[GPC] [Owasp-board] ESAPI Party
jim.manico at owasp.org
Fri Sep 23 12:27:21 EDT 2011
We can agree is disagree. It's not alcohol per say. I just think we have
better things to spend money on.
> As you know, I am not a big alcohol person either. That said though -
> you really need to remove your personal bias about alcohol from these
> discussion. Alcohol does not in it of itself equal irresponsibility.
> People can be just as irresponsible *with* or *without* alcohol.
> In fact, it would be very easy to simply hold parties *without*
> alcohol and still incur expenses at a similar or HIGHER level.
> So the bottom line question is not whether it's appropriate to buy
> alcohol. It's whether or not a social gathering in support and
> interest of a project is an expenditure that supports the OWASP mission.
> And the universal consensus around the room last night was that we
> should be encouraging and enabling our leaders to grow OWASP and help
> them be responsible stewards of OWASP funds.
> Yes, keeping the lights on is important. But growing OWASP and leader
> empowerment is important too. It's a HARD discussion.
> And we should NOT be asking chapter and project leaders to wear two
> hats and solve that problem.
> It is *OUR* responsibility as Committee Chairs and as Board members to
> address those hard questions so that they can focus on growing and
> supporting their chapter/project/event/effort.
> We are not going to solve the question by calling out every effort by
> a chapter, project, or event.
> Nor are we going to be able to provide the leadership and guidance the
> rest of the community wants if we don't approach the problem with an
> open mind. If we walk away every time we come to hard discussions,
> we'll never solve those hard problems.
> Is prioritization of expenditures a problem we need to solve? YES. Are
> we going to solve it by constantly railing about alcohol? NO.
> For what it's worth, Chris has already stated that Aspect has decided
> to sponsor the ESAPI launch party so this specific event is now a
> But as we discussed and concluded at the Chairs/Board meeting last
> night (which you may not have heard since you walked out), we
> Chairs/Board members have the action item to draft policies to guide
> our leaders towards appropriate expenditures of OWASP funds.
> On Fri, Sep 23, 2011 at 10:48 AM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
> Less alcohol purchases is probably a good thing. Waiting to drink
> until *after* the board meeting is something to consider as well.
> If I had to vote between keeping the lights on and paying for
> beer, I'd go lights.
> Even some of the most drunk bastards within OWASP have confided in
> me that we, especially at Portugal, go to extremes when it comes
> to this topic.
> - Jim
>> Vote to approve the "meet-up" always helps our efforts and
>> **bookmark this all**
>> There is no budget in the project bucket for ESAPI hmm....
>> Perhaps you can find a sponsor example
>> Denim/Aspect/Cigital/WhiteHat or the otherson the show floor or
>> any of the other involved ESAPI or get a chapter to help it
>> (Denver, NYC, San Ant, etc...)
>> Pass the hat and ask for $20 bucks
>> Are we having fun yet or have we now become a "dry county"
>> On Sep 23, 2011, at 10:10 AM, Jason Li <jason.li at owasp.org
>> <mailto:jason.li at owasp.org>> wrote:
>>> Based on the Board/Chair discussion last night, I believe the
>>> general consensus was that these types of events for projects
>>> are reasonable and supported (with some sanity-check BS-meter
>>> type caveats). Note that each committee has an action item to
>>> draft guidance regarding appropriate expenditures for their
>>> areas of responsibilities (chapters, projects, etc).
>>> Everyone's concern over the OWAS ModSecurity Core Rule Set event
>>> reimbursement request was that:
>>> 1) The reimbursement request for the event was preceded by a
>>> request that was NOT appropriate (the "if dad says no, ask mom"
>>> 2) The event was not clearly an event about an OWASP Project
>>> (someone attested that as an attendee, it "felt" like a
>>> Trustwave event about ModSecurity, not an OWASP event about the
>>> Core Rule Set)
>>> In the case of this ESAPI party, the "plan" and "intent" have
>>> been stated and the event is clearly an event about an OWASP
>>> While we haven't yet decided on a process, *one* of the proposed
>>> methods of budget approval for these events brought up was that
>>> the "approval" role for such project expenditures should lie
>>> with the Project Leader, followed by the GPC Chair, followed by
>>> the Treasurer/Board.
>>> Since Chris is the project leader and it is his event, it'd be
>>> inappropriate for his approval.
>>> For the record, based on the Board's/Chair's mutual
>>> understanding, I believe this event should be approved and would
>>> normally approve the expenditure. However, as the party is
>>> planned to be held in the room that I am sharing with Chris, I
>>> feel that I should abstain from this process to prevent the
>>> appearance of conflict of interest.
>>> I ask that the approval decision instead be made by the
>>> Treasurer (or the Board as appropriate).
>>> ---------- Forwarded message ----------
>>> From: *Chris Schmidt* <chris.schmidt at owasp.org
>>> <mailto:chris.schmidt at owasp.org>>
>>> Date: Fri, Sep 23, 2011 at 9:17 AM
>>> Subject: ESAPI Party
>>> To: Jason Li <jason.li at owasp.org <mailto:jason.li at owasp.org>>,
>>> Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>>, Michael
>>> Coates <michael.coates at owasp.org
>>> <mailto:michael.coates at owasp.org>>, Dave Wichers
>>> <dave.wichers at owasp.org <mailto:dave.wichers at owasp.org>>, Kate
>>> Hartmann <kate.hartmann at owasp.org
>>> <mailto:kate.hartmann at owasp.org>>, matt.tesauro at owasp.org
>>> <mailto:matt.tesauro at owasp.org>, "eoin.keary at owasp.org
>>> <mailto:eoin.keary at owasp.org>" <eoin.keary at owasp.org
>>> <mailto:eoin.keary at owasp.org>>
>>> All -
>>> Given the events of last night’s meeting, Kate wanted to to run
>>> this up the flagpole so that we are sure everyone is on the same
>>> As you guys are aware, I had planned on having a Room Party to
>>> celebrate the ESAPI 2.0 release tonight. My plan with this (from
>>> the beginning) was to charge this to the ESAPI budget as I don’t
>>> *personally* have the money to do the party.
>>> I am not sure what the actual cost will be, but what I had
>>> planned on was
>>> 4 Bottles of wine
>>> 2 Cases of Beer
>>> 2 Bags of Chips
>>> I had hoped that since we are all here I could charge this
>>> directly to the ESAPI budget and not buy It and expense for
>>> reimbursement. However, Kate expressed concern given after the
>>> meeting last night that this may not even be a reimbursable
>>> event. Rather than chasing everyone around, I figured the
>>> simplest form of resolution was to do this over e-mail. I would
>>> like to get this resolved, one way or the other this morning as
>>> early as possible so I can make other arrangements if necessary.
>>> Chris Schmidt
>>> ESAPI Project Leader (http://www.esapi.org)
>>> Blog: http://yet-another-dev.blogspot.com
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> Jim Manico
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> jim at owasp.org <mailto:jim at owasp.org>
> www.owasp.org <http://www.owasp.org>
Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host
jim at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global-projects-committee