[GPC] Project Committee Input Needed
justin.searle at owasp.org
Tue Jun 19 15:09:34 UTC 2012
Can someone forward this email to the board? I got denied since I
wasn't on the list. Unless spam is a problem with this list, it would
be nice to allow anyone to send emails to the board without being
subscribed. At a minimal we should allow any @owasp.org address email
Managing Partner - UtiliSec
On Tue, Jun 19, 2012 at 8:56 AM, Justin Searle <justin.searle at owasp.org> wrote:
> Kate, here are some much delayed responses you your questions, which
> ties into Eoin's request in the other thread (all participants from
> the other thread included).
>> 1. DHS/HOST call – this needs to be set up with a representative of the GPC
>> and someone from HOST to help define which projects will be supported by the
>> funding. Along this same idea, the decision on what is expected from the
>> project and how the expectations will be measured also need to be defined
>>>>From Eoin's other email:
>> Please set up a call with DHS regarding host. Whomever can attend will
>> attend. I want the funding.
> I can make myself available for this call anytime on Monday or Friday
> next week, and any day the following week.
>> 2. The last meeting listed on the project committee page is in 2011. I
>> know that there has been meetings since then (I’ve been on them) so can I
>> help schedule regular meeting times?
> Kate, I've sent a separate email to the GPC to organize our next
> meeing. I'm pushing for it to happy in the next 7-10 days so we can
> get rid of us being the bottleneck here.
>> 3. How is the GPC participating in the project reboot initiative? What is
>> the criteria for deciding which projects receive funding and what are (if
>> any) guidelines for how that funding can be spent (travel, support,
>> marketing, cash payouts, etc)?
> Technically the GPC hasn't been involved with project reboot to this
> point. We've also been approached by Dinis (also added to this
> thread) about his GSD project. Having two similar projects attempting
> to pool money for projects really make sense to me. I think we as
> OWASP need to choose one marketing initiative and move forward with
> As for management of the funds and deciding which projects get it, I
> propose we manage it similar to how the Chapters Committee manage it.
> When people contribue funds, they can earmark them to any project. We
> can handle the DHS funds that way since they specifically mentioned
> three projects they were interested in. We should work with those
> three project leaders to figure out their funding needs and what they
> must to to meet DHS paperwork requirements. For initial thought on
> dividing those DHS funds between those project is 7k for each of those
> three projects with the remaining 4k dropping to a general GPC project
> If the contributor chooses, they can contribute funds to the GPC's
> general pool for distribution to each project, sch as money that
> Project Reboot collects. This will permit on ongoing effort past
> Project Reboot, and makes Project Reboot (or Dinis's GSD) a marketing
> tool for this year to collect the funds. But more importantly, I
> think OWASP GPC need to come up with guidelines on how these funds
> should (or can) be used, similar to the Chapter's guidelines. I also
> think setting a maximum annual amount that a project can request from
> the GPC pool should be set, something like 1k (unless we end up with a
> larger pool). This annual total wouldn't include any funds
> contributors directly contribute to that project.
> We also need to answer the question if the project leaders can be
> payed for their time and efforts. I don't know if this was ever
> solved, discussed, or approved by the board. But regardless, I think
> we need to decide and bury this issue. Forgive me if this has been
> settled to everyone's satisfaction already, I've been out of the loop
> since APAC due to a death in the family shortly after that conference
> and the subsequent efforts to get caught back up at work.
> Another thing which I think would be wise and should be a part of any
> GPC guideline document is a maximum hourly rate to pay for
> contributions. To help avoid abuse, and to also make paying leaders
> less controversial if the board decides to permit it, I think we
> should consider setting the rate extremely low such as $10 USD/hr.
> This encourages us to use the funds for other purposes, ensures that
> the funds will not be immediate consumed, and allow us to distribute
> funds to more projects. While my contractor rates are exponentially
> higher than that, most of us are doing our OWASP projects for free.
> Since most of our projects are sole efforts by a single leader (which
> will never change IMHO) offering enough funds for them to take their
> spouse/girl out to a nice dinner every now and again, assuming the
> board permits paying leaders. $1k could provide 100 hours worth of
> time for a large number of different projects. It would also provide
> lots of pizza if they have coding parties. :-)
>> 4. What is the status of the project centralized system? How are project
>> requests routed? Will this be moved to Salesforce? Who on the GPC has
>> ownership of this migration?
> I'm not sure of the answer of any of these questions. Only that we as
> GPC need to answer them and answer them quickly. I'm also concerned
> about the backlog of new projects that are awaiting feedback from us.
> GPC needs to find a way to remove itself as a bottleneck and empower
> our project leaders. This needs to be solved ASAP.
> GPC, this is a call to arms!
> Justin Searle
> Managing Partner - UtiliSec
More information about the Global-projects-committee