[Owasp-leaders] Profiling as software Open Source organization

Dibyendu Sikdar dibyendu.coder at gmail.com
Wed Mar 4 13:00:47 UTC 2015

I have a plan when it comes to funds. Let the top level well established
projects receive funds say for example ZAP / Appsensor / etc ..

Where as the new incubator projects need not be funded . Instead these
projects should be open for "internship" at owasp . Like I suggested there
will be a senior owasp project leader who will be mentoring the junior
project leader plus the new interns who will be working on the project .
 Everyone will benefit from here
1. OWASP will have new updated projects
2. Junior leaders will have more experience
3. Interns will also learn something new .

So no cost in involved plus we have better projects . Now if the incubator
project performs well it can be decided whether it should be funded or not .

How it it ?

On Wed, Mar 4, 2015 at 6:09 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>

> (I suggest that owasp should not engage directly in any trade activity, I
> mean selling x to maintain a y tool. We may provide a well thought out and
> kosher scheme for projects to support their professional development of a
> tool, like thru 3rd party bodies who make business on its support and
> trainings. In return we will have professional, free tools for the
> community.)
> On Mar 4, 2015 12:48 PM, "johanna curiel curiel" <johanna.curiel at owasp.org>
> wrote:
>> ZAP and Dependency Check has been disruptors in the market place, so we
>> cannot expect sponsors from Burp or the similar ;-)
>> projects have no direct source of funding, there is also no strategy
>> regarding how to improve this
>> The first thing we need to do I think is focus on creating a strategy to
>> support projects much better
>> The foundation does not have a support team for this part but again, if
>> the community feels that we want to improve our projects and their quality,
>> then we can make a plan, start small
>> Divide and conquer.
>> Let's say that we take ZAP and Dependency (as an example) and we create a
>> marketing strategy to:
>>    - Get more donations to these projects by:
>>    - Promoting the projects in different security Events
>>    - Hire developers/testers to improve the software and compete with
>>    the ones out there
>>    - The same strategies that many Open Source software uses, we should
>>    use, its free, but could also create a service around them such as:
>>    - Organise trainings using these tools and let participants pay for
>>       this. The money from these trainings will go directly to the project bucket
>>       - Create learning materials such as books and sell them. again
>>       money from this will go to the project bucket
>>       - Coordinate with Chapters to provide professional trainings and
>>       events promoting projects
>> Then we can focus the Project budget we have for these clear goals that
>> will help us grow that budget instead of purely spending it
>> regards
>> Johanna
>> On Wed, Mar 4, 2015 at 6:18 AM, psiinon <psiinon at gmail.com> wrote:
>>> Very interesting topic :)
>>> What would this mean in terms of structure and funding of OWASP?
>>> I think that one of the biggest problems we have right now is funding
>>> developments.
>>> Creating world class software takes time, effort and therefore money.
>>> Right now all of the OWASP projects are either funded by individual
>>> volunteers working in their own time or organisations contributing some of
>>> their employees time to work on projects (someone please correct me if I'm
>>> wrong!).
>>> To get significantly more time/effort allocated to projects we'd either
>>> need to convince organisations to donate more time or to pay individual
>>> contributors.
>>> A lot of OWASPs funding comes through sponsorship from organizations.
>>> I've heard through the grapevine that some existing sponsors are really
>>> unhappy with ZAP as they think it is potentially impacting their business.
>>> I suspect they would be _very_ unhappy if OWASP started to pay for extra
>>> people to work on ZAP ;)
>>> If we start investing more in projects like ZAP then these sort of
>>> concerns are going to increasingly occur.
>>> I _really_ like the idea of investing more in OWASP projects, but I can
>>> see quite a few potential issues around the money side that will need to be
>>> addressed.
>>> Cheers,
>>> Simon
>>> On Tue, Mar 3, 2015 at 7:12 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>> Leaders
>>>> I would like to hear ideas on how could we become more a open source
>>>> 'software' organization similar to Mozilla, Samba
>>>> We need to define:
>>>>    - What kind of software we want to build
>>>>    - Focus and invest our 'development' and improvements efforts into
>>>>    the most successful projects (example:ZAP, APPSENSOR, ModSecurity Rules,
>>>>    CRSF..etc)
>>>>    - Allow incubators to work as experimentation and help the most
>>>>    promising develop into successful ones
>>>>    - Market the projects as 'Products'
>>>>    -
>>>> More ideas?
>>>> I think is time we take projects into the next level
>>>> regards
>>>> Johanna
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> This message may contain confidential information - you should handle it
> accordingly.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150304/2b2fad4a/attachment-0001.html>

More information about the OWASP-Leaders mailing list