This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Governance/ProjectSponsorship

From OWASP
Revision as of 19:16, 2 May 2014 by MichaelCoates (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Purpose

OWASP needs to define our approach to handling corporate sponsorship and branding of OWASP projects. To do so we are engaging the community to discuss and flush out different options. We'll then include a vote on the 2013 annual election ballot on this issue. The new policy will take effect for all new branding and sponsorships starting January 1, 2014. Existing branding decisions will not be required to retroactively modify.

The Options

Please feel free to add additional bullets to any of the cells. Please do not remove existing items.

Option 1 - Project Leaders Decide All 2 - Standardized across projects & allowing project sponsorship/logos 3 - Standardized across projects & not allowing project sponsorship/logos
Summary Description

Each individual project leader makes all decisions on sponsorship and recognition. Project leaders determine the requirements and placements of logos at their discretion

  • Current approach
  • This approach is the most decentralized, least regulated, and would result in the least consistency across OWASP projects

Anyone can pay to place a sponsorship logo on a project per a centralized policy.All contributors get name, email address, company (if desired), hyperlink (no logo) per leadership decision. No logos for just contributions of any sort

  • This approach is centralized, regulated, and would result in consistency across OWASP projects

Projects list individual contributors on a dedicated acknowledgement page per project which is consistent across all project ( Name, email, company name). Financial sponsors only listed on a dedicated sponsor page on a centralized owasp webpage (e.g. no logos on projects)

  • This approach is the most centralized, more regulated, and would result in the most consistency across OWASP projects
Can OWASP projects be directly sponsored by a company Yes Yes No - however companies can sponsor the OWASP Foundation and the foundation can distribute funds to projects through items like summer of code / project reboot / etc
Are company logos placed within the OWASP project? Yes Yes No
How are logos handled (placement, cost, logo size, etc) both on the wiki page and within any output/deliverable (e.g tool, documentation)

At the sole discretion of the project leader

By OWASP wide standard policy for project sponsorship. Logos would be included at a standard place for all projects.

There are no project sponsors. Instead sponsors of the OWASP foundation are on a listed dedicated sponsorship page which may include the logo.

How are company contributions acknowledged?

At the sole discretion of the project leader

The same as individual contributors. However, since an individual can list their company name a company with many volunteers to a project would see their company name listed multiple times on the project acknowledgement page.

The same as individual contributors. However, since an individual can list their company name a company with many volunteers to a project would see their company name listed multiple times on the project acknowledgement page.

How are individual contributions acknowledged

At the sole discretion of the project leader

All contributors will have their name, email address, company (if desired) listed on the contributors page for the project.

All contributors will have their name, email address, company (if desired) listed on the contributors page for the project.

Positives of this approach
  1. Very decentralized and scalable, no impact on operations staff
  2. Project leader empowerment
  1. Revenue generation
  2. All contributors get recognition
  3. Companies that allow employees to work on a project will show many people with @company.com contributors
  1. Maintains focus on OWASP, less dilution of OWASP brand
  2. Centralized location for sponsorship recognition. - Wall of fame
Negatives of this approach
  1. Lack of consistency across projects
  2. No clear engagement on how contributors get involved
  3. May be open to abuse due to lack of standards
  1. Individuals and companies that contribute lots of time may be trumped (in recognition) by any company that donates money
  2. Corporate Logos on projects may cause vendor neutrality concerns and discourage contribution
  1. A company would not have any branding/advertising incentives to sponsor a project that could use the funds
Any other considerations
  1. ...
  1. ...

Additional Comments

Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section.

  1. MichaelCoates (talk) 12:59, 8 October 2013 (CDT) - Example comment with signature
  2. Clerkendweller (talk) 07:59, 9 October 2013 (UTC) - Re Andrew V's comment to list - also need to discuss "how can projects spend their money"
    • MichaelCoates (talk) 15:50, 9 October 2013 (CDT) I agree. I also consider this to be a separate issue from the sponsorship and branding (though tightly related). I'd like to tackle this large piece and then move on to the next item of clarifying how projects can feel empowered to easily use their resources
  3. Clerkendweller (talk) 08:00, 9 October 2013 (UTC) - For Option 2, will the project leaders have the ability to opt out from having their own work branded by someone else - for a period, and/or forever?
    • MichaelCoates (talk) 15:50, 9 October 2013 (CDT) That hasn't been flushed out in these options. But my initial thought is a project could choose to reject sponsorship under option 2.
  4. Clerkendweller (talk) 08:00, 9 October 2013 (UTC) - The issue of branding/logos on project outputs hasn't been addressed, but might be expected as well by sponsors, or might be desired by some project contributors. For example a logo on a tool UI or in a tool's help pages, or a logo on a document front cover or on an inside page.
    • MichaelCoates (talk) 15:49, 9 October 2013 (CDT) Good point. I do think this should be clarified in the options above. For option 1 it is determined by the project leader. For option 2 it would be defined as a consistent approach across all projects and there would be a sponsor acknowledgement area within the output. For option 3 it would be a non-issue since all sponsorship is done for the OWASP organization. I'll add a new row with this info above. Note: I updated the section "How are logos handled" to better include this item.
    • Abraham_Aranguren (talk) 23:20, 9 October 2013 (UTC) I think Option 2 is the only one that makes sense: Option 1 is too demanding for a project leader and would ensure chaos, flame wars and inconsistency across OWASP. Option 3 shuts the door to potentially useful revenue sources, we have seen with examples like Rapid7 and Metasploit or SpiderLabs and ModSecurity that open source and commercial businesses can cooperate and feed each other successfully. We might be able to figure out a way to appropriately recognise non-sponsored contributors for "doing it without being paid" to counter the disadvantages of Option 2.

2013 Election Referendum Results

  • Option 1: 130 Votes (15.0%) - See details above
  • Option 2: 429 Votes (49.7%) - See details above
  • Option 3: 192 Votes (22.2%) - See details above
  • Option 4: 107 Votes (12.4%) - "I don't have an opinion on the topic"
  • Option 5: 6 Votes (0.7%) - Write in:
    • A Mix Of 1 And 2 Where We Have A Process But We Can Chose To Modify It With Enforced Limitations
    • Abstain
    • Any Of The Above But All Monies And Activities Are To Be Published/disclosed (eg If A Company Takes The Leader/team/board To An Event/meal, It's Publicly Available So That We Know Who's Putting Their Money Where Their Mouth Is & Who's "buying" Our Brand
    • Hybrid Of 2 & 3 ... When A Specific Project Is Sponsored Directly, Some Percentage Of The Sponsorship Goes To Owasp To Support Projects Across The Ecosystem, And The Remainder Goes Directly To The Project.
    • Merge 2 And 3; Sponsorship Include Project And Foundation Funding. Project Acknowledgement Is Individual Contributors Only. Sponsor Page Lists Projects Supported.
    • Will Feel More Comfortable Voting Once I Have A Chance To Start Coming To Some Of The Meetings And Meet The People

Summary

Answered Questions 864 (100.0%)

OWASP Output from this process

Project_Sponsorship_Operational_Guidelines