[Owasp-leaders] Measuring Intent and Funding Things

Yvan Boily yvanboily at gmail.com
Tue Mar 25 12:46:29 UTC 2014


Hi Tobias, all,

This is one of the reasons I felt the need to be clear!  I haven't run a
campaign under any tools under than Kickstarter, and they don't have any
capabilities around multi-user accounts.  I could not surrender the
credentials for my Kickstarter account as they are associated with another
non-profit that I work with, but I will check their ToS about having
multiple accounts.  I will also check the capabilities of other platforms
as Kickstarter can be quite restrictive about what they support in terms of
fundraising projects.  I would prefer the fundraiser/funds to be sent to an
OWASP account for tax liability reasons.

I think the best approach would be to have a call to discuss the details
that are blockers.  If you would like to participate in this discussion
please add your name here - http://doodle.com/5pvna9khph5vvns4 (and send me
your email address or a message that you want to participate so I can send
you the meeting link)

Cheers,
Yvan




On Mon, Mar 24, 2014 at 11:05 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hi all,
>
> I agree with Jim, in that this is a good idea.
>
> To some degree it is operational, so I would suggest that you just talk
> directly with Sarah and maybe our new community manager to make this happen
> (feel free to cc Jim and myself or the board-list).
> For long term stability and consistent accounting of our funds, the
> account should be managed by our ops team. Maybe you can help them how to
> set up the account.
>
> Cheers, Tobias
>
>
>
> On 25/03/14 14:29, Jim Manico wrote:
>
> Yvan,
>
> Of course please use our brand guidelines
> https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINESand kick start this funding idea. Raising funds for our non profit
> foundation is something we need to support and encourage. When you set up a
> kickstarter or similar campaign, can you give the credentials to Sarah Baso
> and/or work with her to ensure the funds to directly to the foundation?
>
> I might be smacked a bit for jumping the gun here, but that is ok. It's my
> duty as a board member to support raising funds for the foundation, so
> please charge ahead and I'll take responsibility for any flack for moving
> fast on this.
>
> Aloha,
> Jim
>
>
>
> On 3/25/14, 10:49 AM, Yvan Boily wrote:
>
>   To be clear, the reason I keep asking permission instead of just moving
> forward is for one reason -
>
>  Running a kickstarter for the OWASP community (or anyone else who
> participates) means collecting funds.  I am happy to provide a complete
> accounting of the funds collected, and donate any extra funds collected to
> OWASP, but I want this activity blessed by the OWASP Board or whoever the
> right folks involved are before proceeding.
>
>  Cheers,
> Yvan
>
>  ps - irrational exuberance is the reason I do community stuff... a career
> in infosec has made me somewhat cynical, doing awesome community stuff
> ameliorates that ;)
>
>
> On Mon, Mar 24, 2014 at 10:12 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  Yvan,
>>
>> For certain you are way too excited to get a copy. Greenspan talked about
>> this as a form of "irrational exuberance".  ;)
>>
>> By the same token, I think a crowdfunding campaign is a fantastic idea. I
>> say go for it. This might be a great way to fund future endeavors. If you
>> need any help reviewing the campaign copy before you go live, just give me
>> a shout.
>>
>> Awesome + Aloha,
>> Jim
>>
>>
>>
>>
>>   I requested some a copy of the Cornucopia materials from blackfoot.
>>
>>  I am happy to coordinate a print run of the cards, but in order to
>> dramatically simplify things I would prefer to run an crowdfunding campaign
>> to get a pile of them mass produced.  Basically the goal would be to get an
>> estimate on the production run, coordinate with (Sam|Kate|Colin|?!?) to get
>> some nice OWASP branded packaging (I haven't seen the controversial (?)
>> packaging mentioned in other threads).
>>
>>  If there is media (videos of folks playing, copy about the game, etc)
>> that would also be helpful.  The great thing about running something like
>> this through kickstarter is that you can allow people to order them at unit
>> cost, or to pay more to support this or other OWASP projects.
>>
>>  I also think this is a better way to allow community members (including
>> myself) to vote with their wallets rather than spending sparse project
>> funds to get something produced.  Any objections?  Am I putting the cart
>> before the horse here?  Maybe I am just a little too excited to get a copy?
>>
>> :)
>>
>>
>> On Mon, Mar 24, 2014 at 9:43 PM, Samantha Groves <
>> samantha.groves at owasp.org> wrote:
>>
>>> Sorry, rules of engagement can be found here:
>>> https://www.owasp.org/index.php/Funding
>>>
>>>
>>> On Mon, Mar 24, 2014 at 9:42 PM, Samantha Groves <
>>> samantha.groves at owasp.org> wrote:
>>>
>>>> We have about $18,000 available for project development:
>>>> https://www.owasp.org/index.php/Community_Engagement_-_Payments
>>>>
>>>>  I just need to update this page with what has already been spent.
>>>>
>>>>  In regard to ordering the books... what are these for? I ask because
>>>> there might be another budget this expense will come from if they fall
>>>> under another category.
>>>>
>>>>
>>>>
>>>> On Mon, Mar 24, 2014 at 4:55 PM, Dinis Cruz <dinis.cruz at owasp.org>wrote:
>>>>
>>>>> Cool how much is it and what are the rules of engagement?
>>>>>
>>>>> Can I start by ordering 10x copies of OpenSAMM and 10x copies of
>>>>> latest top 10?
>>>>>  On 24 Mar 2014 14:55, "Samantha Groves" <samantha.groves at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Just an FYI... There is a project fund bucket that was given to us
>>>>>> this year. It is not much, but it is a start. The question now is... What
>>>>>> do you want to do with it?
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 20, 2014 at 10:38 AM, Yvan Boily <yvanboily at gmail.com>wrote:
>>>>>>
>>>>>>>  I fully support using chapter funds to produce materials for OWASP
>>>>>>> chapters, chapter leads, and to support projects and stuff.
>>>>>>>
>>>>>>>  What I am looking for here is to find a way to fund the production
>>>>>>> of OWASP branded materials for non-OWASP stuff, for example if I want a
>>>>>>> case of OWASP cheat sheets that are professionally produced so I can have
>>>>>>> our HR team include them in the new hire kit for every new dev my employer
>>>>>>> hires, OWASP shouldn't foot the bill for that :)  (something like this -
>>>>>>> http://www.amazon.com/Microsoft-Introduction-Reference-Instructions-Shortcuts/dp/1936220156/ref=sr_1_14?ie=UTF8&qid=1395336990&sr=8-14&keywords=cheat+sheetas opposed to a simple sheet of paper).
>>>>>>>
>>>>>>>  I guess maybe I am looking for a way to vote with my wallet for
>>>>>>> stuff that might eventually be available as a general order product (which
>>>>>>> I suspect will raise hackles, but hey, if OWASP doesn't do it, someone else
>>>>>>> will, and pocket the money instead of investing it in community projects).
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Mar 20, 2014 at 7:07 AM, Dinis Cruz <dinis.cruz at owasp.org>wrote:
>>>>>>>
>>>>>>>> I think having those professional materials are super important for
>>>>>>>> OWASP and I also tend to have the OpenSAMM printed book at hand
>>>>>>>> since it one of most professional ones we have :)
>>>>>>>>
>>>>>>>>  So yes, Yvan you are spot on (from my point of view) on your
>>>>>>>> analysis and OWASP should be helping to pay for those materials (specially
>>>>>>>> since they are an investment into the OWASP brand, and who knows how many
>>>>>>>> new members and conference attendees we would get from the recipients of
>>>>>>>> those materials)
>>>>>>>>
>>>>>>>>  My view is that we should be using some of the OWASP funds
>>>>>>>> (currently available) to pay for this type of materials (so that our
>>>>>>>> leaders can distribute it). I'm still waiting for the idea of '*OWASP
>>>>>>>> Projects Funds bucket*' or '*OWASP Chapters Funds bucket'* so that
>>>>>>>> us (the OWASP leaders) can 'just get on with it' and distribute the great
>>>>>>>> stuff that is created at OWASP.
>>>>>>>>
>>>>>>>>  Basically Yvan should be able to quickly order the materials he
>>>>>>>> mentions below (all from a global fund that is available to all OWASP
>>>>>>>> leaders).
>>>>>>>>
>>>>>>>>  That is what I tried to do with the OWASP GSD project<https://www.owasp.org/index.php/OWASP_GSD_Project>,and
>>>>>>>> as you can see on https://www.owasp.org/index.php/OWASP_GSD_Projectthat money has been put to good use (
>>>>>>>> Yvan I think there is still some in there, so feel free to use
>>>>>>>> it).
>>>>>>>>
>>>>>>>>  BTW.. and if we can't get the 'OWASP Projects Funds bucket' setup
>>>>>>>> in the next months, *what about topping up the GSD projects fund?*
>>>>>>>>
>>>>>>>>  Dinis
>>>>>>>>
>>>>>>>>
>>>>>>>>   On 20 March 2014 12:22, Yvan Boily <yvanboily at gmail.com> wrote:
>>>>>>>>
>>>>>>>>>      Hi Leaders,
>>>>>>>>>
>>>>>>>>>  After seeing Jim's post about Cornucopia and buying a couple of
>>>>>>>>> copies of the nicely produced OpenSAMM documents at AppSecEU last year, I
>>>>>>>>> was about to post a response, but I realized that I had a bigger question.
>>>>>>>>>
>>>>>>>>>  For BSidesVancouver this year we used crowd-funding and I
>>>>>>>>> learned that it is a powerful way for the community involved with that to
>>>>>>>>> signal intent about priorities when organizing the event.  It worked out
>>>>>>>>> really well, and allowed us to keep our event 100% free for those who
>>>>>>>>> couldn't or chose not to pay to attend.  Since it was super successful, I
>>>>>>>>> pretty much drank the crowd funding kool-aid.   Later this year some gaming
>>>>>>>>> (as in playing dungeons and dragons every sunday night) folks and I will be
>>>>>>>>> running a separate kickstarter to collect funds to print something that we
>>>>>>>>> have been working on as a hobby; we have had a number of people say they
>>>>>>>>> would buy a copy, but using crowdfunding will allow us to figure out how
>>>>>>>>> much to spend on printing stuff and potentially allow us to get a higher
>>>>>>>>> volume printed so we can reduce the unit cost.
>>>>>>>>>
>>>>>>>>>  In addition to this, I have pitched using crowd-funding to fund
>>>>>>>>> the development of high quality training materials to at least one other
>>>>>>>>> OWASP leader.
>>>>>>>>>
>>>>>>>>>  Has anyone else in the OWASP community investigated using
>>>>>>>>> crowd-funding via Indie Go-Go, Kickstarter, or others to measure intent and
>>>>>>>>> make physical copies of things available?
>>>>>>>>>
>>>>>>>>>  The reason I ask is:
>>>>>>>>>
>>>>>>>>>  * I would like a professionally manufactured version of
>>>>>>>>> Cornucopia (I am talking print quality, not anything else).  This is
>>>>>>>>> expensive.  Also, I want about 12 copies, not 1.
>>>>>>>>>
>>>>>>>>>  * I love the quality of the OpenSAMM guide; I literally carry it
>>>>>>>>> around with me when I am attending security meetups and cons where I might
>>>>>>>>> talk about OWASP because it's production values are simply superb.
>>>>>>>>>
>>>>>>>>>  * I really wish I could buy (by the case) professional quality
>>>>>>>>> printouts of the OWASP cheat sheets to give devs in my community, and at
>>>>>>>>> work.
>>>>>>>>>
>>>>>>>>>  These things are expensive to produce (both the cost of
>>>>>>>>> manufacturing, and the cost of producing good quality print materials).
>>>>>>>>>
>>>>>>>>> Is this something that people are interested in looking at it?  Is
>>>>>>>>> it a viable option?  Are people going to freak out[1] for my suggesting
>>>>>>>>> it?
>>>>>>>>>
>>>>>>>>>  Cheers,
>>>>>>>>> Yvan
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  [1] omg drama talking about crowdfunding in some other
>>>>>>>>> communities I am involved with (gaming, local activism, etc)
>>>>>>>>>
>>>>>>>>>  _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>  --
>>>>>>
>>>>>> *Samantha Groves, MBA*
>>>>>>
>>>>>> *OWASP Projects Manager*
>>>>>>
>>>>>>
>>>>>>  The OWASP Foundation
>>>>>>
>>>>>> Phoenix, USA
>>>>>>
>>>>>> Email: samantha.groves at owasp.org
>>>>>>
>>>>>> Skype: samanthahz
>>>>>>
>>>>>>
>>>>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>
>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>
>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>
>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>>  --
>>>>
>>>> *Samantha Groves, MBA*
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>>
>>>>  The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>  --
>>>
>>> *Samantha Groves, MBA*
>>>
>>> *OWASP Projects Manager*
>>>
>>>
>>>  The OWASP Foundation
>>>
>>> Phoenix, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140325/9156245b/attachment-0001.html>


More information about the OWASP-Leaders mailing list