[Owasp-leaders] Free training at major OWASP AppSec conferences

Ludovic Petit ludovic.petit at owasp.org
Wed Mar 26 21:12:21 UTC 2014

Thanks Jim for your prompt proposal, much appreciated.

I'll discuss this with fellows here and give you a feedback, as all is also
part of a company's strategy when wondering to join OWASP ... according the
incentive and ROI.

Say, this is typical of EU Corporate's mindset: the "ROI" they most of the
time have in mind is about "Support" and value-added for their tech staff
etc, in the same way a Consulting company will do. As far as I saw
personally in the past 10 years, they are more (if not solely) focused on
what I just mentioned rather than a philantropic way to "endorse" an
approach of any Fondation, including

This mindset and approach is most of the time different in Anglo-Saxon
countries, where people, as individuals, and Corporate are more encline to
engage and join a cause, especially a charitable one, for instance such as
the OWASP Foundation. This cultural difference rules lots of things in term
of approach, so strategy ;-)

In clear and from a pragmatic point of view, a French or EU Corporate will
triple-check the fact to give USD 5000 to OWASP -even with a perspective of
60% tax deductible- AND will ensure to have all garantee of "support",
rather than an Anglo-Saxon Corporate will be more encline to engage a USD
20K or 50K to foster a brand image part of a business strategy (which is
good and cool as well), in a win-win perspective for all.

This is the main difference I'm talking about, and there is no real
solution to that but for Local Chapter to evangelize... and OWASP to try
thinking out-of the box: how to apply, if possible, a business-related
approach into an open an charitable ecosystem... to foster and enhance
Corporate memberships?

I'm quite long in my post so apologies for this guys, but I kindly remind
that, as far as we can see in the OWASP financial status, the  Corporate
memberships amount rules  the existing of the Foundation. That's why.

Nevertheless, imho, this has to be taken into account in the global
equation of the OWASP Foundation as well.

Thanks again Jim!

 Le 26 mars 2014 15:45, "Jim Manico" <jim.manico at owasp.org> a écrit :

>  Ludo,
> We added two other level of corporate membership that hopefully adds more
> value for higher levels of sponsorship.
> https://www.owasp.org/index.php/Corporate_Membership
> Does this help?
> Aloha,
> Jim
> On 3/26/14, 12:47 AM, Ludovic Petit wrote:
> Well, I do think that free training at major OWASP AppSec conferences is a
> good think... for official Corporate Members and official Supporters of
> local Chapters, as these members are awaiting some good reasons and "ROI"
> for them to join officially OWASP.
> To date, the current 'model' is not in that sense, this is why imho this
> have to evolve accordingly (although I confess this is not so easy as it
> seems to be).
> OWASP is a Foundation, yes indeed, but AppSec Conferences and events are a
> huge responsibility and a hard work for OWASP and volunteers. This is why I
> think training during AppSec have to be paid by attendees (except for
> Corporate & Supporters members), because volunteering from OWASP speakers
> means also lots of work and value-added to do a talk/training.
> My 2 cents, you can now start to shoot the pianist ;-)
> Ludo
>  Ludovic Petit
> Chapter Leader OWASP France
> Global Connections Committee Member
> Skype: lp3tit
> +33 (0) 6 01 28 20 08
> ludovic.petit at owasp.org
> http://www.linkedin.com/in/lpetit
> -------
> https://lists.owasp.org/mailman/listinfo/owasp-france
> https://www.owasp.org/index.php/France
>  Le 25 mars 2014 18:07, "psiinon" <psiinon at gmail.com> a écrit :
>>  Leaders,
>>  There has been a discussion on the AppSec EU 2014 list regarding the
>> pros and cons of giving free training at major OWASP AppSec conferences.
>>  A _very_ quick summary: Free training is a great way to get our message
>> across, but can (and it is claimed does) eat into our revenue, which will
>> therefore limit what else we can achieve.
>>  A poll was suggested, but it has been pointed out that this might be
>> counterproductive without a more detailed discussion regarding the full
>> impact this sort of free training could have.
>>  I can understand that, but I would really like to hear the communities
>> views on this.
>>  I hope thats not too biased an introduction (I'm sure my views will
>> become apparent soon;) and that it is enough to get the discussion
>> started...
>>  Cheers,
>>  Simon
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140326/7e769726/attachment-0001.html>

More information about the OWASP-Leaders mailing list