[GPC] Project Committee Input Needed

Justin Searle justin.searle at owasp.org
Tue Jun 19 14:56:41 UTC 2012

Kate, here are some much delayed responses you your questions, which
ties into Eoin's request in the other thread (all participants from
the other thread included).

> 1.  DHS/HOST call – this needs to be set up with a representative of the GPC
> and someone from HOST to help define which projects will be supported by the
> funding.  Along this same idea, the decision on what is expected from the
> project and how the expectations will be measured also need to be defined
>>>From Eoin's other email:
> Please set up a call with DHS regarding  host. Whomever can attend will
> attend. I want the funding.

I can make myself available for this call anytime on Monday or Friday
next week, and any day the following week.

> 2.  The last meeting listed on the project committee page is in 2011.  I
> know that there has been meetings since then (I’ve been on them) so can I
> help schedule regular meeting times?

Kate, I've sent a separate email to the GPC to organize our next
meeing.  I'm pushing for it to happy in the next 7-10 days so we can
get rid of us being the bottleneck here.

> 3.  How is the GPC participating in the project reboot initiative?  What is
> the criteria for deciding which projects receive funding and what are (if
> any) guidelines for how that funding can be spent (travel, support,
> marketing, cash payouts, etc)?

Technically the GPC hasn't been involved with project reboot to this
point.  We've also been approached by Dinis (also added to this
thread) about his GSD project.  Having two similar projects attempting
to pool money for projects really make sense to me.  I think we as
OWASP need to choose one marketing initiative and move forward with

As for management of the funds and deciding which projects get it, I
propose we manage it similar to how the Chapters Committee manage it.
When people contribue funds, they can earmark them to any project.  We
can handle the DHS funds that way since they specifically mentioned
three projects they were interested in.  We should work with those
three project leaders to figure out their funding needs and what they
must to to meet DHS paperwork requirements.  For initial thought on
dividing those DHS funds between those project is 7k for each of those
three projects with the remaining 4k dropping to a general GPC project

If the contributor chooses, they can contribute funds to the GPC's
general pool for distribution to each project, sch as money that
Project Reboot collects.  This will permit on ongoing effort past
Project Reboot, and makes Project Reboot (or Dinis's GSD) a marketing
tool for this year to collect the funds.  But more importantly, I
think OWASP GPC need to come up with guidelines on how these funds
should (or can) be used, similar to the Chapter's guidelines.  I also
think setting a maximum annual amount that a project can request from
the GPC pool should be set, something like 1k (unless we end up with a
larger pool).  This annual total wouldn't include any funds
contributors directly contribute to that project.

We also need to answer the question if the project leaders can be
payed for their time and efforts.  I don't know if this was ever
solved, discussed, or approved by the board.  But regardless, I think
we need to decide and bury this issue.  Forgive me if this has been
settled to everyone's satisfaction already, I've been out of the loop
since APAC due to a death in the family shortly after that conference
and the subsequent efforts to get caught back up at work.

Another thing which I think would be wise and should be a part of any
GPC guideline document is a maximum hourly rate to pay for
contributions.  To help avoid abuse, and to also make paying leaders
less controversial if the board decides to permit it, I think we
should consider setting the rate extremely low such as $10 USD/hr.
This encourages us to use the funds for other purposes, ensures that
the funds will not be immediate consumed, and allow us to distribute
funds to more projects.  While my contractor rates are exponentially
higher than that, most of us are doing our OWASP projects for free.
Since most of our projects are sole efforts by a single leader (which
will never change IMHO) offering enough funds for them to take their
spouse/girl out to a nice dinner every now and again, assuming the
board permits paying leaders.  $1k could provide 100 hours worth of
time for a large number of different projects.  It would also provide
lots of pizza if they have coding parties.  :-)

> 4.  What is the status of the project centralized system?  How are project
> requests routed?  Will this be moved to Salesforce?  Who on the GPC has
> ownership of this migration?

I'm not sure of the answer of any of these questions.  Only that we as
GPC need to answer them and answer them quickly.  I'm also concerned
about the backlog of new projects that are awaiting feedback from us.
GPC needs to find a way to remove itself as a bottleneck and empower
our project leaders.  This needs to be solved ASAP.

GPC, this is a call to arms!

Justin Searle
Managing Partner - UtiliSec

More information about the Global-projects-committee mailing list