[Owasp-leaders] Measuring Intent and Funding Things

Tobias tobias.gondrom at owasp.org
Tue Mar 25 15:41:13 UTC 2014


Hi Yvan, hi guys,

I think, this is now getting operational detail questions, so IMHO no
need to cc 200+ people from the "leaders-list" on the details. Please
take it off-list for the detail discussion. (I leave it on cc one last
time that it is clear to everyone, we are working out the details with
our ops team directly, off-list now.)

Thanks and cheers, Tobias


On 25/03/14 21:53, Jim Manico wrote:
> From Kickstarters Terms of Use page....  it looks like staff should
> set up the account under an OWASP account and then add you to the project.
>
>
>         I'm launching a project with a group of people or a company.
>         Who should complete the identity verification process?
>         <https://www.kickstarter.com/help/faq/creator+questions#faq_62986>
>
> Regardless of whether the project creator is one person or an entire
> company, the identity verification process has to be completed by a
> single person. If you are running your project as a legal entity, such
> as a registered company or organization, a person associated with this
> entity who meets our eligibility requirements
> <https://www.kickstarter.com/help/faq/creator+questions#faq_41823> must verify
> their identity as the entity's representative.
>
>
> On 3/25/14, 6:16 PM, Yvan Boily wrote:
>> Hi Tobias, all,
>>
>> This is one of the reasons I felt the need to be clear!  I haven't
>> run a campaign under any tools under than Kickstarter, and they don't
>> have any capabilities around multi-user accounts.  I could not
>> surrender the credentials for my Kickstarter account as they are
>> associated with another non-profit that I work with, but I will check
>> their ToS about having multiple accounts.  I will also check the
>> capabilities of other platforms as Kickstarter can be quite
>> restrictive about what they support in terms of fundraising
>> projects.  I would prefer the fundraiser/funds to be sent to an OWASP
>> account for tax liability reasons.
>>
>> I think the best approach would be to have a call to discuss the
>> details that are blockers.  If you would like to participate in this
>> discussion please add your name here -
>> http://doodle.com/5pvna9khph5vvns4 (and send me your email address or
>> a message that you want to participate so I can send you the meeting
>> link)
>>
>> Cheers,
>> Yvan
>>
>>
>>
>>
>> On Mon, Mar 24, 2014 at 11:05 PM, Tobias <tobias.gondrom at owasp.org
>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>
>>     Hi all,
>>
>>     I agree with Jim, in that this is a good idea.
>>
>>     To some degree it is operational, so I would suggest that you
>>     just talk directly with Sarah and maybe our new community manager
>>     to make this happen (feel free to cc Jim and myself or the
>>     board-list).
>>     For long term stability and consistent accounting of our funds,
>>     the account should be managed by our ops team. Maybe you can help
>>     them how to set up the account.
>>
>>     Cheers, Tobias
>>
>>
>>
>>     On 25/03/14 14:29, Jim Manico wrote:
>>>     Yvan,
>>>
>>>     Of course please use our brand guidelines
>>>     https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
>>>     and kick start this funding idea. Raising funds for our non
>>>     profit foundation is something we need to support and encourage.
>>>     When you set up a kickstarter or similar campaign, can you give
>>>     the credentials to Sarah Baso and/or work with her to ensure the
>>>     funds to directly to the foundation?
>>>
>>>     I might be smacked a bit for jumping the gun here, but that is
>>>     ok. It's my duty as a board member to support raising funds for
>>>     the foundation, so please charge ahead and I'll take
>>>     responsibility for any flack for moving fast on this.
>>>
>>>     Aloha,
>>>     Jim
>>>
>>>
>>>
>>>     On 3/25/14, 10:49 AM, Yvan Boily wrote:
>>>>     To be clear, the reason I keep asking permission instead of
>>>>     just moving forward is for one reason -
>>>>
>>>>     Running a kickstarter for the OWASP community (or anyone else
>>>>     who participates) means collecting funds.  I am happy to
>>>>     provide a complete accounting of the funds collected, and
>>>>     donate any extra funds collected to OWASP, but I want this
>>>>     activity blessed by the OWASP Board or whoever the right folks
>>>>     involved are before proceeding.
>>>>
>>>>     Cheers,
>>>>     Yvan
>>>>
>>>>     ps - irrational exuberance is the reason I do community
>>>>     stuff... a career in infosec has made me somewhat cynical,
>>>>     doing awesome community stuff ameliorates that ;)
>>>>
>>>>
>>>>     On Mon, Mar 24, 2014 at 10:12 PM, Jim Manico
>>>>     <jim.manico at owasp.org <mailto:jim.manico at owasp.org>> wrote:
>>>>
>>>>         Yvan,
>>>>
>>>>         For certain you are way too excited to get a copy.
>>>>         Greenspan talked about this as a form of "irrational
>>>>         exuberance".  ;)
>>>>
>>>>         By the same token, I think a crowdfunding campaign is a
>>>>         fantastic idea. I say go for it. This might be a great way
>>>>         to fund future endeavors. If you need any help reviewing
>>>>         the campaign copy before you go live, just give me a shout.
>>>>
>>>>         Awesome + Aloha,
>>>>         Jim
>>>>
>>>>
>>>>          
>>>>>         I requested some a copy of the Cornucopia materials from
>>>>>         blackfoot.
>>>>>
>>>>>         I am happy to coordinate a print run of the cards, but in
>>>>>         order to dramatically simplify things I would prefer to
>>>>>         run an crowdfunding campaign to get a pile of them mass
>>>>>         produced.  Basically the goal would be to get an estimate
>>>>>         on the production run, coordinate with
>>>>>         (Sam|Kate|Colin|?!?) to get some nice OWASP branded
>>>>>         packaging (I haven't seen the controversial (?) packaging
>>>>>         mentioned in other threads).
>>>>>
>>>>>         If there is media (videos of folks playing, copy about the
>>>>>         game, etc) that would also be helpful.  The great thing
>>>>>         about running something like this through kickstarter is
>>>>>         that you can allow people to order them at unit cost, or
>>>>>         to pay more to support this or other OWASP projects. 
>>>>>
>>>>>         I also think this is a better way to allow community
>>>>>         members (including myself) to vote with their wallets
>>>>>         rather than spending sparse project funds to get something
>>>>>         produced.  Any objections?  Am I putting the cart before
>>>>>         the horse here?  Maybe I am just a little too excited to
>>>>>         get a copy?
>>>>>
>>>>>         :)
>>>>>
>>>>>
>>>>>         On Mon, Mar 24, 2014 at 9:43 PM, Samantha Groves
>>>>>         <samantha.groves at owasp.org
>>>>>         <mailto:samantha.groves at owasp.org>> wrote:
>>>>>
>>>>>             Sorry, rules of engagement can be found
>>>>>             here: https://www.owasp.org/index.php/Funding
>>>>>
>>>>>
>>>>>             On Mon, Mar 24, 2014 at 9:42 PM, Samantha Groves
>>>>>             <samantha.groves at owasp.org
>>>>>             <mailto:samantha.groves at owasp.org>> wrote:
>>>>>
>>>>>                 We have about $18,000 available for project
>>>>>                 development: https://www.owasp.org/index.php/Community_Engagement_-_Payments
>>>>>
>>>>>
>>>>>                 I just need to update this page with what has
>>>>>                 already been spent. 
>>>>>
>>>>>                 In regard to ordering the books... what are these
>>>>>                 for? I ask because there might be another budget
>>>>>                 this expense will come from if they fall under
>>>>>                 another category. 
>>>>>
>>>>>
>>>>>
>>>>>                 On Mon, Mar 24, 2014 at 4:55 PM, Dinis Cruz
>>>>>                 <dinis.cruz at owasp.org
>>>>>                 <mailto:dinis.cruz at owasp.org>> wrote:
>>>>>
>>>>>                     Cool how much is it and what are the rules of
>>>>>                     engagement?
>>>>>
>>>>>                     Can I start by ordering 10x copies of OpenSAMM
>>>>>                     and 10x copies of latest top 10?
>>>>>
>>>>>                     On 24 Mar 2014 14:55, "Samantha Groves"
>>>>>                     <samantha.groves at owasp.org
>>>>>                     <mailto:samantha.groves at owasp.org>> wrote:
>>>>>
>>>>>                         Just an FYI... There is a project fund
>>>>>                         bucket that was given to us this year. It
>>>>>                         is not much, but it is a start. The
>>>>>                         question now is... What do you want to do
>>>>>                         with it? 
>>>>>
>>>>>
>>>>>                         On Thu, Mar 20, 2014 at 10:38 AM, Yvan
>>>>>                         Boily <yvanboily at gmail.com
>>>>>                         <mailto:yvanboily at gmail.com>> wrote:
>>>>>
>>>>>                             I fully support using chapter funds to
>>>>>                             produce materials for OWASP chapters,
>>>>>                             chapter leads, and to support projects
>>>>>                             and stuff.
>>>>>
>>>>>                             What I am looking for here is to find
>>>>>                             a way to fund the production of OWASP
>>>>>                             branded materials for non-OWASP stuff,
>>>>>                             for example if I want a case of OWASP
>>>>>                             cheat sheets that are professionally
>>>>>                             produced so I can have our HR team
>>>>>                             include them in the new hire kit for
>>>>>                             every new dev my employer hires, OWASP
>>>>>                             shouldn't foot the bill for that :) 
>>>>>                             (something like this -
>>>>>                             http://www.amazon.com/Microsoft-Introduction-Reference-Instructions-Shortcuts/dp/1936220156/ref=sr_1_14?ie=UTF8&qid=1395336990&sr=8-14&keywords=cheat+sheet
>>>>>                             as opposed to a simple sheet of paper).
>>>>>
>>>>>                             I guess maybe I am looking for a way
>>>>>                             to vote with my wallet for stuff that
>>>>>                             might eventually be available as a
>>>>>                             general order product (which I suspect
>>>>>                             will raise hackles, but hey, if OWASP
>>>>>                             doesn't do it, someone else will, and
>>>>>                             pocket the money instead of investing
>>>>>                             it in community projects).
>>>>>
>>>>>
>>>>>
>>>>>                             On Thu, Mar 20, 2014 at 7:07 AM, Dinis
>>>>>                             Cruz <dinis.cruz at owasp.org
>>>>>                             <mailto:dinis.cruz at owasp.org>> wrote:
>>>>>
>>>>>                                 I think having those professional
>>>>>                                 materials are super important for
>>>>>                                 OWASP and I also tend to have
>>>>>                                 the OpenSAMM printed book at hand
>>>>>                                 since it one of most professional
>>>>>                                 ones we have :)
>>>>>
>>>>>                                 So yes, Yvan you are spot on (from
>>>>>                                 my point of view) on your analysis
>>>>>                                 and OWASP should be helping to pay
>>>>>                                 for those materials (specially
>>>>>                                 since they are an investment into
>>>>>                                 the OWASP brand, and who knows how
>>>>>                                 many new members and conference
>>>>>                                 attendees we would get from
>>>>>                                 the recipients of those materials)
>>>>>
>>>>>                                 My view is that we should be using
>>>>>                                 some of the OWASP funds (currently
>>>>>                                 available) to pay for this type of
>>>>>                                 materials (so that our leaders can
>>>>>                                 distribute it). I'm still waiting
>>>>>                                 for the idea of '*/OWASP Projects
>>>>>                                 Funds bucket/*' or '*/OWASP
>>>>>                                 Chapters Funds bucket'/* so that
>>>>>                                 us (the OWASP leaders) can 'just
>>>>>                                 get on with it' and distribute the
>>>>>                                 great stuff that is created at OWASP.
>>>>>
>>>>>                                 Basically Yvan should be able to
>>>>>                                 quickly order the materials he
>>>>>                                 mentions below (all from a global
>>>>>                                 fund that is available to all
>>>>>                                 OWASP leaders).
>>>>>
>>>>>                                 That is what I tried to do with
>>>>>                                 the OWASP GSD project
>>>>>                                 <https://www.owasp.org/index.php/OWASP_GSD_Project>,and
>>>>>                                 as you can see
>>>>>                                 on https://www.owasp.org/index.php/OWASP_GSD_Project
>>>>>                                 that money has been put to good
>>>>>                                 use (Yvan I think there is still
>>>>>                                 some in there, so feel free to use
>>>>>                                 it). 
>>>>>
>>>>>                                 BTW.. and if we can't get the
>>>>>                                 'OWASP Projects Funds
>>>>>                                 bucket' setup in the next months,
>>>>>                                 */what about topping up the GSD
>>>>>                                 projects fund?/*
>>>>>
>>>>>                                 Dinis
>>>>>
>>>>>
>>>>>                                 On 20 March 2014 12:22, Yvan Boily
>>>>>                                 <yvanboily at gmail.com
>>>>>                                 <mailto:yvanboily at gmail.com>> wrote:
>>>>>
>>>>>                                     Hi Leaders,
>>>>>
>>>>>                                     After seeing Jim's post about
>>>>>                                     Cornucopia and buying a couple
>>>>>                                     of copies of the nicely
>>>>>                                     produced OpenSAMM documents at
>>>>>                                     AppSecEU last year, I was
>>>>>                                     about to post a response, but
>>>>>                                     I realized that I had a bigger
>>>>>                                     question.
>>>>>
>>>>>                                     For BSidesVancouver this year
>>>>>                                     we used crowd-funding and I
>>>>>                                     learned that it is a powerful
>>>>>                                     way for the community involved
>>>>>                                     with that to signal intent
>>>>>                                     about priorities when
>>>>>                                     organizing the event.  It
>>>>>                                     worked out really well, and
>>>>>                                     allowed us to keep our event
>>>>>                                     100% free for those who
>>>>>                                     couldn't or chose not to pay
>>>>>                                     to attend.  Since it was super
>>>>>                                     successful, I pretty much
>>>>>                                     drank the crowd funding
>>>>>                                     kool-aid.   Later this year
>>>>>                                     some gaming (as in playing
>>>>>                                     dungeons and dragons every
>>>>>                                     sunday night) folks and I will
>>>>>                                     be running a separate
>>>>>                                     kickstarter to collect funds
>>>>>                                     to print something that we
>>>>>                                     have been working on as a
>>>>>                                     hobby; we have had a number of
>>>>>                                     people say they would buy a
>>>>>                                     copy, but using crowdfunding
>>>>>                                     will allow us to figure out
>>>>>                                     how much to spend on printing
>>>>>                                     stuff and potentially allow us
>>>>>                                     to get a higher volume printed
>>>>>                                     so we can reduce the unit cost.
>>>>>
>>>>>                                     In addition to this, I have
>>>>>                                     pitched using crowd-funding to
>>>>>                                     fund the development of high
>>>>>                                     quality training materials to
>>>>>                                     at least one other OWASP leader.
>>>>>
>>>>>                                     Has anyone else in the OWASP
>>>>>                                     community investigated using
>>>>>                                     crowd-funding via Indie Go-Go,
>>>>>                                     Kickstarter, or others to
>>>>>                                     measure intent and make
>>>>>                                     physical copies of things
>>>>>                                     available?
>>>>>
>>>>>                                     The reason I ask is:
>>>>>
>>>>>                                     * I would like a
>>>>>                                     professionally manufactured
>>>>>                                     version of Cornucopia (I am
>>>>>                                     talking print quality, not
>>>>>                                     anything else).  This is
>>>>>                                     expensive.  Also, I want about
>>>>>                                     12 copies, not 1.
>>>>>
>>>>>                                     * I love the quality of the
>>>>>                                     OpenSAMM guide; I literally
>>>>>                                     carry it around with me when I
>>>>>                                     am attending security meetups
>>>>>                                     and cons where I might talk
>>>>>                                     about OWASP because it's
>>>>>                                     production values are simply
>>>>>                                     superb.
>>>>>
>>>>>                                     * I really wish I could buy
>>>>>                                     (by the case) professional
>>>>>                                     quality printouts of the OWASP
>>>>>                                     cheat sheets to give devs in
>>>>>                                     my community, and at work.
>>>>>
>>>>>                                     These things are expensive to
>>>>>                                     produce (both the cost of
>>>>>                                     manufacturing, and the cost of
>>>>>                                     producing good quality print
>>>>>                                     materials). 
>>>>>
>>>>>                                     Is this something that people
>>>>>                                     are interested in looking at
>>>>>                                     it?  Is it a viable option? 
>>>>>                                     Are people going to freak
>>>>>                                     out[1] for my suggesting it? 
>>>>>
>>>>>                                     Cheers,
>>>>>                                     Yvan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                                     [1] omg drama talking about
>>>>>                                     crowdfunding in some other
>>>>>                                     communities I am involved with
>>>>>                                     (gaming, local activism, etc)
>>>>>
>>>>>                                     _______________________________________________
>>>>>                                     OWASP-Leaders mailing list
>>>>>                                     OWASP-Leaders at lists.owasp.org
>>>>>                                     <mailto:OWASP-Leaders at lists.owasp.org>
>>>>>                                     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                             _______________________________________________
>>>>>                             OWASP-Leaders mailing list
>>>>>                             OWASP-Leaders at lists.owasp.org
>>>>>                             <mailto:OWASP-Leaders at lists.owasp.org>
>>>>>                             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                         -- 
>>>>>
>>>>>                         *Samantha Groves, MBA*
>>>>>
>>>>>                         /OWASP Projects Manager/
>>>>>
>>>>>                         /
>>>>>                         /
>>>>>
>>>>>                         The OWASP Foundation
>>>>>
>>>>>                         Phoenix, USA
>>>>>
>>>>>                         Email: samantha.groves at owasp.org
>>>>>                         <mailto:samantha.groves at owasp.org>
>>>>>
>>>>>                         Skype: samanthahz 
>>>>>
>>>>>
>>>>>                         OWASP Global Projects
>>>>>                         <https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>>                         Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>>                         OWASP Contact US Form
>>>>>                         <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>>                         New Project Application Form
>>>>>                         <http://www.tfaforms.com/263506>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                 -- 
>>>>>
>>>>>                 *Samantha Groves, MBA*
>>>>>
>>>>>                 /OWASP Projects Manager/
>>>>>
>>>>>                 /
>>>>>                 /
>>>>>
>>>>>                 The OWASP Foundation
>>>>>
>>>>>                 Phoenix, USA
>>>>>
>>>>>                 Email: samantha.groves at owasp.org
>>>>>                 <mailto:samantha.groves at owasp.org>
>>>>>
>>>>>                 Skype: samanthahz 
>>>>>
>>>>>
>>>>>                 OWASP Global Projects
>>>>>                 <https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>>                 Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>>                 OWASP Contact US Form
>>>>>                 <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>>                 New Project Application Form
>>>>>                 <http://www.tfaforms.com/263506>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>             -- 
>>>>>
>>>>>             *Samantha Groves, MBA*
>>>>>
>>>>>             /OWASP Projects Manager/
>>>>>
>>>>>             /
>>>>>             /
>>>>>
>>>>>             The OWASP Foundation
>>>>>
>>>>>             Phoenix, USA
>>>>>
>>>>>             Email: samantha.groves at owasp.org
>>>>>             <mailto:samantha.groves at owasp.org>
>>>>>
>>>>>             Skype: samanthahz 
>>>>>
>>>>>
>>>>>             OWASP Global Projects
>>>>>             <https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>>             Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>>             OWASP Contact US Form
>>>>>             <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>>             New Project Application Form
>>>>>             <http://www.tfaforms.com/263506>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>         _______________________________________________
>>>>>         OWASP-Leaders mailing list
>>>>>         OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140326/78ad4fac/attachment-0001.html>


More information about the OWASP-Leaders mailing list