Jason Li jason.li at owasp.org
Fri Sep 23 11:10:48 EDT 2011


Based on the Board/Chair discussion last night, I believe the general
consensus was that these types of events for projects are reasonable and
supported (with some sanity-check BS-meter type caveats). Note that each
committee has an action item to draft guidance regarding appropriate
expenditures for their areas of responsibilities (chapters, projects, etc).

Everyone's concern over the OWAS ModSecurity Core Rule Set event
reimbursement request was that:
1) The reimbursement request for the event was preceded by a request that
was NOT appropriate (the "if dad says no, ask mom" problem)
2) The event was not clearly an event about an OWASP Project (someone
attested that as an attendee, it "felt" like a Trustwave event about
ModSecurity, not an OWASP event about the Core Rule Set)

In the case of this ESAPI party, the "plan" and "intent" have been stated
and the event is clearly an event about an OWASP Project.

While we haven't yet decided on a process, *one* of the proposed methods of
budget approval for these events brought up was that the "approval" role for
such project expenditures should lie with the Project Leader, followed by
the GPC Chair, followed by the Treasurer/Board.

Since Chris is the project leader and it is his event, it'd be inappropriate
for his approval.

For the record, based on the Board's/Chair's mutual understanding, I believe
this event should be approved and would normally approve the expenditure.
However, as the party is planned to be held in the room that I am sharing
with Chris, I feel that I should abstain from this process to prevent the
appearance of conflict of interest.

I ask that the approval decision instead be made by the Treasurer (or the
Board as appropriate).


---------- Forwarded message ----------
From: Chris Schmidt <chris.schmidt at owasp.org>
Date: Fri, Sep 23, 2011 at 9:17 AM
Subject: ESAPI Party
To: Jason Li <jason.li at owasp.org>, Tom Brennan <tomb at owasp.org>, Michael
Coates <michael.coates at owasp.org>, Dave Wichers <dave.wichers at owasp.org>,
Kate Hartmann <kate.hartmann at owasp.org>, matt.tesauro at owasp.org, "
eoin.keary at owasp.org" <eoin.keary at owasp.org>

 All -

Given the events of last night’s meeting, Kate wanted to to run this up the
flagpole so that we are sure everyone is on the same page.

As you guys are aware, I had planned on having a Room Party to celebrate the
ESAPI 2.0 release tonight. My plan with this (from the beginning) was to
charge this to the ESAPI budget as I don’t *personally* have the money to do
the party.

I am not sure what the actual cost will be, but what I had planned on was

4 Bottles of wine
2 Cases of Beer
2 Bags of Chips

I had hoped that since we are all here I could charge this directly to the
ESAPI budget and not buy It and expense for reimbursement. However, Kate
expressed concern given after the meeting last night that this may not even
be a reimbursable event. Rather than chasing everyone around, I figured the
simplest form of resolution was to do this over e-mail. I would like to get
this resolved, one way or the other this morning as early as possible so I
can make other arrangements if necessary.

Chris Schmidt
ESAPI Project Leader (http://www.esapi.org)
Blog: http://yet-another-dev.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110923/c1e0cee5/attachment.html 

More information about the Global-projects-committee mailing list