[Owasp-leaders] Profiling as software Open Source organization

johanna curiel curiel johanna.curiel at owasp.org
Wed Mar 4 11:46:39 UTC 2015

ZAP and Dependency Check has been disruptors in the market place, so we
cannot expect sponsors from Burp or the similar ;-)
projects have no direct source of funding, there is also no strategy
regarding how to improve this

The first thing we need to do I think is focus on creating a strategy to
support projects much better
The foundation does not have a support team for this part but again, if the
community feels that we want to improve our projects and their quality,
then we can make a plan, start small
Divide and conquer.

Let's say that we take ZAP and Dependency (as an example) and we create a
marketing strategy to:

   - Get more donations to these projects by:
   - Promoting the projects in different security Events
   - Hire developers/testers to improve the software and compete with the
   ones out there
   - The same strategies that many Open Source software uses, we should
   use, its free, but could also create a service around them such as:
   - Organise trainings using these tools and let participants pay for
      this. The money from these trainings will go directly to the
project bucket
      - Create learning materials such as books and sell them. again money
      from this will go to the project bucket
      - Coordinate with Chapters to provide professional trainings and
      events promoting projects

Then we can focus the Project budget we have for these clear goals that
will help us grow that budget instead of purely spending it



On Wed, Mar 4, 2015 at 6:18 AM, psiinon <psiinon at gmail.com> wrote:

> Very interesting topic :)
> What would this mean in terms of structure and funding of OWASP?
> I think that one of the biggest problems we have right now is funding
> developments.
> Creating world class software takes time, effort and therefore money.
> Right now all of the OWASP projects are either funded by individual
> volunteers working in their own time or organisations contributing some of
> their employees time to work on projects (someone please correct me if I'm
> wrong!).
> To get significantly more time/effort allocated to projects we'd either
> need to convince organisations to donate more time or to pay individual
> contributors.
> A lot of OWASPs funding comes through sponsorship from organizations.
> I've heard through the grapevine that some existing sponsors are really
> unhappy with ZAP as they think it is potentially impacting their business.
> I suspect they would be _very_ unhappy if OWASP started to pay for extra
> people to work on ZAP ;)
> If we start investing more in projects like ZAP then these sort of
> concerns are going to increasingly occur.
> I _really_ like the idea of investing more in OWASP projects, but I can
> see quite a few potential issues around the money side that will need to be
> addressed.
> Cheers,
> Simon
> On Tue, Mar 3, 2015 at 7:12 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Leaders
>> I would like to hear ideas on how could we become more a open source
>> 'software' organization similar to Mozilla, Samba
>> We need to define:
>>    - What kind of software we want to build
>>    - Focus and invest our 'development' and improvements efforts into
>>    the most successful projects (example:ZAP, APPSENSOR, ModSecurity Rules,
>>    CRSF..etc)
>>    - Allow incubators to work as experimentation and help the most
>>    promising develop into successful ones
>>    - Market the projects as 'Products'
>>    -
>> More ideas?
>> I think is time we take projects into the next level
>> regards
>> Johanna
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150304/da43621c/attachment-0001.html>

More information about the OWASP-Leaders mailing list