[Owasp-leaders] Implementation Costs

Colin Watson colin.watson at owasp.org
Thu Jun 4 10:25:54 UTC 2015

Hello Ann

The vast majority of OWASP projects have no funding. And where there
is funding, that may have been used to help produce the final outputs
or to promote the project.

I don't think anyone tracks volunteer effort - there is some record of
commits for coding projects. In terms of documentation type projects,
the effort is whatever time the volunteer contributors can provide. If
we exclude things like the large "guide" documents, I imagine many
initial documents can be produced in between 10 and 40 days work, at
zero cost. If there is only one contributor, that may well be spread
over 1-2 years.

If you are thinking about a non OWASP project where there are
employees paid to work on a standard, maybe contacting NIST or Mitre
might be better?

Best regards


On 3 June 2015 at 21:54, Ann Racuya-Robbins
<ann.racuya.robbins at owasp.org> wrote:
> I am wondering if any projects have captured the costs or cost estimates
> related to implementing standards and best practices—even in a rough way?
> Regards,
> Ann Racuya-Robbins
> KBA-PMP Co-Leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list