What other people have said in comments is completely right: OpenSSL, or maybe just this Steve Marquess guy, is missing the forest for the trees. Or in this case, the six figure donations for the pennies. OpenSSL could raise more money in a few months of pan handling in a major city than they raise in a year[1].
A student group that I will soon be President of at the University of Northern Iowa[2] received more in donations and financial support. Our student group is not the best managed, but we care a lot about large sponsors, keeping good relations with them, and making asks that matter.
If someone told me that panhandlers and Midwest student organizations are out-fundraising OpenSSL, I would scoff and laugh. OpenSSL? That's mission-critical software running on nearly every PC and post-PC device in the world. You know what OpenSSL reminds me of in this respect? SQLite.
SQLite charges $75,000 for consortium members[3] to have 24/7 access to phone support direct to developers, guaranteed time spent on issues that matter to them, and so on.
The fact that this doesn't exist for OpenSSL is an embarrassment to project management. I made an offer in that email thread to try to raise $200,000 for OpenSSL by the end of 2014, and I'm repeating it here for visibility:
If you are an employee of a corporation that wants to donate to directly support OpenSSL development by funding staff time, send me an email right now: [email protected]
If you are in the OpenSSL foundation, send me an email right now and I will try to solve your problem by finding a phone number at every major OpenSSL using corporation and making an ask. Want me to do that? Send me an email right now: [email protected]
Not sure why I'm downvoted, but I'm making an explicit offer to spend volunteer time making asks to corporations to raise money for OpenSSL. I don't see too many people making similar offers, and a number of people pointing out that they have the opportunity to solve their fundraising programs through corporate sponsorship, but not a whole lot of people with the free time willing to do so.
Telling an underfunded volunteer-run organization what they need to do rarely works. They're busy, they have lives, and they can't afford to make a mistake with their time which is already so acutely demanded. So I'm making an offer: I'll run the corporate sponsorship program, just give me the option to do so. I'm a student, I could spend four hours tonight calling contacts at businesses and public institutions, working my way up the ladder and making asks. Has OpenSSL ever just asked for money before? Asking for money is hard for many people, I don't know why, but I've done it before, so why not?
Pardon me if I'm being blunt, but I believe I can answer your question regarding downvotes.
You seem to have found a niche you're good at, all I'd counsel you is to get better at managing impressions. I think what you want to do is great, and I think most HNers agree on that. But this doesn't seem like the appropriate forum to reach out in, and partly because of that and partly because of your wording, you come off sounding a little arrogant and like a salesperson. I think if you were less verbose, your intentions would shine through better.
And they're not selling Qualys on future contributions. They got their logo there, and it seems like it'll stay there forever. They are a "Past Contributor", and they get what could be prime corporate advertising space to security engineers for free every year they don't contribute. I can't tell if they're a current contributor, or how much it would cost to put $MY_COMPANY logo there. And I don't know why I would care, because it appears OpenSSL doesn't seem to care about who is paying year-to-year.
It says "Past or Current". That should just say "Current". Anyone who isn't a current contributor should get their name taken off. Also, where is Google? Apple? Microsoft? IBM? Oracle? Juniper? None of those names have logos up there. That should be fixed. Has anyone ever cold-called those companies and asked to talk to their sponsorship and corporate contributions groups?
Though from the sounds of it, it doesn't work very well presumably because there is no outbound sales process - which is what this person is suggesting doing.
Open source software benefits the entire society/humanity.
Therefor, it (or at least the most critical components, such as OpenSSL) should be funded by all governments in an internationally coordinated effort (tax payer benefits = tax payer pays).
If we can have internationally coordinated efforts such as NATO, why can't we have them for extremely important/basic elements of our society such as technology?
> If we can have internationally coordinated efforts such as NATO, why can't we have them for extremely important/basic elements of our society such as technology?
This is a very interesting question. The answer, most likely, is that the perception of security moves slower than the security concept[s] itself.
We come from an era where security was in most part physical, and we're transitioning to an era where it's much more logical; society though, is having a hard time adapting to the change.
For this reason, a technologist may see as obvious to take care or OpenSSL more than, say, building a tank, while a politician is stuck in with the latter only.
Also, I think we're only scratching the surface here. It's interesting, for example, to think of a parallel between the interests in keeping the world insecure. In practical terms, NSA has certainly a great interest in keeping security software broken even if used by the people it's supposed to protect; I wonder what was the parallel of this, 50 years ago, and especially, how is society going to react over the time.
Given today's murky geopolitical situation, its always good to cite history as correctly as possible:
"The North Atlantic Treaty Organization (NATO) .. also called the (North) Atlantic Alliance, is an intergovernmental military alliance based on the North Atlantic Treaty which was signed on 4 April 1949."
"The Warsaw Pact was in part a Soviet military reaction to the integration of West Germany into NATO in 1955, per the Paris Pacts of 1954 but was primarily motivated by Soviet desires to maintain control over military forces in Central and Eastern Europe"
OK I stand corrected, NATO was set up first and then the Soviets set up the Warsaw Pact in reaction to NATO. But that still proves my point that NATO was one side, unlike (say) the UN which had/has both sides.
A student group that I will soon be President of at the University of Northern Iowa[2] received more in donations and financial support. Our student group is not the best managed, but we care a lot about large sponsors, keeping good relations with them, and making asks that matter.
If someone told me that panhandlers and Midwest student organizations are out-fundraising OpenSSL, I would scoff and laugh. OpenSSL? That's mission-critical software running on nearly every PC and post-PC device in the world. You know what OpenSSL reminds me of in this respect? SQLite.
SQLite charges $75,000 for consortium members[3] to have 24/7 access to phone support direct to developers, guaranteed time spent on issues that matter to them, and so on.
The fact that this doesn't exist for OpenSSL is an embarrassment to project management. I made an offer in that email thread to try to raise $200,000 for OpenSSL by the end of 2014, and I'm repeating it here for visibility:
If you are an employee of a corporation that wants to donate to directly support OpenSSL development by funding staff time, send me an email right now: [email protected]
If you are in the OpenSSL foundation, send me an email right now and I will try to solve your problem by finding a phone number at every major OpenSSL using corporation and making an ask. Want me to do that? Send me an email right now: [email protected]
[1] http://www.ncbi.nlm.nih.gov/pmc/articles/PMC121964/
[2] http://www.unifreethought.com
[3] http://www.hwaci.com/sw/sqlite/prosupport.html
[4] https://sqlite.org/consortium.html