[Global_chapter_committee] [Global_conference_committee] [Global_membership_committee] Conference/Chapter Revenue Splitting

Richard Greenberg richard.greenberg at owasp.org
Wed Dec 22 11:09:23 EST 2010


Firstly, the Chapters are OWASP. Clearly you will have a hard argument to
deny any funding to chapters that host a conference. That just is not
prudent. The discussion should be what percentage the chapters get, should
there be a cap, and are there any strings attached.

On Wed, Dec 22, 2010 at 10:26 AM, Mark Bristow <mark.bristow at owasp.org>wrote:

> There's the fundamental disagreement.  It's not the chapter's money, it's
> OWASP's.
>
> What's at debate here is what, if any, profit should be shared with local
> chapters who host OWASP conferences.
>
>
> -Mark
>
> Sent from my wireless device
>
> On Dec 22, 2010, at 9:59 AM, Richard Greenberg <
> richard.greenberg at owasp.org> wrote:
>
> As both an LA Chapter Board Member and GCC member, I am well positioned
> (I'd better be) to weigh in on this passionate discussion. I have not yet
> read a false statement from anyone, which means we are all speaking at a
> high level. Of course, there must be some resolution to this hot issue, so
> here are my thoughts.
>
> Any local chapter that takes on the responsibility for a local hosting of a
> Global AppSec conference does so with the understanding that they are the
> ones who are in charge and must bear the responsibility for the success or
> failure of the conference, both in terms of content and financially. We in
> SoCal spent countless hours on all the conference planning tasks, from venue
> issues to reception planning, from spreading the word for and vetting
> speakers to getting sponsorships (and I personally got a number of these).
> We are not paid OWASP employees, but of course all have other jobs, that we
> put in much more than a 40 hour work week to be successful. Yet we still all
> found the time to indeed make the conference a success. Why did we do this?
> No, it was never directly about the money. Yes, it involved the money, but
> solely to build the LA Chapter. LA is the largest megalopolis in the
> country, yet its participation at OWASP meetings is not proportional to
> this. We are using AppSec as a beacon to light the way for the development
> and appsec community to come into the OWASP fold. Word of mouth is
> important, but much of the efforts require cold hard cash, the kind that was
> brought in from AppSec. Los Angeles is often looked at as a driving force in
> initiatives for the rest of the country, and we are setting our goals
> appropriately. Look at the success New York OWASP has been having. LA needs
> to be at that level!
>
> Stepping up a level, any local chapter that takes on the hosting
> responsibility should receive the funding it needs for it's initiatives,
> provided it has generated that income for both OWASP and the chapter itself.
> It should not be the role of OWASP to dictate what the chapter must do with
> its money, unless there is a clear misuse or poorly chosen direction. We
> have highly motivated , intelligent, and resourceful Chapter Leaders that
> have that responsibility. Let's remember not to covet others riches, but to
> respect the capacity of each Chapter to build and spread the OWASP concepts
> to as many people/companies as possible.
>
> On Wed, Dec 22, 2010 at 9:26 AM, Kate Hartmann < <kate.hartmann at owasp.org>
> kate.hartmann at owasp.org> wrote:
>
>> Tin, I am really not picking on you, individually, but need to really
>> speak up on this subject since it is a very critical one for the foundation
>> as an organization.
>>
>>
>>
>> Tin, please be careful when you bring in phrases like, “this is the core
>> of the matter here.”  Really, I disagree with that statement.  The idea is
>> not that simple – guilt.
>>
>> We are working on a global solutions to the chapter funding.  Not every
>> chapter can host an AppSec and the regional events do not bring in that much
>> revenue.  We need to think about the message we send to EVERYONE.
>>
>> Hosting an AppSec or any conference should really not be about the money.
>> In fact, until very recently, the local chapter did not receive ANY split
>> and we still had lots of chapters asking to host the conference.  In 2008,
>> as a result of the first Summit, the Membership model was modified to
>> provide local chapter’s a 40% share of incoming membership fees.  This means
>> that a corporate supporter attached to a local chapter would generate $2K.
>> There are many chapters who have used this “seed money” to drive membership,
>> participation, and bring in additional chapter revenue through corporate
>> supporters.
>>
>>
>>
>> Looking  at the first paragraph about OWASP on the website, at the mission
>> of OWASP, it reads:
>>
>>
>>
>> “The Open Web Application Security Project (OWASP) is a 501c3
>> not-for-profit worldwide charitable organization focused on improving the
>> security of application software. Our mission is to make application
>> security visible, so that people and organizations can make informed
>> decisions about true application security risks. Everyone is free to
>> participate in OWASP and all of our materials are available under a free and
>> open software license. “
>>
>>
>>
>> It is MY OPINION based on what I have seen Globally, energy spent on
>> Membership is more financially rewarding in the long term, and, hour for
>> hour, provides a greater return on investment.  The profits for an AppSec
>> conference are really the result of turning the membership relationships
>> into sponsorships.
>>
>>
>>
>> Tin, really, I challenge you to look at the sponsorship revenue from
>> AppSec US and point to the *local* companies that stepped up to sponsor
>> the event.  Most of them are Corporate sponsors at the foundation level that
>> I was able to connect with to generate sponsorship for the event.
>> Additionally, it was the mailing lists created by the foundation and the
>> blasts that generated a good portion of the attendance for the conference.
>>
>>
>>
>> The conferences committee is debating an opportunity to essentially reward
>> the local chapter for their investment in time with the equivalent of 2 or 3
>> corporate membership splits as funds to continue the efforts in that
>> region.  One of the proposals on the table is to use the remaining split of
>> the profits to assist other, smaller, newer chapters who otherwise would not
>> have the funds to secure a venue, print flyers, bring in speakers, or find
>> other ways to promote OWASP.
>>
>> I am sorry if it seem like I’m being harsh on you.  I see OWASP from the
>> center and therefore very often try to find a compromise that benefits the
>> entire organization.
>>
>>
>>
>> Kate Hartmann
>>
>> Operations Director
>>
>> 301-275-9403
>>
>> www.owasp.org
>>
>> Skype:  Kate.hartmann1
>>
>>
>>
>> *From:* <global_conference_committee-bounces at lists.owasp.org>
>> global_conference_committee-bounces at lists.owasp.org [mailto:<global_conference_committee-bounces at lists.owasp.org>
>> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *Tin
>> Zaw
>> *Sent:* Tuesday, December 21, 2010 10:47 PM
>> *To:* Mark Bristow
>> *Cc:* <global_chapter_committee at lists.owasp.org>
>> global_chapter_committee at lists.owasp.org; Eoin; Lucas Ferreira;
>> <Global_membership_committee at lists.owasp.org>
>> Global_membership_committee at lists.owasp.org; global_conference_committee
>> *Subject:* Re: [Global_conference_committee] [Global_chapter_committee]
>> [Global_membership_committee] Conference/Chapter Revenue Splitting
>>
>>
>>
>> Mark, you do not need to snip anything. I said it on the record and I
>> stand by it.
>>
>>
>>
>> And I agree, OWASP's needs come first, hence 75% of the proceeds, and the
>> local chapter's needs come second, hence 25% of the proceeds. In this case,
>> the local chapters over-fund OWASP, not the other way around.
>>
>>
>>
>> After such split, with OWASP being first, local chapters should have
>> certain freedom, within OWASP guidelines, on how they allocate their funds.
>> They should not feel guilty for it. In case it is not noticed, this is the
>> core of the matter here.
>>
>>
>>
>> As I mentioned for the Summit cost, I am willing to negotiate, and I
>> believe Kate and Dinis have made some good arguments on why spending chapter
>> funds for the Summit is a good idea.
>>
>> We could go a long way if we all collaborate.
>>
>>
>>
>> Cheers!
>>
>>
>>
>>
>>
>> On Tue, Dec 21, 2010 at 6:52 PM, Mark Bristow < <mark.bristow at owasp.org>
>> mark.bristow at owasp.org> wrote:
>>
>> This to me is a great example of why we should not over-fund chapters....
>>
>>
>>
>> Some context, this chapter is proposing that, even tho they have ample
>> funds to send some of their leaders to the summit, that they split the cost
>> 50/50 with the foundation even after Tom's call for "donations" to the
>> summit fund from local chapter funds.  Clearly the summit is a huge priority
>> for OWASP, however in the isolation of this chapter, it's not as important.
>>
>>
>>
>> <snip>
>>
>> As for local chapter funds, I have not been informed of, nor do I
>> subscribe to the notion that funds are to be used for next calendar year.
>> Our plans for chapter funds are for 2011 and beyond, with recognition that
>> we will not be hosting AppSec -- and enjoy its proceeds -- anytime soon. Our
>> current plans include more local outreach, support for local university
>> chapters, and potential rental expenses for chapter meetings or
>> mini-conferences when we outgrow space. In addition, I plan to leave the
>> chapter in a better financial shape when I step down one day.
>>
>>
>>
>> I hope my points are understandable. I also understand that OWASP plans to
>> bring as many people as possible, and if and when it comes down to financial
>> necessity, I am willing to negotiate other options.
>>
>> </snip>
>>
>>
>>
>> While I've snipped out the bits that identify the chapter, the message is
>> almost perfectly intact.  It's pretty clear to me that the foundation could
>> really use some of these funds currently, however the chapter disagrees and
>> therefore we have to hunt for funds elsewhere.
>>
>>
>>
>> I agree it's a TON of work to organize a conference, I've done it directly
>> 2 years in a row.  But the motivation for doing so should not be a financial
>> one and the needs of the foundation should always come first, because in the
>> end, it was an OWASP event, not a chapter one.
>>
>>
>>
>> On Sun, Dec 19, 2010 at 2:58 AM, dinis cruz < <dinis.cruz at owasp.org>
>> dinis.cruz at owasp.org> wrote:
>>
>> The Samy tour is a great example of what happens when you remove from the
>> Chapters the responsibility to make the initial decision (and some of the
>> financial cost).
>>
>>
>>
>> John's email below is spot on, when I talk about 'financial paralysis' and
>> the inability from our chapter leaders to spend (or ask) for money, that is
>> exactly what I'm talking about. If (in the curent model) John W. doesn't
>> feel confortable in asking for money, then who is?
>>
>>
>> Our current OWASP culture, doesn't promote a 'spending proactivity' of our
>> projects and chapter leaders. In fact, it is not even enough to say *'here
>> is money, we trust you, go and spend it'* (as we see with the 30k
>> allocated to Projects, Committees and Chapters which has barely been used).
>>
>>
>>
>> I think that this is a reflection of the normal non-OWASP world where
>> there are always very strong controls on the use of financial resources.
>>
>>
>>
>> Add to that a *"I don't need the headache of having to justify why I need
>> the money"* to a *"If I'm doing this for OWASP and I have the track
>> record, why should I even have to justify it"* to a *"I really like OWASP
>> and don't want to spend the resources badly"*  to a *"What are the rules
>> for engagement if it doesn't work out as well as I would like it to?"*you have a perfect storm for inaction
>>
>> Dinis Cruz
>>
>>
>>
>> On 17 December 2010 12:21, John Wilander < <john.wilander at owasp.org>
>> john.wilander at owasp.org> wrote:
>>
>> Gosh, some heavy emailing going on here.
>>
>>
>>
>> Just a short one to answer Mark's request for examples of chapters being
>> denies funding.
>>
>>
>>
>> I think this is not a case of chapters asking for money and being denied.
>> No such examples to my knowledge. I think the case is "we have no money so
>> we don't do X and Y". Chapters don't feel empowered or comfortable to write
>> an email to Mark or Kate and ask for $. Instead they strive in mediocracy
>> and skip doing better events.
>>
>>
>>
>> In concrete terms ... Samy Kamkar's talks at several European chapters
>> were a huge success. But they were *not* initiated by empowered chapters.
>> It was a *central* OWASP initiative with a *central* funding solution in
>> place. Now OWASP Sweden wants to pursue this path and invite Mario
>> Heiderich, Gareth Heyes, Dinis Cruz etc. Great! But have we written an email
>> to Mark yet? No. Not even I, being a member of the GCC, feel comfortable
>> asking for the foundation's money to run a local event.
>>
>>
>>
>> In this case OWASP Sweden actually has money. Why? Because we got a share
>> of the revenue from OWASP AppSec in Stockholm. So we're going to fly Mario
>> Heiderich in and build upon the success with Samy. We already have more than
>> 500 members and we asked them what we should use the chapter's money for.
>> Answer: More international experts giving talks and tutorials. This is what
>> the chapter members want.
>>
>> (Of course we will try to find sponsors to lower the chapter's costs and
>> we will try to cooperate with OWASP Finland and Norway so we can share
>> travel costs.)
>>
>>
>>
>>    Regards, John
>>
>>
>>
>>
>>
>> 2010/12/16 L. Gustavo C. Barbato < <lgbarbato at owasp.org>
>> lgbarbato at owasp.org>
>>
>>
>>
>>
>> I also defend the idea of collaboration between chapters in order to
>> achieve great conferences results - when I say collaboration I do mean
>> collaborate <http://dictionary.reference.com/browse/collaborate> (*to
>> work, one with another; cooperate, as on a literary work*), in other
>> words, without having profits in mind.
>>
>> However, aiming to compensate the collaboration on conferences and have a
>> fair support of OWASP, I do defend the idea of having conferences in
>> different cities yearly according to local chapters locations. Nevertheless,
>> we can't forget the hard work necessary of local chapters to host a
>> conference -- I know that because after the AppSec Brazil 2010 (last month),
>> I don't stop thinking and working on AppSec 2011 -- it's already being
>> time-consuming.
>>
>> L. *Gustavo* C. *Barbato*, Ph.D.
>> Chapter Leader, OWASP Porto Alegre / *Brazil*
>> Global Chapter Committee Member
>> <http://www.owasp.org/index.php/User:Gustavo_Barbato>
>> http://www.owasp.org/index.php/User:Gustavo_Barbato
>>
>>
>> On 12/15/2010 12:29 PM, Mark Bristow wrote:
>>
>> Comments forwarded on Lucas's behalf (he's on vacation and can't send as
>> the right user.....)
>>
>>
>>
>> =======
>>
>> I don't like the idea of having one chapter getting so more funds then
>> others. For AppSec Brasil, we will have people from multiple chapters
>> involved and it would not be nice to have one chapter getting all the
>> money. Having to decide a split amongst chapters would need energy
>> that could be better used somewhere else.
>>
>> In principle, I don't like the idea of having chapters "fighting" for
>> money, and we may have this in the future if the chapter split is too
>> high. I'm afraid collaboration may decrease in the long run. On the
>> oher hand, I'd like to see a solution that increases the involvement
>> of chapter leader in our conferences, specially to have people from
>> different chpaters to collaborate in conference teams.
>>
>> I think that having many chapters with some money is better than
>> having a few chapters with a lot of money. I think we should invest
>> more in getting more active chapters than making a few chapters more
>> active.
>>
>> The fund idea seams a good solution to me.
>>
>> Regards,
>>
>> Lucas
>>
>> On Tue, Dec 14, 2010 at 7:19 PM, Neil Matatall < <neil at owasp.org>
>> neil at owasp.org> wrote:
>>
>> Well this thread has become epic and unfortunately I haven't been able
>> to catch all of the ideas.  I really hope I can catch up, but why
>> don't we have a conference call or discuss this at the summit (those
>> not in attendance will have to be accommodated somehow)?
>>
>> Times like these make me wish my phone has an "threaded" email view :(
>>
>>
>> On Tue, Dec 14, 2010 at 12:13 PM, Jason Li <[email protected] <http://owasp.org>
>> owasp.org> wrote:
>> > So taking Michael's suggestion of starting fresh, I've cleared the long
>> > quote of the thread.
>> > As an observer to the thread, I'm going to capture what I think has been
>> > mentioned so far on the thread.
>> >
>> > And then I'll weigh in with my humble opinion, keeping in mind that I am
>> not
>> > involved in the Conferences Committee, Membership Committee, Chapter
>> > Committee, or the Board (in other words, I'm a nobody in this
>> conversation
>> > :)).
>> > ----
>> > Summary of Problem:
>> > Where does Conference revenue go?
>> > Points of Concern:
>> > 1) Conferences are put on with the assistance of local chapters and
>> > coordination/support from the OWASP mothership
>> > 2) We want a way to reward local chapters for their help with
>> > running/coordinating a conference
>> > 3) We want conference attendees the option to get OWASP Memberships
>> bundled
>> > in with the conference
>> > 4) Chapters need money to do things
>> > -------
>> > Now with that out of the way, my personal thoughts:
>> > #4 is completely independent of Conference revenue. There are lots of
>> other
>> > OWASP sectors that also need money to do things (Projects and Summits
>> for
>> > example). If there is a need for Chapters to do something, then this
>> should
>> > be allocated out of the main OWASP mothership budget and not out of
>> > Conference revenue.
>> > In my view, conference revenue should go to one of three places:
>> > 1) OWASP Mothership fund (where the Board can then re-allocate as needed
>> to
>> > support Chapters or other initiatives as appropriate)
>> > 2) Local Chapter(s) supporting the conference (in order to recognize
>> their
>> > support)
>> > 3) Conferences fund managed by the Conferences Committee
>> > I'm not even sure if #3 is really necessary as that could also fall
>> under
>> > #1.
>> > The only real debate is what proportion of the revenue should go into
>> which
>> > bucket. That's where I believe this debate originally started. All this
>> > other talk about chapter needs and a chapter fund has clouded the
>> > discussion.
>> > -Jason
>>
>> > _______________________________________________
>> > Global_conference_committee mailing list
>> > <Global_conference_committee at lists.owasp.org>
>> Global_conference_committee at lists.owasp.org
>> > <https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>> >
>> >
>>
>>
>>
>> --
>>
>> --
>>
>> Neil
>>
>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> <mark.bristow at owasp.org>mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>> AppSec DC Organizer - <https://www.appsecdc.org>https://www.appsecdc.org
>>
>>
>>
>> _______________________________________________
>>
>> Global_chapter_committee mailing list
>>
>>  <Global_chapter_committee at lists.owasp.org>Global_chapter_committee at lists.owasp.org
>>
>>  <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>
>>
>> _______________________________________________
>> Global_conference_committee mailing list
>> <Global_conference_committee at lists.owasp.org>
>> Global_conference_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>
>>
>>
>>
>> --
>> John Wilander, <https://twitter.com/johnwilander>
>> https://twitter.com/johnwilander
>> Chapter co-leader OWASP Sweden, <http://owaspsweden.blogspot.com>
>> http://owaspsweden.blogspot.com
>>
>> Co-organizer Global Summit,  <http://www.owasp.org/index.php/Summit_2011>
>> http://www.owasp.org/index.php/Summit_2011
>>
>> Conf Comm,  <http://www.owasp.org/index.php/Global_Conferences_Committee>
>> http://www.owasp.org/index.php/Global_Conferences_Committee
>>
>>
>>
>>
>> _______________________________________________
>> Global_conference_committee mailing list
>> <Global_conference_committee at lists.owasp.org>
>> Global_conference_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>
>>
>>
>>
>> _______________________________________________
>> Global_conference_committee mailing list
>> <Global_conference_committee at lists.owasp.org>
>> Global_conference_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>
>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> <mark.bristow at owasp.org>mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>> AppSec DC Organizer - <https://www.appsecdc.org>https://www.appsecdc.org
>>
>>
>> _______________________________________________
>> Global_chapter_committee mailing list
>> <Global_chapter_committee at lists.owasp.org>
>> Global_chapter_committee at lists.owasp.org
>> <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>
>>
>>
>>
>> --
>> Tin Zaw, CISSP, CSSLP
>> Chapter Leader and President, OWASP Los Angeles Chapter
>> Google Voice: (213) 973-9295
>> LinkedIn: <http://www.linkedin.com/in/tinzaw>
>> http://www.linkedin.com/in/tinzaw
>>
>> _______________________________________________
>> Global_conference_committee mailing list
>>  <Global_conference_committee at lists.owasp.org>
>> Global_conference_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>
>>
>
>
> --
> Richard Greenberg, CISSP
> Board of Directors, OWASP Los Angeles, <http://www.appsecusa.org/>
> www.owaspla.org
> Board of Directors, ISSA Los Angeles, <http://www.appsecusa.org/>
> www.issa-la.org
> OWASP Global Conference Committee
> LinkedIn:  <http://www.linkedin.com/in/richardagreenberg>
> http://www.linkedin.com/in/richardagreenberg
>                                                     <#12d0eb08f1a83eb4_>
> <#12d0eb08f1a83eb4_>             <#12d0eb08f1a83eb4_>       <#12d0eb08f1a83eb4_>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>


-- 
Richard Greenberg, CISSP
Board of Directors, OWASP Los Angeles,
www.owaspla.org<http://www.appsecusa.org/>
Board of Directors, ISSA Los Angeles, www.issa-la.org<http://www.appsecusa.org/>
OWASP Global Conference Committee
LinkedIn:  http://www.linkedin.com/in/richardagreenberg
                                                   <#>
<#>
<#>       <#>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101222/e2d1ab54/attachment-0001.html 


More information about the Global_chapter_committee mailing list