[GPC] [Owasp-board] ESAPI Party

Jason Li jason.li at owasp.org
Fri Sep 23 13:00:43 EDT 2011


That was exactly the point of my email.

There are many things at OWASP that we can spend money on as an organization
- there are an infinite number of positive, valuable thinks that we can can

And someone has to decide the priorities for spending.

As I emphasized at both Tuesday and Thursday Board/Chair meetings, that
someone is *US*.

It is *OUR* responsibility as chairs/Board members to discuss, debate,
decide, and _distribute_ the priorities of the organization.

And that can't happen if we don't sit down at the table and have frank,
honest, open discussions without getting upset and walking out of meetings.

Resolving and moving forward doesn't necessarily mean we all have to agree
on everything. We can agree to disagree - but if the conversation ends
there, we haven't solved anything.

If you want to continue discussing so we can solve the issue, we have
another chance at the Committee Chair session tonight. In the meantime,
let's at least stop cluttering the global projects committee mailing list.


On Fri, Sep 23, 2011 at 11:27 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  Jason,
> We can agree is disagree. It's not alcohol per say. I just think we have
> better things to spend money on.
> - Jim
> Jim,
>  As you know, I am not a big alcohol person either. That said though - you
> really need to remove your personal bias about alcohol from these
> discussion. Alcohol does not in it of itself equal irresponsibility. People
> can be just as irresponsible *with* or *without* alcohol.
>  In fact, it would be very easy to simply hold parties *without* alcohol
> and still incur expenses at a similar or HIGHER level.
>  So the bottom line question is not whether it's appropriate to buy
> alcohol. It's whether or not a social gathering in support and interest of a
> project is an expenditure that supports the OWASP mission.
>  And the universal consensus around the room last night was that we should
> be encouraging and enabling our leaders to grow OWASP and help them be
> responsible stewards of OWASP funds.
>  Yes, keeping the lights on is important. But growing OWASP and leader
> empowerment is important too. It's a HARD discussion.
>  And we should NOT be asking chapter and project leaders to wear two hats
> and solve that problem.
>  It is *OUR* responsibility as Committee Chairs and as Board members to
> address those hard questions so that they can focus on growing and
> supporting their chapter/project/event/effort.
>  We are not going to solve the question by calling out every effort by a
> chapter, project, or event.
>  Nor are we going to be able to provide the leadership and guidance the
> rest of the community wants if we don't approach the problem with an open
> mind. If we walk away every time we come to hard discussions, we'll never
> solve those hard problems.
> Is prioritization of expenditures a problem we need to solve? YES. Are we
> going to solve it by constantly railing about alcohol? NO.
>  For what it's worth, Chris has already stated that Aspect has decided to
> sponsor the ESAPI launch party so this specific event is now a non-issue.
>  But as we discussed and concluded at the Chairs/Board meeting last night
> (which you may not have heard since you walked out), we Chairs/Board members
> have the action item to draft policies to guide our leaders towards
> appropriate expenditures of OWASP funds.
>  -Jason
> On Fri, Sep 23, 2011 at 10:48 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>  Less alcohol purchases is probably a good thing. Waiting to drink until
>> *after* the board meeting is something to consider as well.
>> If I had to vote between keeping the lights on and paying for beer, I'd go
>> lights.
>> Even some of the most drunk bastards within OWASP have confided in me that
>> we, especially at Portugal, go to extremes when it comes to this topic.
>> - Jim
>>   Vote to approve the "meet-up"  always helps our efforts and community.
>>  **bookmark this all**
>> https://www.owasp.org/index.php/Donation_Scoreboard
>>  There is no budget in the project bucket for ESAPI hmm....
>>  Perhaps you can find a sponsor example Denim/Aspect/Cigital/WhiteHat or
>> the otherson the show floor or any of the other involved ESAPI or get a
>> chapter to help it (Denver, NYC, San Ant, etc...)
>>  Pass the hat and ask for $20 bucks
>>  Are we having fun yet or have we now become a "dry county" organization.
>> On Sep 23, 2011, at 10:10 AM, Jason Li <jason.li at owasp.org> wrote:
>>  Chairs/Board/GPC,
>>  Based on the Board/Chair discussion last night, I believe the general
>> consensus was that these types of events for projects are reasonable and
>> supported (with some sanity-check BS-meter type caveats). Note that each
>> committee has an action item to draft guidance regarding appropriate
>> expenditures for their areas of responsibilities (chapters, projects, etc).
>>  Everyone's concern over the OWAS ModSecurity Core Rule Set event
>> reimbursement request was that:
>> 1) The reimbursement request for the event was preceded by a request that
>> was NOT appropriate (the "if dad says no, ask mom" problem)
>> 2) The event was not clearly an event about an OWASP Project (someone
>> attested that as an attendee, it "felt" like a Trustwave event about
>> ModSecurity, not an OWASP event about the Core Rule Set)
>>  In the case of this ESAPI party, the "plan" and "intent" have been
>> stated and the event is clearly an event about an OWASP Project.
>>  While we haven't yet decided on a process, *one* of the proposed methods
>> of budget approval for these events brought up was that the "approval" role
>> for such project expenditures should lie with the Project Leader, followed
>> by the GPC Chair, followed by the Treasurer/Board.
>>  Since Chris is the project leader and it is his event, it'd be
>> inappropriate for his approval.
>>  For the record, based on the Board's/Chair's mutual understanding, I
>> believe this event should be approved and would normally approve the
>> expenditure. However, as the party is planned to be held in the room that I
>> am sharing with Chris, I feel that I should abstain from this process to
>> prevent the appearance of conflict of interest.
>>  I ask that the approval decision instead be made by the Treasurer (or
>> the Board as appropriate).
>>  -Jason
>> ---------- Forwarded message ----------
>> From: Chris Schmidt <chris.schmidt at owasp.org>
>> Date: Fri, Sep 23, 2011 at 9:17 AM
>> Subject: ESAPI Party
>> To: Jason Li <jason.li at owasp.org>, Tom Brennan <tomb at owasp.org>, Michael
>> Coates <michael.coates at owasp.org>, Dave Wichers <dave.wichers at owasp.org>,
>> Kate Hartmann <kate.hartmann at owasp.org>, matt.tesauro at owasp.org, "
>> eoin.keary at owasp.org" <eoin.keary at owasp.org>
>>  All -
>> Given the events of last night’s meeting, Kate wanted to to run this up
>> the flagpole so that we are sure everyone is on the same page.
>> As you guys are aware, I had planned on having a Room Party to celebrate
>> the ESAPI 2.0 release tonight. My plan with this (from the beginning) was to
>> charge this to the ESAPI budget as I don’t *personally* have the money to
>> do the party.
>> I am not sure what the actual cost will be, but what I had planned on was
>> 4 Bottles of wine
>> 2 Cases of Beer
>> 2 Bags of Chips
>> Salsa
>> Dip
>> I had hoped that since we are all here I could charge this directly to the
>> ESAPI budget and not buy It and expense for reimbursement. However, Kate
>> expressed concern given after the meeting last night that this may not even
>> be a reimbursable event. Rather than chasing everyone around, I figured the
>> simplest form of resolution was to do this over e-mail. I would like to get
>> this resolved, one way or the other this morning as early as possible so I
>> can make other arrangements if necessary.
>> Chris Schmidt
>> ESAPI Project Leader (http://www.esapi.org)
>> Blog: http://yet-another-dev.blogspot.com
>>   _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>  --
>> Jim Manico
>> Connections Committee Chair
>> Cheatsheet Series Product Manager
>> OWASP Podcast Producer/Host
>> jim at owasp.orgwww.owasp.org
> --
> Jim Manico
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> jim at owasp.orgwww.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110923/b26bbd91/attachment.html 

More information about the Global-projects-committee mailing list