[Owasp-leaders] Profiling as software Open Source organization
dibyendu.coder at gmail.com
Wed Mar 4 13:00:47 UTC 2015
I have a plan when it comes to funds. Let the top level well established
projects receive funds say for example ZAP / Appsensor / etc ..
Where as the new incubator projects need not be funded . Instead these
projects should be open for "internship" at owasp . Like I suggested there
will be a senior owasp project leader who will be mentoring the junior
project leader plus the new interns who will be working on the project .
Everyone will benefit from here
1. OWASP will have new updated projects
2. Junior leaders will have more experience
3. Interns will also learn something new .
So no cost in involved plus we have better projects . Now if the incubator
project performs well it can be decided whether it should be funded or not .
How it it ?
On Wed, Mar 4, 2015 at 6:09 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>
> (I suggest that owasp should not engage directly in any trade activity, I
> mean selling x to maintain a y tool. We may provide a well thought out and
> kosher scheme for projects to support their professional development of a
> tool, like thru 3rd party bodies who make business on its support and
> trainings. In return we will have professional, free tools for the
> On Mar 4, 2015 12:48 PM, "johanna curiel curiel" <johanna.curiel at owasp.org>
>> ZAP and Dependency Check has been disruptors in the market place, so we
>> cannot expect sponsors from Burp or the similar ;-)
>> projects have no direct source of funding, there is also no strategy
>> regarding how to improve this
>> The first thing we need to do I think is focus on creating a strategy to
>> support projects much better
>> The foundation does not have a support team for this part but again, if
>> the community feels that we want to improve our projects and their quality,
>> then we can make a plan, start small
>> Divide and conquer.
>> Let's say that we take ZAP and Dependency (as an example) and we create a
>> marketing strategy to:
>> - Get more donations to these projects by:
>> - Promoting the projects in different security Events
>> - Hire developers/testers to improve the software and compete with
>> the ones out there
>> - The same strategies that many Open Source software uses, we should
>> use, its free, but could also create a service around them such as:
>> - Organise trainings using these tools and let participants pay for
>> this. The money from these trainings will go directly to the project bucket
>> - Create learning materials such as books and sell them. again
>> money from this will go to the project bucket
>> - Coordinate with Chapters to provide professional trainings and
>> events promoting projects
>> Then we can focus the Project budget we have for these clear goals that
>> will help us grow that budget instead of purely spending it
>> On Wed, Mar 4, 2015 at 6:18 AM, psiinon <psiinon at gmail.com> wrote:
>>> Very interesting topic :)
>>> What would this mean in terms of structure and funding of OWASP?
>>> I think that one of the biggest problems we have right now is funding
>>> Creating world class software takes time, effort and therefore money.
>>> Right now all of the OWASP projects are either funded by individual
>>> volunteers working in their own time or organisations contributing some of
>>> their employees time to work on projects (someone please correct me if I'm
>>> To get significantly more time/effort allocated to projects we'd either
>>> need to convince organisations to donate more time or to pay individual
>>> A lot of OWASPs funding comes through sponsorship from organizations.
>>> I've heard through the grapevine that some existing sponsors are really
>>> unhappy with ZAP as they think it is potentially impacting their business.
>>> I suspect they would be _very_ unhappy if OWASP started to pay for extra
>>> people to work on ZAP ;)
>>> If we start investing more in projects like ZAP then these sort of
>>> concerns are going to increasingly occur.
>>> I _really_ like the idea of investing more in OWASP projects, but I can
>>> see quite a few potential issues around the money side that will need to be
>>> On Tue, Mar 3, 2015 at 7:12 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>> I would like to hear ideas on how could we become more a open source
>>>> 'software' organization similar to Mozilla, Samba
>>>> We need to define:
>>>> - What kind of software we want to build
>>>> - Focus and invest our 'development' and improvements efforts into
>>>> the most successful projects (example:ZAP, APPSENSOR, ModSecurity Rules,
>>>> - Allow incubators to work as experimentation and help the most
>>>> promising develop into successful ones
>>>> - Market the projects as 'Products'
>>>> More ideas?
>>>> I think is time we take projects into the next level
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> This message may contain confidential information - you should handle it
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders