You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, my company AppThreat Ltd is bearing the majority of the cost of developing and maintaining this project. While, the number of contributors are growing, so are the support costs and development & testing efforts. To de-risk and improve the sustainability, I have two ideas:
Premium issue
I came across the premium issue feature in LIEF project.
Premium issues can be used to get a higher priority resolution for users and companies. In return, you need to contribute to the project with an action:
Publishing a guest blog (Medium, LinkedIn, X, your choice)
Fixing another issue
Sponsoring OWASP Foundation (per issue or a sizeable donation to cdxgen once per year)
Premium issues will be highlighted in the changelog and the release blog post with your name/logo. Here is an example, where a project proudly showcases the sponsors.
Donation panel for CI execution
Below is an example screenshot that would appear in depscan later this month.
cdxgen could show a similar message in CI environments. There will be a command line argument such as --no-banner, that could be passed to hide this message. Users and organizations, who can afford some money, would be expected to make a donation to the OWASP foundation using the CycloneDX link, before using this argument. These donations will be used to fund all of CycloneDX (specification, guides, use cases, tools, support) and not just cdxgen.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Currently, my company AppThreat Ltd is bearing the majority of the cost of developing and maintaining this project. While, the number of contributors are growing, so are the support costs and development & testing efforts. To de-risk and improve the sustainability, I have two ideas:
I came across the premium issue feature in LIEF project.
Premium issues can be used to get a higher priority resolution for users and companies. In return, you need to contribute to the project with an action:
Premium issues will be highlighted in the changelog and the release blog post with your name/logo. Here is an example, where a project proudly showcases the sponsors.
Below is an example screenshot that would appear in depscan later this month.
cdxgen could show a similar message in CI environments. There will be a command line argument such as
--no-banner, that could be passed to hide this message. Users and organizations, who can afford some money, would be expected to make a donation to the OWASP foundation using the CycloneDX link, before using this argument. These donations will be used to fund all of CycloneDX (specification, guides, use cases, tools, support) and not just cdxgen.Let me know your thoughts.
Beta Was this translation helpful? Give feedback.
All reactions