerful way for the community
>>                                 involved with that to signal intent
>>                                 about priorities when organizing the
>>                                 event.  It worked out really well,
>>                                 and allowed us to keep our event 100%
>>                                 free for those who couldn't or chose
>>                                 not to pay to attend.  Since it was
>>                                 super successful, I pretty much drank
>>                                 the crowd funding kool-aid. Later
>>                                 this year some gaming (as in playing
>>                                 dungeons and dragons every sunday
>>                                 night) folks and I will be running a
>>                                 separate kickstarter to collect funds
>>                                 to print something that we have been
>>                                 working on as a hobby; we have had a
>>                                 number of people say they would buy a
>>                                 copy, but using crowdfunding will
>>                                 allow us to figure out how much to
>>                                 spend on printing stuff and
>>                                 potentially allow us to get a higher
>>                                 volume printed so we can reduce the
>>                                 unit cost.
>>
>>                                 In addition to this, I have pitched
>>                                 using crowd-funding to fund the
>>                                 development of high quality training
>>                                 materials to at least one other OWASP
>>                                 leader.
>>
>>                                 Has anyone else in the OWASP
>>                                 community investigated using
>>                                 crowd-funding via Indie Go-Go,
>>                                 Kickstarter, or others to measure
>>                                 intent and make physical copies of
>>                                 things available?
>>
>>                                 The reason I ask is:
>>
>>                                 * I would like a professionally
>>                                 manufactured version of Cornucopia (I
>>                                 am talking print quality, not
>>                                 anything else).  This is expensive.
>>                                 Also, I want about 12 copies, not 1.
>>
>>                                 * I love the quality of the OpenSAMM
>>                                 guide; I literally carry it around
>>                                 with me when I am attending security
>>                                 meetups and cons where I might talk
>>                                 about OWASP because it's production
>>                                 values are simply superb.
>>
>>                                 * I really wish I could buy (by the
>>                                 case) professional quality printouts
>>                                 of the OWASP cheat sheets to give
>>                                 devs in my community, and at work.
>>
>>                                 These things are expensive to produce
>>                                 (both the cost of manufacturing, and
>>                                 the cost of producing good quality
>>                                 print materials).
>>
>>                                 Is this something that people are
>>                                 interested in looking at it?  Is it a
>>                                 viable option?  Are people going to
>>                                 freak out[1] for my suggesting it?
>>
>>                                 Cheers,
>>                                 Yvan
>>
>>
>>
>>
>>                                 [1] omg drama talking about
>>                                 crowdfunding in some other
>>                                 communities I am involved with
>>                                 (gaming, local activism, etc)
>>
>>                                 _______________________________________________
>>                                 OWASP-Leaders mailing list
>>                                 OWASP-Leaders at lists.owasp.org
>>                                 <mailto:OWASP-Leaders at lists.owasp.org>
>>                                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>>                         _______________________________________________
>>                         OWASP-Leaders mailing list
>>                         OWASP-Leaders at lists.owasp.org
>>                         <mailto:OWASP-Leaders at lists.owasp.org>
>>                         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>>                     -- 
>>
>>                     *Samantha Groves, MBA*
>>
>>                     /OWASP Projects Manager/
>>
>>                     /
>>                     /
>>
>>                     The OWASP Foundation
>>
>>                     Phoenix, USA
>>
>>                     Email: samantha.groves at owasp.org
>>                     <mailto:samantha.groves at owasp.org>
>>
>>                     Skype: samanthahz
>>
>>
>>                     OWASP Global Projects
>>                     <https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>>                     Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>>                     OWASP Contact US Form
>>                     <http://owasp4.owasp.org/contactus.html>
>>
>>                     New Project Application Form
>>                     <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>>
>>
>>             -- 
>>
>>             *Samantha Groves, MBA*
>>
>>             /OWASP Projects Manager/
>>
>>             /
>>             /
>>
>>             The OWASP Foundation
>>
>>             Phoenix, USA
>>
>>             Email: samantha.groves at owasp.org
>>             <mailto:samantha.groves at owasp.org>
>>
>>             Skype: samanthahz
>>
>>
>>             OWASP Global Projects
>>             <https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>>             Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>>             OWASP Contact US Form
>>             <http://owasp4.owasp.org/contactus.html>
>>
>>             New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>>
>>
>>         -- 
>>
>>         *Samantha Groves, MBA*
>>
>>         /OWASP Projects Manager/
>>
>>         /
>>         /
>>
>>         The OWASP Foundation
>>
>>         Phoenix, USA
>>
>>         Email: samantha.groves at owasp.org
>>         <mailto:samantha.groves at owasp.org>
>>
>>         Skype: samanthahz
>>
>>
>>         OWASP Global Projects
>>         <https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>>         Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>>         OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>>         New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org  <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140325/3fe7b1c1/attachment-0001.html>


More information about the OWASP-Leaders mailing list