wasc-satec@lists.webappsec.org

WASC Static Analysis Tool Evaluation Criteria

View all threads

7.4 Licensing Scheme

AS
Alec Shcherbakov
Thu, Mar 7, 2013 1:48 AM

I think section 7.4 Licensing Scheme could use more clarity and structure.
At first I thought this is something I wouldn’t include in the document at
all as licensing scheme is a more of a business topic, but then I changed
my mind. Given the fast-paced nature of the industry (new products, M&A
etc.) the pricing models tend to change often and in many cases special
pricing is worked out for certain customers. The licensing schemes vary
from vendor to vendor and are hard to formalize for the comparison
purposes, but it is still possible to give customers some way of assessing
the total cost of ownership if we can figure out certain licensing and
pricing model features applicable to any product.

Here are a few examples of the licensing details I’d find useful to capture:

  • metered scan (pay-per-line) license
  • pay-per-application license
  • unlimited vs. time-based subscriptions
  • site license: what layers (## of users) are offered?
  • desktop vs. server installation

Alec Shcherbakov

[image: logo master_dpi96_small]

www.AsTechConsulting.com http://www.astechconsulting.com/

T 415.291.9911

The information in this email is intended for the addressee.  Any other
use of this information is unauthorized and prohibited.

I think section 7.4 Licensing Scheme could use more clarity and structure. At first I thought this is something I wouldn’t include in the document at all as licensing scheme is a more of a business topic, but then I changed my mind. Given the fast-paced nature of the industry (new products, M&A etc.) the pricing models tend to change often and in many cases special pricing is worked out for certain customers. The licensing schemes vary from vendor to vendor and are hard to formalize for the comparison purposes, but it is still possible to give customers some way of assessing the total cost of ownership if we can figure out certain licensing and pricing model features applicable to any product. Here are a few examples of the licensing details I’d find useful to capture: - metered scan (pay-per-line) license - pay-per-application license - unlimited vs. time-based subscriptions - site license: what layers (## of users) are offered? - desktop vs. server installation Alec Shcherbakov [image: logo master_dpi96_small] www.AsTechConsulting.com <http://www.astechconsulting.com/> T 415.291.9911 *The information in this email is intended for the addressee. Any other use of this information is unauthorized and prohibited.*
SK
Sherif Koussa
Fri, Mar 8, 2013 9:42 PM

This seems reasonable, Thoughts everyone?

Sherif

On Wed, Mar 6, 2013 at 8:48 PM, Alec Shcherbakov <
alec.shcherbakov@astechconsulting.com> wrote:

I think section 7.4 Licensing Scheme could use more clarity and structure.
At first I thought this is something I wouldn’t include in the document at
all as licensing scheme is a more of a business topic, but then I changed
my mind. Given the fast-paced nature of the industry (new products, M&A
etc.) the pricing models tend to change often and in many cases special
pricing is worked out for certain customers. The licensing schemes vary
from vendor to vendor and are hard to formalize for the comparison
purposes, but it is still possible to give customers some way of assessing
the total cost of ownership if we can figure out certain licensing and
pricing model features applicable to any product.

Here are a few examples of the licensing details I’d find useful to
capture:

  • metered scan (pay-per-line) license
  • pay-per-application license
  • unlimited vs. time-based subscriptions
  • site license: what layers (## of users) are offered?
  • desktop vs. server installation

Alec Shcherbakov

[image: logo master_dpi96_small]

www.AsTechConsulting.com http://www.astechconsulting.com/

T 415.291.9911

The information in this email is intended for the addressee.  Any other
use of this information is unauthorized and prohibited.


wasc-satec mailing list
wasc-satec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org

This seems reasonable, Thoughts everyone? Sherif On Wed, Mar 6, 2013 at 8:48 PM, Alec Shcherbakov < alec.shcherbakov@astechconsulting.com> wrote: > I think section 7.4 Licensing Scheme could use more clarity and structure. > At first I thought this is something I wouldn’t include in the document at > all as licensing scheme is a more of a business topic, but then I changed > my mind. Given the fast-paced nature of the industry (new products, M&A > etc.) the pricing models tend to change often and in many cases special > pricing is worked out for certain customers. The licensing schemes vary > from vendor to vendor and are hard to formalize for the comparison > purposes, but it is still possible to give customers some way of assessing > the total cost of ownership if we can figure out certain licensing and > pricing model features applicable to any product. > > Here are a few examples of the licensing details I’d find useful to > capture: > > - metered scan (pay-per-line) license > - pay-per-application license > - unlimited vs. time-based subscriptions > - site license: what layers (## of users) are offered? > - desktop vs. server installation > > > > Alec Shcherbakov > > [image: logo master_dpi96_small] > > > > www.AsTechConsulting.com <http://www.astechconsulting.com/> > > > > T 415.291.9911 > > > > *The information in this email is intended for the addressee. Any other > use of this information is unauthorized and prohibited.* > > > > _______________________________________________ > wasc-satec mailing list > wasc-satec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org > >
MJ
McGovern, James
Fri, Mar 8, 2013 9:44 PM

One scheme I have seen is to separate out developers from auditors. Another is to separate out integrations of functionality. For example, if you need to feed info into GRC.

From: wasc-satec [mailto:wasc-satec-bounces@lists.webappsec.org] On Behalf Of Sherif Koussa
Sent: Friday, March 08, 2013 4:42 PM
To: Alec Shcherbakov
Cc: wasc-satec@lists.webappsec.org
Subject: Re: [WASC-SATEC] 7.4 Licensing Scheme

This seems reasonable, Thoughts everyone?

Sherif

On Wed, Mar 6, 2013 at 8:48 PM, Alec Shcherbakov <alec.shcherbakov@astechconsulting.commailto:alec.shcherbakov@astechconsulting.com> wrote:
I think section 7.4 Licensing Scheme could use more clarity and structure. At first I thought this is something I wouldn't include in the document at all as licensing scheme is a more of a business topic, but then I changed my mind. Given the fast-paced nature of the industry (new products, M&A etc.) the pricing models tend to change often and in many cases special pricing is worked out for certain customers. The licensing schemes vary from vendor to vendor and are hard to formalize for the comparison purposes, but it is still possible to give customers some way of assessing the total cost of ownership if we can figure out certain licensing and pricing model features applicable to any product.
Here are a few examples of the licensing details I'd find useful to capture:

  • metered scan (pay-per-line) license
  • pay-per-application license
  • unlimited vs. time-based subscriptions
  • site license: what layers (## of users) are offered?
  • desktop vs. server installation

Alec Shcherbakov
[logo master_dpi96_small]

www.AsTechConsulting.comhttp://www.astechconsulting.com/

T 415.291.9911tel:415.291.9911

The information in this email is intended for the addressee.  Any other use of this information is unauthorized and prohibited.


wasc-satec mailing list
wasc-satec@lists.webappsec.orgmailto:wasc-satec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org

One scheme I have seen is to separate out developers from auditors. Another is to separate out integrations of functionality. For example, if you need to feed info into GRC. From: wasc-satec [mailto:wasc-satec-bounces@lists.webappsec.org] On Behalf Of Sherif Koussa Sent: Friday, March 08, 2013 4:42 PM To: Alec Shcherbakov Cc: wasc-satec@lists.webappsec.org Subject: Re: [WASC-SATEC] 7.4 Licensing Scheme This seems reasonable, Thoughts everyone? Sherif On Wed, Mar 6, 2013 at 8:48 PM, Alec Shcherbakov <alec.shcherbakov@astechconsulting.com<mailto:alec.shcherbakov@astechconsulting.com>> wrote: I think section 7.4 Licensing Scheme could use more clarity and structure. At first I thought this is something I wouldn't include in the document at all as licensing scheme is a more of a business topic, but then I changed my mind. Given the fast-paced nature of the industry (new products, M&A etc.) the pricing models tend to change often and in many cases special pricing is worked out for certain customers. The licensing schemes vary from vendor to vendor and are hard to formalize for the comparison purposes, but it is still possible to give customers some way of assessing the total cost of ownership if we can figure out certain licensing and pricing model features applicable to any product. Here are a few examples of the licensing details I'd find useful to capture: - metered scan (pay-per-line) license - pay-per-application license - unlimited vs. time-based subscriptions - site license: what layers (## of users) are offered? - desktop vs. server installation Alec Shcherbakov [logo master_dpi96_small] www.AsTechConsulting.com<http://www.astechconsulting.com/> T 415.291.9911<tel:415.291.9911> The information in this email is intended for the addressee. Any other use of this information is unauthorized and prohibited. _______________________________________________ wasc-satec mailing list wasc-satec@lists.webappsec.org<mailto:wasc-satec@lists.webappsec.org> http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org
SK
Sherif Koussa
Tue, Mar 12, 2013 1:47 AM

I think that could also be added.

On Fri, Mar 8, 2013 at 4:44 PM, McGovern, James james.mcgovern@hp.comwrote:

One scheme I have seen is to separate out developers from auditors.
Another is to separate out integrations of functionality. For example, if
you need to feed info into GRC.****


From: wasc-satec [mailto:wasc-satec-bounces@lists.webappsec.org] On
Behalf Of Sherif Koussa
Sent: Friday, March 08, 2013 4:42 PM
To: Alec Shcherbakov
Cc: wasc-satec@lists.webappsec.org
Subject: Re: [WASC-SATEC] 7.4 Licensing Scheme
**


This seems reasonable, Thoughts everyone?****


Sherif****


On Wed, Mar 6, 2013 at 8:48 PM, Alec Shcherbakov <
alec.shcherbakov@astechconsulting.com> wrote:****

I think section 7.4 Licensing Scheme could use more clarity and structure.
At first I thought this is something I wouldn’t include in the document at
all as licensing scheme is a more of a business topic, but then I changed
my mind. Given the fast-paced nature of the industry (new products, M&A
etc.) the pricing models tend to change often and in many cases special
pricing is worked out for certain customers. The licensing schemes vary
from vendor to vendor and are hard to formalize for the comparison
purposes, but it is still possible to give customers some way of assessing
the total cost of ownership if we can figure out certain licensing and
pricing model features applicable to any product.****

Here are a few examples of the licensing details I’d find useful to
capture:****

  • metered scan (pay-per-line) license
  • pay-per-application license
  • unlimited vs. time-based subscriptions
  • site license: what layers (## of users) are offered?
  • desktop vs. server installation****

Alec Shcherbakov****

[image: logo master_dpi96_small]****


www.AsTechConsulting.com http://www.astechconsulting.com/****


T 415.291.9911 ****


The information in this email is intended for the addressee.  Any other
use of this information is unauthorized and prohibited.
****



wasc-satec mailing list
wasc-satec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org



I think that could also be added. On Fri, Mar 8, 2013 at 4:44 PM, McGovern, James <james.mcgovern@hp.com>wrote: > One scheme I have seen is to separate out developers from auditors. > Another is to separate out integrations of functionality. For example, if > you need to feed info into GRC.**** > > ** ** > > *From:* wasc-satec [mailto:wasc-satec-bounces@lists.webappsec.org] *On > Behalf Of *Sherif Koussa > *Sent:* Friday, March 08, 2013 4:42 PM > *To:* Alec Shcherbakov > *Cc:* wasc-satec@lists.webappsec.org > *Subject:* Re: [WASC-SATEC] 7.4 Licensing Scheme**** > > ** ** > > This seems reasonable, Thoughts everyone?**** > > ** ** > > Sherif**** > > ** ** > > On Wed, Mar 6, 2013 at 8:48 PM, Alec Shcherbakov < > alec.shcherbakov@astechconsulting.com> wrote:**** > > I think section 7.4 Licensing Scheme could use more clarity and structure. > At first I thought this is something I wouldn’t include in the document at > all as licensing scheme is a more of a business topic, but then I changed > my mind. Given the fast-paced nature of the industry (new products, M&A > etc.) the pricing models tend to change often and in many cases special > pricing is worked out for certain customers. The licensing schemes vary > from vendor to vendor and are hard to formalize for the comparison > purposes, but it is still possible to give customers some way of assessing > the total cost of ownership if we can figure out certain licensing and > pricing model features applicable to any product.**** > > Here are a few examples of the licensing details I’d find useful to > capture:**** > > - metered scan (pay-per-line) license > - pay-per-application license > - unlimited vs. time-based subscriptions > - site license: what layers (## of users) are offered? > - desktop vs. server installation**** > > **** > > Alec Shcherbakov**** > > [image: logo master_dpi96_small]**** > > **** > > www.AsTechConsulting.com <http://www.astechconsulting.com/>**** > > **** > > T 415.291.9911 **** > > **** > > *The information in this email is intended for the addressee. Any other > use of this information is unauthorized and prohibited.***** > > **** > > > _______________________________________________ > wasc-satec mailing list > wasc-satec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org > **** > > ** ** >