[Owasp-leaders] Profiling as software Open Source organization

Timur 'x' Khrotko (owasp) timur at owasp.org
Wed Mar 4 12:39:52 UTC 2015

(I suggest that owasp should not engage directly in any trade activity, I
mean selling x to maintain a y tool. We may provide a well thought out and
kosher scheme for projects to support their professional development of a
tool, like thru 3rd party bodies who make business on its support and
trainings. In return we will have professional, free tools for the
On Mar 4, 2015 12:48 PM, "johanna curiel curiel" <johanna.curiel at owasp.org>

> ZAP and Dependency Check has been disruptors in the market place, so we
> cannot expect sponsors from Burp or the similar ;-)
> projects have no direct source of funding, there is also no strategy
> regarding how to improve this
> The first thing we need to do I think is focus on creating a strategy to
> support projects much better
> The foundation does not have a support team for this part but again, if
> the community feels that we want to improve our projects and their quality,
> then we can make a plan, start small
> Divide and conquer.
> Let's say that we take ZAP and Dependency (as an example) and we create a
> marketing strategy to:
>    - Get more donations to these projects by:
>    - Promoting the projects in different security Events
>    - Hire developers/testers to improve the software and compete with the
>    ones out there
>    - The same strategies that many Open Source software uses, we should
>    use, its free, but could also create a service around them such as:
>    - Organise trainings using these tools and let participants pay for
>       this. The money from these trainings will go directly to the project bucket
>       - Create learning materials such as books and sell them. again
>       money from this will go to the project bucket
>       - Coordinate with Chapters to provide professional trainings and
>       events promoting projects
> Then we can focus the Project budget we have for these clear goals that
> will help us grow that budget instead of purely spending it
> regards
> Johanna
> On Wed, Mar 4, 2015 at 6:18 AM, psiinon <psiinon at gmail.com> wrote:
>> Very interesting topic :)
>> What would this mean in terms of structure and funding of OWASP?
>> I think that one of the biggest problems we have right now is funding
>> developments.
>> Creating world class software takes time, effort and therefore money.
>> Right now all of the OWASP projects are either funded by individual
>> volunteers working in their own time or organisations contributing some of
>> their employees time to work on projects (someone please correct me if I'm
>> wrong!).
>> To get significantly more time/effort allocated to projects we'd either
>> need to convince organisations to donate more time or to pay individual
>> contributors.
>> A lot of OWASPs funding comes through sponsorship from organizations.
>> I've heard through the grapevine that some existing sponsors are really
>> unhappy with ZAP as they think it is potentially impacting their business.
>> I suspect they would be _very_ unhappy if OWASP started to pay for extra
>> people to work on ZAP ;)
>> If we start investing more in projects like ZAP then these sort of
>> concerns are going to increasingly occur.
>> I _really_ like the idea of investing more in OWASP projects, but I can
>> see quite a few potential issues around the money side that will need to be
>> addressed.
>> Cheers,
>> Simon
>> On Tue, Mar 3, 2015 at 7:12 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Leaders
>>> I would like to hear ideas on how could we become more a open source
>>> 'software' organization similar to Mozilla, Samba
>>> We need to define:
>>>    - What kind of software we want to build
>>>    - Focus and invest our 'development' and improvements efforts into
>>>    the most successful projects (example:ZAP, APPSENSOR, ModSecurity Rules,
>>>    CRSF..etc)
>>>    - Allow incubators to work as experimentation and help the most
>>>    promising develop into successful ones
>>>    - Market the projects as 'Products'
>>>    -
>>> More ideas?
>>> I think is time we take projects into the next level
>>> regards
>>> Johanna
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

This message may contain confidential information - you should handle it 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150304/173f117c/attachment.html>

More information about the OWASP-Leaders mailing list