Board has agreed with NLnet to create a plan of Self-Sustainability. This page presents a collected set of ideas in brainstorming mode. Nothing here should be taken as agreed or intended, and indeed many of the ideas are flagrantly against our principles. That is deliberate, this is brainstorming. If there is some guess of income for an idea please provide an estimation.
Please add and expand, rather than take away. If you disagree, add a comment why.
Indication only of CAcert Income from Oct 2006 to Oct 2007 (AU$)
This does not include support from;
- link ads (at bottom of menu on CAcert front page)
- NLnet funding of various events
- Oophaga funding:
Sun/AMD 4*servers, Tunix 4*PC's, NetApps, Cisco 2*switches hardware sponsorship
- Tunix and SUN/AMD support sponsorship
- NLnet, NLUUG, IAE and HCC fin. fundinding
SportReportNet5 GmbH. DNS sponsorship
- Others ?
As can be seen the major component of CAcert income is from Google Ads. This is what affects the bottom line the most when financial reports will be lodged with Office of fair trading.
However every important event where we have managed to move CAcert to the next level has been funded externally. This can't continue, we can't keep going to sponsors with our hands out. We have to be seen to be self sufficient now. This income will not pay for hosting of 1RU server in a colo facility!
Greg and Henrik both have some T-shirt operations there. There could be different types of T-shirts: CAcert, CAcert Assurer (only available for Assurers), back side: certified. Income: 100 T-shirts per year: 200 euro?
Assurer caps (ease recognistion on events): 50 caps per year (probably no income). PR value.
Teus produces Assurer badges. The current ones were funded by NLnet. More PR value.
Henrik is negotiating CAcert logo on USB tokens.
Rob/Treasurer was asked to look at this at top although the minutes did not record that.
Comment: At present the T-shirt shop seems to be for the benefit of customers and not for the benefit of CAcert. There seems to be a reluctance to establish a margin of profit on merchandise sold as this is construed as a disadvantage for the Assurers out there that want to identify themselves as CAcert people! I don't seem to be able to get the people that manage it to understand that CAcert is in need of financial support and that nobody will be interested in buying a CAcert T-shirt when CAcert doesn't exist anymore. First things first, let’s get CAcert on its feet! RRC
Sell the CAcert Assurer Handbook in pretty print with hard cover (still downloadable for free with open license) Consider LuLu.com (gstark)
Sell CAcert Assurer pins,
sell CAcert assurer notices (Jens Paul).
Expand the Fee Base
The existing Price page covers fees for some items. This could be expanded.
Some have suggested that fees be charged for organisational certificates, although that would impact on the mission and the Principles.
- cut of fee for assurance (org or individual)
Expand the donations base.
Possibility to donate CAcert yearly as yearly sponsor, similar as FSFE Fellowship?
One possibility is to suggest that people and organisations routinely donate a percentage of activity. E.g., if a company facilitates an OA and setup into a client, it donates X% from its invoice. Commercial operations that impact on CAcert include:
- running a training course that uses certificates
setting up a company to use OA and/or certificates inhouse (100 euro / OA donated? -> income 25% of 1000 X 100 gives 2500 euro per year.
Aspects to consider:
for tax deductability, we should encourage country FoundationsAndAssociations.
methods for transferring money from them back to parent... maybe charge them an (internal only) fee for assurance... the remittance of funds back to parent may be covered under the wip Policy on Foundations.
Comment from Philipp; Add donation button to page where people successfully get their certificate.
Sample donation buttons:
There is a demand for more coursework coming in due to the Assurer testing programme. As this expands, it is possible to expand the usage of the coursework outside to commercial trainers.
The Principles says Training: We train our users. We train our users to train other users. If we accept someone in a role, we train, we test, and we support them. The training is provided for free. For our core community roles such as Assurer, sufficient quality training will be available at no charge. This does not preclude cost recovery for commercial services.
Then, once into courses, we also see courseware, testing, accreditation, tutorials, the full monty.
Funding from third parties is a possibility, and many open source organisations survive this way.
- BSI funds GPG, for example
- NLnet has funded several CAcert projects
- add sources here...
Funding would divide into project and ongoing.
Estimate: 10K per year as formal funding.
CAcert subsidary organisations
Funding from CAcert liason foundations and associations in countries. To raise funds in a particular can be easier and is more direct. Examples are: Oophaga Foundation (funding server hardware, ISP, local PR) in Holland and the German secure-u association (established in December 2007).
Google advertisements on web, wiki and blog pages. Income estimation: 3000 euro per year?
Direct advertisements: ??? €$£¥ per year.
Improve marketing of the Website:
- Add meta tags to help search engines properly categorize the CAcert website.
- Manage our wikipedia.org information (make sure we are referenced on all things relating to internet security (where appropriate of coarse.)
- Develop a list of sites we would like to be mentioned on and get mentioned (linked.)
Other ideas, taken from top minutes. Where some comment exists, they can be moved above into a section.
- sell related items like flash drives, smartcard readers. Cooperation with FSFE GPG? income: 200 euro per year (more PR value).
- accelerator cards for servers? Associated consulting?
- more ad space
- CA rating service?
- review service to check security of other pages
- conference and/or workshops
- CAcert adds value to other people's conferences / exhibitions
- or inside an exhibitors booth
- or with other cooperating organizations
- writing articles
- for money
- in return for a free ad
- sell security services
- finder's fee for recommending someone else for security service / legal work
- Publish white papers on CAcert site, to get more visibility.
- Creating unique certificate based products to attract donators that are currently buying certificates elsewhere