[Owasp-leaders] Profiling as software Open Source organization

Timur 'x' Khrotko (owasp) timur at owasp.org
Wed Mar 4 12:39:52 UTC 2015


(I suggest that owasp should not engage directly in any trade activity, I
mean selling x to maintain a y tool. We may provide a well thought out and
kosher scheme for projects to support their professional development of a
tool, like thru 3rd party bodies who make business on its support and
trainings. In return we will have professional, free tools for the
community.)
On Mar 4, 2015 12:48 PM, "johanna curiel curiel" <johanna.curiel at owasp.org>
wrote:

> ZAP and Dependency Check has been disruptors in the market place, so we
> cannot expect sponsors from Burp or the similar ;-)
> projects have no direct source of funding, there is also no strategy
> regarding how to improve this
>
> The first thing we need to do I think is focus on creating a strategy to
> support projects much better
> The foundation does not have a support team for this part but again, if
> the community feels that we want to improve our projects and their quality,
> then we can make a plan, start small
> Divide and conquer.
>
> Let's say that we take ZAP and Dependency (as an example) and we create a
> marketing strategy to:
>
>    - Get more donations to these projects by:
>    - Promoting the projects in different security Events
>    - Hire developers/testers to improve the software and compete with the
>    ones out there
>    - The same strategies that many Open Source software uses, we should
>    use, its free, but could also create a service around them such as:
>    - Organise trainings using these tools and let participants pay for
>       this. The money from these trainings will go directly to the project bucket
>       - Create learning materials such as books and sell them. again
>       money from this will go to the project bucket
>       - Coordinate with Chapters to provide professional trainings and
>       events promoting projects
>
> Then we can focus the Project budget we have for these clear goals that
> will help us grow that budget instead of purely spending it
>
> regards
>
> Johanna
>
> On Wed, Mar 4, 2015 at 6:18 AM, psiinon <psiinon at gmail.com> wrote:
>
>> Very interesting topic :)
>>
>> What would this mean in terms of structure and funding of OWASP?
>>
>> I think that one of the biggest problems we have right now is funding
>> developments.
>> Creating world class software takes time, effort and therefore money.
>> Right now all of the OWASP projects are either funded by individual
>> volunteers working in their own time or organisations contributing some of
>> their employees time to work on projects (someone please correct me if I'm
>> wrong!).
>> To get significantly more time/effort allocated to projects we'd either
>> need to convince organisations to donate more time or to pay individual
>> contributors.
>>
>> A lot of OWASPs funding comes through sponsorship from organizations.
>> I've heard through the grapevine that some existing sponsors are really
>> unhappy with ZAP as they think it is potentially impacting their business.
>> I suspect they would be _very_ unhappy if OWASP started to pay for extra
>> people to work on ZAP ;)
>> If we start investing more in projects like ZAP then these sort of
>> concerns are going to increasingly occur.
>>
>> I _really_ like the idea of investing more in OWASP projects, but I can
>> see quite a few potential issues around the money side that will need to be
>> addressed.
>>
>> Cheers,
>>
>> Simon
>>
>> On Tue, Mar 3, 2015 at 7:12 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Leaders
>>>
>>> I would like to hear ideas on how could we become more a open source
>>> 'software' organization similar to Mozilla, Samba
>>>
>>> We need to define:
>>>
>>>    - What kind of software we want to build
>>>    - Focus and invest our 'development' and improvements efforts into
>>>    the most successful projects (example:ZAP, APPSENSOR, ModSecurity Rules,
>>>    CRSF..etc)
>>>    - Allow incubators to work as experimentation and help the most
>>>    promising develop into successful ones
>>>    - Market the projects as 'Products'
>>>    -
>>>
>>> More ideas?
>>>
>>> I think is time we take projects into the next level
>>>
>>> regards
>>>
>>> Johanna
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
This message may contain confidential information - you should handle it 
accordingly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150304/173f117c/attachment.html>


More information about the OWASP-Leaders mailing list