[GPC] Project Committee Input Needed

Tue Jun 19 15:21:49 UTC 2012

Sorry, forgot Eoin.

Justin Searle
Managing Partner - UtiliSec
801-784-2052

On Tue, Jun 19, 2012 at 8:56 AM, Justin Searle <justin.searle at owasp.org> wrote:
> Kate, here are some much delayed responses you your questions, which
> ties into Eoin's request in the other thread (all participants from
> the other thread included).
>
>> 1.  DHS/HOST call – this needs to be set up with a representative of the GPC
>> and someone from HOST to help define which projects will be supported by the
>> funding.  Along this same idea, the decision on what is expected from the
>> project and how the expectations will be measured also need to be defined
>>>>From Eoin's other email:
>> Please set up a call with DHS regarding  host. Whomever can attend will
>> attend. I want the funding.
>
> I can make myself available for this call anytime on Monday or Friday
> next week, and any day the following week.
>
>> 2.  The last meeting listed on the project committee page is in 2011.  I
>> know that there has been meetings since then (I’ve been on them) so can I
>> help schedule regular meeting times?
>
> Kate, I've sent a separate email to the GPC to organize our next
> meeing.  I'm pushing for it to happy in the next 7-10 days so we can
> get rid of us being the bottleneck here.
>
>> 3.  How is the GPC participating in the project reboot initiative?  What is
>> the criteria for deciding which projects receive funding and what are (if
>> any) guidelines for how that funding can be spent (travel, support,
>> marketing, cash payouts, etc)?
>
> Technically the GPC hasn't been involved with project reboot to this
> point.  We've also been approached by Dinis (also added to this
> thread) about his GSD project.  Having two similar projects attempting
> to pool money for projects really make sense to me.  I think we as
> OWASP need to choose one marketing initiative and move forward with
> it.
>
> As for management of the funds and deciding which projects get it, I
> propose we manage it similar to how the Chapters Committee manage it.
> When people contribue funds, they can earmark them to any project.  We
> can handle the DHS funds that way since they specifically mentioned
> three projects they were interested in.  We should work with those
> three project leaders to figure out their funding needs and what they
> must to to meet DHS paperwork requirements.  For initial thought on
> dividing those DHS funds between those project is 7k for each of those
> three projects with the remaining 4k dropping to a general GPC project
> pool.
>
> If the contributor chooses, they can contribute funds to the GPC's
> general pool for distribution to each project, sch as money that
> Project Reboot collects.  This will permit on ongoing effort past
> Project Reboot, and makes Project Reboot (or Dinis's GSD) a marketing
> tool for this year to collect the funds.  But more importantly, I
> think OWASP GPC need to come up with guidelines on how these funds
> should (or can) be used, similar to the Chapter's guidelines.  I also
> think setting a maximum annual amount that a project can request from
> the GPC pool should be set, something like 1k (unless we end up with a
> larger pool).  This annual total wouldn't include any funds
> contributors directly contribute to that project.
>
> We also need to answer the question if the project leaders can be
> payed for their time and efforts.  I don't know if this was ever
> solved, discussed, or approved by the board.  But regardless, I think
> we need to decide and bury this issue.  Forgive me if this has been
> settled to everyone's satisfaction already, I've been out of the loop
> since APAC due to a death in the family shortly after that conference
> and the subsequent efforts to get caught back up at work.
>
> Another thing which I think would be wise and should be a part of any
> GPC guideline document is a maximum hourly rate to pay for
> contributions.  To help avoid abuse, and to also make paying leaders
> less controversial if the board decides to permit it, I think we
> should consider setting the rate extremely low such as $10 USD/hr.
> This encourages us to use the funds for other purposes, ensures that
> the funds will not be immediate consumed, and allow us to distribute
> funds to more projects.  While my contractor rates are exponentially
> higher than that, most of us are doing our OWASP projects for free.
> Since most of our projects are sole efforts by a single leader (which
> will never change IMHO) offering enough funds for them to take their
> spouse/girl out to a nice dinner every now and again, assuming the
> board permits paying leaders.  $1k could provide 100 hours worth of
> time for a large number of different projects.  It would also provide
> lots of pizza if they have coding parties.  :-)
>
>> 4.  What is the status of the project centralized system?  How are project
>> requests routed?  Will this be moved to Salesforce?  Who on the GPC has
>> ownership of this migration?
>
> I'm not sure of the answer of any of these questions.  Only that we as
> GPC need to answer them and answer them quickly.  I'm also concerned
> about the backlog of new projects that are awaiting feedback from us.
> GPC needs to find a way to remove itself as a bottleneck and empower
> our project leaders.  This needs to be solved ASAP.
>
> GPC, this is a call to arms!
>
> Justin Searle
> Managing Partner - UtiliSec
> 801-784-2052