[Owasp-leaders] Measuring Intent and Funding Things

Tobias tobias.gondrom at owasp.org
Tue Mar 25 06:05:37 UTC 2014


Hi all,

I agree with Jim, in that this is a good idea.

To some degree it is operational, so I would suggest that you just talk
directly with Sarah and maybe our new community manager to make this
happen (feel free to cc Jim and myself or the board-list).
For long term stability and consistent accounting of our funds, the
account should be managed by our ops team. Maybe you can help them how
to set up the account.

Cheers, Tobias


On 25/03/14 14:29, Jim Manico wrote:
> Yvan,
>
> Of course please use our brand guidelines
> https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
> and kick start this funding idea. Raising funds for our non profit
> foundation is something we need to support and encourage. When you set
> up a kickstarter or similar campaign, can you give the credentials to
> Sarah Baso and/or work with her to ensure the funds to directly to the
> foundation?
>
> I might be smacked a bit for jumping the gun here, but that is ok.
> It's my duty as a board member to support raising funds for the
> foundation, so please charge ahead and I'll take responsibility for
> any flack for moving fast on this.
>
> Aloha,
> Jim
>
>
>
> On 3/25/14, 10:49 AM, Yvan Boily wrote:
>> To be clear, the reason I keep asking permission instead of just
>> moving forward is for one reason -
>>
>> Running a kickstarter for the OWASP community (or anyone else who
>> participates) means collecting funds.  I am happy to provide a
>> complete accounting of the funds collected, and donate any extra
>> funds collected to OWASP, but I want this activity blessed by the
>> OWASP Board or whoever the right folks involved are before proceeding.
>>
>> Cheers,
>> Yvan
>>
>> ps - irrational exuberance is the reason I do community stuff... a
>> career in infosec has made me somewhat cynical, doing awesome
>> community stuff ameliorates that ;)
>>
>>
>> On Mon, Mar 24, 2014 at 10:12 PM, Jim Manico <jim.manico at owasp.org
>> <mailto:jim.manico at owasp.org>> wrote:
>>
>>     Yvan,
>>
>>     For certain you are way too excited to get a copy. Greenspan
>>     talked about this as a form of "irrational exuberance".  ;)
>>
>>     By the same token, I think a crowdfunding campaign is a fantastic
>>     idea. I say go for it. This might be a great way to fund future
>>     endeavors. If you need any help reviewing the campaign copy
>>     before you go live, just give me a shout.
>>
>>     Awesome + Aloha,
>>     Jim
>>
>>
>>      
>>>     I requested some a copy of the Cornucopia materials from blackfoot.
>>>
>>>     I am happy to coordinate a print run of the cards, but in order
>>>     to dramatically simplify things I would prefer to run an
>>>     crowdfunding campaign to get a pile of them mass produced. 
>>>     Basically the goal would be to get an estimate on the production
>>>     run, coordinate with (Sam|Kate|Colin|?!?) to get some nice OWASP
>>>     branded packaging (I haven't seen the controversial (?)
>>>     packaging mentioned in other threads).
>>>
>>>     If there is media (videos of folks playing, copy about the game,
>>>     etc) that would also be helpful.  The great thing about running
>>>     something like this through kickstarter is that you can allow
>>>     people to order them at unit cost, or to pay more to support
>>>     this or other OWASP projects. 
>>>
>>>     I also think this is a better way to allow community members
>>>     (including myself) to vote with their wallets rather than
>>>     spending sparse project funds to get something produced.  Any
>>>     objections?  Am I putting the cart before the horse here?  Maybe
>>>     I am just a little too excited to get a copy?
>>>
>>>     :)
>>>
>>>
>>>     On Mon, Mar 24, 2014 at 9:43 PM, Samantha Groves
>>>     <samantha.groves at owasp.org <mailto:samantha.groves at owasp.org>>
>>>     wrote:
>>>
>>>         Sorry, rules of engagement can be found
>>>         here: https://www.owasp.org/index.php/Funding
>>>
>>>
>>>         On Mon, Mar 24, 2014 at 9:42 PM, Samantha Groves
>>>         <samantha.groves at owasp.org
>>>         <mailto:samantha.groves at owasp.org>> wrote:
>>>
>>>             We have about $18,000 available for project
>>>             development: https://www.owasp.org/index.php/Community_Engagement_-_Payments
>>>
>>>
>>>             I just need to update this page with what has already
>>>             been spent. 
>>>
>>>             In regard to ordering the books... what are these for? I
>>>             ask because there might be another budget this expense
>>>             will come from if they fall under another category. 
>>>
>>>
>>>
>>>             On Mon, Mar 24, 2014 at 4:55 PM, Dinis Cruz
>>>             <dinis.cruz at owasp.org <mailto:dinis.cruz at owasp.org>> wrote:
>>>
>>>                 Cool how much is it and what are the rules of
>>>                 engagement?
>>>
>>>                 Can I start by ordering 10x copies of OpenSAMM and
>>>                 10x copies of latest top 10?
>>>
>>>                 On 24 Mar 2014 14:55, "Samantha Groves"
>>>                 <samantha.groves at owasp.org
>>>                 <mailto:samantha.groves at owasp.org>> wrote:
>>>
>>>                     Just an FYI... There is a project fund bucket
>>>                     that was given to us this year. It is not much,
>>>                     but it is a start. The question now is... What
>>>                     do you want to do with it? 
>>>
>>>
>>>                     On Thu, Mar 20, 2014 at 10:38 AM, Yvan Boily
>>>                     <yvanboily at gmail.com
>>>                     <mailto:yvanboily at gmail.com>> wrote:
>>>
>>>                         I fully support using chapter funds to
>>>                         produce materials for OWASP chapters,
>>>                         chapter leads, and to support projects and
>>>                         stuff.
>>>
>>>                         What I am looking for here is to find a way
>>>                         to fund the production of OWASP branded
>>>                         materials for non-OWASP stuff, for example
>>>                         if I want a case of OWASP cheat sheets that
>>>                         are professionally produced so I can have
>>>                         our HR team include them in the new hire kit
>>>                         for every new dev my employer hires, OWASP
>>>                         shouldn't foot the bill for that :) 
>>>                         (something like this -
>>>                         http://www.amazon.com/Microsoft-Introduction-Reference-Instructions-Shortcuts/dp/1936220156/ref=sr_1_14?ie=UTF8&qid=1395336990&sr=8-14&keywords=cheat+sheet
>>>                         as opposed to a simple sheet of paper).
>>>
>>>                         I guess maybe I am looking for a way to vote
>>>                         with my wallet for stuff that might
>>>                         eventually be available as a general order
>>>                         product (which I suspect will raise hackles,
>>>                         but hey, if OWASP doesn't do it, someone
>>>                         else will, and pocket the money instead of
>>>                         investing it in community projects).
>>>
>>>
>>>
>>>                         On Thu, Mar 20, 2014 at 7:07 AM, Dinis Cruz
>>>                         <dinis.cruz at owasp.org
>>>                         <mailto:dinis.cruz at owasp.org>> wrote:
>>>
>>>                             I think having those professional
>>>                             materials are super important for OWASP
>>>                             and I also tend to have the OpenSAMM
>>>                             printed book at hand since it one of
>>>                             most professional ones we have :)
>>>
>>>                             So yes, Yvan you are spot on (from my
>>>                             point of view) on your analysis and
>>>                             OWASP should be helping to pay for those
>>>                             materials (specially since they are an
>>>                             investment into the OWASP brand, and who
>>>                             knows how many new members and
>>>                             conference attendees we would get from
>>>                             the recipients of those materials)
>>>
>>>                             My view is that we should be using some
>>>                             of the OWASP funds (currently available)
>>>                             to pay for this type of materials (so
>>>                             that our leaders can distribute it). I'm
>>>                             still waiting for the idea of '*/OWASP
>>>                             Projects Funds bucket/*' or '*/OWASP
>>>                             Chapters Funds bucket'/* so that us (the
>>>                             OWASP leaders) can 'just get on with it'
>>>                             and distribute the great stuff that is
>>>                             created at OWASP.
>>>
>>>                             Basically Yvan should be able to quickly
>>>                             order the materials he mentions below
>>>                             (all from a global fund that is
>>>                             available to all OWASP leaders).
>>>
>>>                             That is what I tried to do with the
>>>                             OWASP GSD project
>>>                             <https://www.owasp.org/index.php/OWASP_GSD_Project>,and
>>>                             as you can see
>>>                             on https://www.owasp.org/index.php/OWASP_GSD_Project
>>>                             that money has been put to good use
>>>                             (Yvan I think there is still some in
>>>                             there, so feel free to use it). 
>>>
>>>                             BTW.. and if we can't get the 'OWASP
>>>                             Projects Funds bucket' setup in the next
>>>                             months, */what about topping up the GSD
>>>                             projects fund?/*
>>>
>>>                             Dinis
>>>
>>>
>>>                             On 20 March 2014 12:22, Yvan Boily
>>>                             <yvanboily at gmail.com
>>>                             <mailto:yvanboily at gmail.com>> wrote:
>>>
>>>                                 Hi Leaders,
>>>
>>>                                 After seeing Jim's post about
>>>                                 Cornucopia and buying a couple of
>>>                                 copies of the nicely produced
>>>                                 OpenSAMM documents at AppSecEU last
>>>                                 year, I was about to post a
>>>                                 response, but I realized that I had
>>>                                 a bigger question.
>>>
>>>                                 For BSidesVancouver this year we
>>>                                 used crowd-funding and I learned
>>>                                 that it is a powerful way for the
>>>                                 community involved with that to
>>>                                 signal intent about priorities when
>>>                                 organizing the event.  It worked out
>>>                                 really well, and allowed us to keep
>>>                                 our event 100% free for those who
>>>                                 couldn't or chose not to pay to
>>>                                 attend.  Since it was super
>>>                                 successful, I pretty much drank the
>>>                                 crowd funding kool-aid.   Later this
>>>                                 year some gaming (as in playing
>>>                                 dungeons and dragons every sunday
>>>                                 night) folks and I will be running a
>>>                                 separate kickstarter to collect
>>>                                 funds to print something that we
>>>                                 have been working on as a hobby; we
>>>                                 have had a number of people say they
>>>                                 would buy a copy, but using
>>>                                 crowdfunding will allow us to figure
>>>                                 out how much to spend on printing
>>>                                 stuff and potentially allow us to
>>>                                 get a higher volume printed so we
>>>                                 can reduce the unit cost.
>>>
>>>                                 In addition to this, I have pitched
>>>                                 using crowd-funding to fund the
>>>                                 development of high quality training
>>>                                 materials to at least one other
>>>                                 OWASP leader.
>>>
>>>                                 Has anyone else in the OWASP
>>>                                 community investigated using
>>>                                 crowd-funding via Indie Go-Go,
>>>                                 Kickstarter, or others to measure
>>>                                 intent and make physical copies of
>>>                                 things available?
>>>
>>>                                 The reason I ask is:
>>>
>>>                                 * I would like a professionally
>>>                                 manufactured version of Cornucopia
>>>                                 (I am talking print quality, not
>>>                                 anything else).  This is expensive. 
>>>                                 Also, I want about 12 copies, not 1.
>>>
>>>                                 * I love the quality of the OpenSAMM
>>>                                 guide; I literally carry it around
>>>                                 with me when I am attending security
>>>                                 meetups and cons where I might talk
>>>                                 about OWASP because it's production
>>>                                 values are simply superb.
>>>
>>>                                 * I really wish I could buy (by the
>>>                                 case) professional quality printouts
>>>                                 of the OWASP cheat sheets to give
>>>                                 devs in my community, and at work.
>>>
>>>                                 These things are expensive to
>>>                                 produce (both the cost of
>>>                                 manufacturing, and the cost of
>>>                                 producing good quality print
>>>                                 materials). 
>>>
>>>                                 Is this something that people are
>>>                                 interested in looking at it?  Is it
>>>                                 a viable option?  Are people going
>>>                                 to freak out[1] for my suggesting it? 
>>>
>>>                                 Cheers,
>>>                                 Yvan
>>>
>>>
>>>
>>>
>>>                                 [1] omg drama talking about
>>>                                 crowdfunding in some other
>>>                                 communities I am involved with
>>>                                 (gaming, local activism, etc)
>>>
>>>                                 _______________________________________________
>>>                                 OWASP-Leaders mailing list
>>>                                 OWASP-Leaders at lists.owasp.org
>>>                                 <mailto:OWASP-Leaders at lists.owasp.org>
>>>                                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>>                         _______________________________________________
>>>                         OWASP-Leaders mailing list
>>>                         OWASP-Leaders at lists.owasp.org
>>>                         <mailto:OWASP-Leaders at lists.owasp.org>
>>>                         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>>                     -- 
>>>
>>>                     *Samantha Groves, MBA*
>>>
>>>                     /OWASP Projects Manager/
>>>
>>>                     /
>>>                     /
>>>
>>>                     The OWASP Foundation
>>>
>>>                     Phoenix, USA
>>>
>>>                     Email: samantha.groves at owasp.org
>>>                     <mailto:samantha.groves at owasp.org>
>>>
>>>                     Skype: samanthahz 
>>>
>>>
>>>                     OWASP Global Projects
>>>                     <https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>>                     Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>>                     OWASP Contact US Form
>>>                     <http://owasp4.owasp.org/contactus.html>
>>>
>>>                     New Project Application Form
>>>                     <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>>
>>>
>>>             -- 
>>>
>>>             *Samantha Groves, MBA*
>>>
>>>             /OWASP Projects Manager/
>>>
>>>             /
>>>             /
>>>
>>>             The OWASP Foundation
>>>
>>>             Phoenix, USA
>>>
>>>             Email: samantha.groves at owasp.org
>>>             <mailto:samantha.groves at owasp.org>
>>>
>>>             Skype: samanthahz 
>>>
>>>
>>>             OWASP Global Projects
>>>             <https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>>             Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>>             OWASP Contact US Form
>>>             <http://owasp4.owasp.org/contactus.html>
>>>
>>>             New Project Application Form
>>>             <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>>
>>>
>>>         -- 
>>>
>>>         *Samantha Groves, MBA*
>>>
>>>         /OWASP Projects Manager/
>>>
>>>         /
>>>         /
>>>
>>>         The OWASP Foundation
>>>
>>>         Phoenix, USA
>>>
>>>         Email: samantha.groves at owasp.org
>>>         <mailto:samantha.groves at owasp.org>
>>>
>>>         Skype: samanthahz 
>>>
>>>
>>>         OWASP Global Projects
>>>         <https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>>         Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>>         OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>>         New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140325/6cbe473e/attachment-0001.html>


More information about the OWASP-Leaders mailing list