[Global_chapter_committee] [Owasp-board] Proposed Conferences/Chapters policy changes

Tin Zaw tin.zaw at owasp.org
Mon Mar 19 22:41:12 UTC 2012


Kate,

Fair enough, we -- the nay sayers -- should provide alternative proposals.

Below is mine. It may not be complete but should address some issues.

** Transparency of Chapter Finances

Make every transaction published.
Discuss with leaders from chapters with funds more than certain amount (my
suggestion, $7,500) on how to handle budget issues. If this leads to
submitting annual budget to the committee or the board, I will support it
(at that point). This is a negotiation between chapters and OWASP
mothership -- the chapter committee facilitates it.
Enforce removal of inactive chapters/leaders and reclamation of their funds
-- we already have a policy on it, I believe, per chapter leader handbook.

** Global Conferences

Global Conferences Committee's (GCC's) scope should be four Global
conferences and the summit.
GCC should provide brand usage guidelines for other conferences
GCC should coordinate timing of non-global events so that they won't
conflict with global events -- perhaps conference timeout periods for
non-Global events.

** Self-supporting Events

If the local chapter can fully support an event -- training or meeting or
conference, whatever it's called -- let them do it. The local chapter
assume profit/loss.
OWASP should charge a fee for administrative overhead (Kate's and Sarah's
time) required to handle the event -- e.g., 10% of every RegOnline
registration.

** Events that require Financial Investment by the Foundation

If the event is expected to break even or make profit, GCC "invests" in the
event. Profits are split 50/50 (with cap, should GCC desires it). These
rules must be upfront and must be honored as a contract. If GCC does not
want to do this, the chapter committee can. Administrative fee should be
charged for the event.

** Events that require Financial Support by the Foundation

Like AppSec China, which was expected to lose money but considered
strategic that funding was provided to cover the loss. GCC at
their discretion can provide up to certain amount ($1000?) of funding.
(This can be handled by the chapter committee if GCC does not want it).
Above that amount requires board approval.



On Mon, Mar 19, 2012 at 1:56 PM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> The two committee chairs were tasked with creating a policy based on
> guidelines from the Board which I have copied and pasted below.  Mark and
> Josh had worked to create a document that would address these points.
>
> If they do not work for you, as a committee member, please provide another
> draft of a policy that meets the objectives while maintaining our core
> values.
>
> • Guiding Objectives
>               • We would like to see chapter empowerment through a profit
> sharing model that is in line with our core value of Innovation
>               • We have concerns over the use of profit caps on gains from
> specific events
>               • We would like some sort of annual review, requirements, or
> rules to address the issue of stale chapter funds in excessive amounts
>                • We would like some periodic recap on funds spent by
> chapters to help ensure funds are appointed on items aligned with the
> “OWASP Mission”.
>                • We recognize there could be concerns over conflicting
> large chapter events and our core global conferences. Controls should be
> added to prevent this conflict (perhaps CFP blackout periods in regions
> within X months of a global event)
>               • We would like a dedicated committee with continual and
> significant control over the core OWASP global events (i.e. conference
> committee)
>               • Foundation has resources that can be are being provided to
> local chapter events but we need these costs to be accounted for in the
> chapter's event planning
>               • Controls are needed to prevent chapters from
> over-committing on financial costs
>               • Final policy and structure created by the committees
> should ensure, as much as is possible, that there is no incentive for
> chapters to form legal entities in their own countries.  Any such activity
> has significant implications for the foundation and must be discussed and
> coordinated  with the Foundation Boa
>       • Infrastructure
>               • Chapters must use established technology methods (such as
> regonline) any time money is handled
>               • CFPs need to use established OWASP procedures
>               • A single “source of truth” is needed for all events so
> that OWASP employees can best assist all events.  These include events
> under either  committee’s purview.
>       • Branding
>               • Naming standard enforced for all events (e.g. OWASP X)
>               • Logo standards that includes OWASP on all logos, event
> sites, collateral, etc
>
> Kate Hartmann
> Operations Director
> 301-275-9403
> www.owasp.org
> Skype:  Kate.hartmann1
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] On Behalf Of Tin Zaw
> Sent: Wednesday, March 14, 2012 3:27 PM
> To: Josh Sokol
> Cc: OWASP Foundation Board List; OWASP Chapters Committee
> Subject: Re: [Owasp-board] [Global_chapter_committee] Proposed
> Conferences/Chapters policy changes
>
> Josh, Mark, and Sarah,
>
> Thank you for your hard work to come up with the draft.
>
> I intend to vote No on this as the new policies are not in agreement with
> my philosophy of stronger chapters. In addition, they put much more burden
> on the committee members (of both committees).
>
> I am for stronger, more independent chapters with the board and the
> committees providing oversight, not routine management, to prevent bad
> things from happening. The goal for the board and the committees should not
> be to approve every decision by chapters.
>
> There are items in the proposal that I disagree more strongly with, but at
> this point, I won't elaborate on it, because my intent on No vote is based
> on philosophical standing.
>
> Thanks.
>
>
>
> On Tue, Mar 13, 2012 at 11:35 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > For single-chapter events there would be two "buckets" each with a
> > target amount of the chapter budget.  For multi-chapter events we just
> > add more buckets for the additional chapter budgets.  Once a chapter
> > bucket is full, they stop earning money from the event and the
> > remaining amount goes to the Foundation.  This ensures that the
> > Foundation and the Chapter earn money from the event at an equal rate.
> > Your example of how the funds would get split is correct.
> >
> > Budgets are only necessary if a chapter wants to receive money from an
> > event or if they have more than $5,000 in their bank account at the
> > end of the year.  This was requested by the Board in the guiding
> > objective which states "We would like some sort of annual review,
> > requirements, or rules to address the issue of stale chapter funds in
> > excessive amounts" as well as "We would like some periodic recap on
> > funds spent by chapters to help ensure funds are appointed on items
> > aligned with the OWASP Mission".  Yes, this does add some additional
> operational work for our committee.
> >
> > ~josh
> >
> >
> > On Tue, Mar 13, 2012 at 1:19 PM, Seba <seba at owasp.org> wrote:
> >>
> >> can you explain:
> >> "Profit will be split 50/50 between the foundation and the chapter up
> >> until the chapter has received an amount equal to the chapter annual
> >> budget amount"
> >> My understanding is:
> >> if in belgium we have an annual budget of € 10000, and we organize an
> >> event with income resulting in a e.g. € 25000 the split would be €
> >> 15000 to the foundation and €10000 to the chapter?
> >>
> >> a general remark: it seems we are loading a lot of operational work
> >> on the committee in reviewing local budgets?
> >>
> >> --seba
> >> On Tue, Mar 13, 2012 at 6:11 PM, Josh Sokol <josh.sokol at owasp.org>
> wrote:
> >>>
> >>> Please discuss.  We will be taking this to a committee vote for
> >>> approval at the next Chapter Committee meeting next Monday, March
> >>> 19th.  Please be sure to send me and Sarah your vote before that
> >>> deadline if you will be unable to attend the meeting.  Thank you.
> >>>
> >>> ~josh
> >>>
> >>>
> >>> On Tue, Mar 13, 2012 at 12:05 PM, Sarah Baso <sarah.baso at owasp.org>
> >>> wrote:
> >>>>
> >>>> Global Chapters Committee,
> >>>>
> >>>> (Note: same email send to Conference Committee on separate thread)
> >>>>
> >>>>
> >>>>
> >>>> In response to the guiding objectives by the board, the Conferences
> >>>> and Chapter Committee Chairs have worked together to formulate some
> >>>> policy changes that we believe will meet the direction of the board
> >>>> while allowing chapters and the foundation to grow and innovate.
> >>>> These points have been discussed at length and now we wish to hear
> >>>> your input on the matter.  We have agreed on the outlined plan
> >>>> below and as a result each of us will not make comments here past
> >>>> clarifications to any questions any of you have to the proposed
> >>>> policy.  We would like to cap the debate on this topic and take the
> >>>> following to a committee vote on Monday, March 19th using a
> >>>> majority approval rule for both committees in order to meet the
> board's 45 day deadline.
> >>>>
> >>>>
> >>>>
> >>>> The Global Chapters Committee shall:
> >>>>
> >>>> ●      Manage all chapter meetings or trainings that do not charge
> >>>> a fee for admission.
> >>>>
> >>>> ●      Establish an annual budget process for all chapters
> >>>>
> >>>> ○      At the end of each calendar year, a chapter with more than
> >>>> $5,000 in it's bank account must submit a budget to be reviewed by
> >>>> the Global Chapters Committee to justify the rollover of any funds
> beyond that amount.
> >>>> In the event that the chapter does not submit a budget for the
> >>>> remaining funds or if any unbudgeted funds remain after December
> >>>> 31, the chapter will be given one month to determine another OWASP
> >>>> Chapter, Committee, or Project to allocate the unused funds toward.
> >>>> If no designations are made before February 1, then all unused
> >>>> funds will be transferred to the OWASP Foundation main account.
> >>>>
> >>>> ○      Any chapter with more than $10,000 must also obtain Board
> >>>> approval for their annual budget.
> >>>>
> >>>> ○      The Global Chapters Committee will maintain "official"
> >>>> budgets on the wiki or via google docs where they are accessible to
> >>>> all OWASP participants.
> >>>>
> >>>> ○      The Global Chapters Committee will update Chapter 4 -
> >>>> Section 7 of the Chapter Handbook with the new budget policy.
> >>>>
> >>>> ●      Establish by June 1st chapter spending guidelines (These
> >>>> should be under Chapter 4 - Section 7.1 of the Chapter Handbook)
> >>>>
> >>>> ●      Have the responsibility and authority for supporting and
> >>>> managing all chapter meetings
> >>>>
> >>>> ○      The Chapter Handbook authored by the Global Chapters
> >>>> Committee shall serve as the single point of truth for all chapter
> >>>> policies
> >>>>
> >>>> ○      The Global Chapters Committee shall set all chapter policies
> >>>>
> >>>>
> >>>>
> >>>> The Global Conferences Committee shall:
> >>>>
> >>>> ●      Manage all events that charge a fee for admission (voluntary
> >>>> donations exempted) and any free event determined by the organizer
> >>>> to be a conference versus a chapter meeting
> >>>>
> >>>> ●      Have the responsibility and authority for supporting and
> >>>> managing all events
> >>>>
> >>>> ○      The Global Conferences Committee has the responsibility for
> >>>> procuring and managing centralized assets such as, but not limited
> >>>> to registration tools and financial management tools
> >>>>
> >>>> ○      The Global Conferences Committee policy page shall serve as
> >>>> the single point of truth for all event policies
> >>>>
> >>>> ○      The Global Conferences Committee shall set all event
> >>>> policies with the exception of the profit sharing policy which
> >>>> requires the concurrence of the majority of the Global Chapters
> Committee to be modified.
> >>>>
> >>>> ●      The OWASP Event Management System (formerly OCMS) will serve
> >>>> as the single point of truth for OWASP events, AND will provide
> >>>> functionality to track chapter meetings in the next release
> >>>>
> >>>> ●      The Global Conferences Committee will revisit current event
> >>>> definitions and include clear, objective definitions of event types
> >>>> as well as the anticipated support level from the foundation.
> >>>> These must be approved by June 1st.
> >>>>
> >>>> ●      The Global Conferences Committee will take a more active,
> >>>> direct role in the planning the marquee foundation events
> >>>> (currently defined as Global AppSec Events) including having a
> >>>> representative serve as Chair for these events.  (For this, Global
> >>>> Conferences Committee will require a full time support asset to
> >>>> handle the additional event coordination.  Without these additional
> >>>> resources the conferences committee can not take on this added
> >>>> responsibility and will maintain an advisory/oversight role)
> >>>>
> >>>> ●      Any and all event policies in effect at the time of event
> >>>> approval shall apply to the event without modification unless a
> >>>> specific requirement to do so is set by the Board.
> >>>>
> >>>> ●      The Global Conferences Committee will implement a policy for
> >>>> managing all event funds through the foundation
> >>>>
> >>>> ○      The OWASP foundation will provide all "seed funds" needed
> >>>> for events up to the approved event budget and beyond with Global
> >>>> Conferences Committee approval
> >>>>
> >>>> ○      The Global Conferences Committee shall be responsible for
> >>>> the review, approval and signature of all contracts related to
> >>>> events
> >>>>
> >>>> ○      The Global Conferences Committee may provide an exception
> >>>> for events with extraordinary circumstances
> >>>>
> >>>> ○      Any event using the OWASP brand not using the Foundation to
> >>>> process it's finances will be in violation of OWASP brand usage
> >>>> rules and will be referred to the Board for action
> >>>>
> >>>> ●      The Global Conferences Committee will set the following
> >>>> branding rules except where it is unreasonable to do so
> >>>>
> >>>> ○      All events must use "OWASP" in their title, such as "OWASP's
> >>>> AppSec XYZ"
> >>>>
> >>>> ○      Events may use their own logos so long as they include the
> >>>> OWASP wasp (The Global Conferences Committee will manage logo
> >>>> approvals), color palate is optional
> >>>>
> >>>> ○      The OWASP logo must be present on all websites/materials,
> >>>> except where it is unreasonable to do so
> >>>>
> >>>> ○      A link back to owasp.org must be present on all
> >>>> websites/materials except where it is unreasonable to do so
> >>>>
> >>>> ●      The Global Conferences Committee sets the following event
> >>>> profit sharing model for all events:
> >>>>
> >>>> ○      At the time of approval, the Global Conferences Committee
> >>>> will record the chapter's current annual budget expenditures
> >>>> (referred to as chapter annual budget)
> >>>>
> >>>>                                           ■Chapters that do not
> >>>> have approved budgets shall have the chapter annual budget value
> >>>> set to $0
> >>>>
> >>>>                                           ■It is the responsibility
> >>>> of the chapter to plan ahead appropriately to get this budget
> >>>> through the Global Chapters Committee approval process if they
> >>>> intend to use the event to generate chapter revenue
> >>>>
> >>>> ○      Profits are all monies collected for the event (regardless
> >>>> of
> >>>> source) above the direct expenditures for the event
> >>>>
> >>>>                                           ■Any membership
> >>>> registrations as result of an event will be handled per Global
> >>>> Membership Committee policy and are not considered in this equation
> >>>>
> >>>> ○      Profit will be split 50/50 between the foundation and the
> >>>> chapter up until the chapter has received an amount equal to the
> >>>> chapter annual budget amount
> >>>>
> >>>> ○      After the chapter has received an amount equal to the
> >>>> chapter annual budget the Foundation shall receive 100% of the
> remaining profits.
> >>>>
> >>>> ○      Any Event Losses shall be the responsibility of the
> >>>> Foundation
> >>>>
> >>>>
> >>>>
> >>>> Sarah Baso on behalf of Mark Bristow and Josh Sokol
> >>>>
> >>>> --
> >>>> OWASP Operational Support:
> >>>> Conference Logistics & Community Relations
> >>>>
> >>>> Dir: 312-869-2779
> >>>> skype: sarah.baso
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Global_chapter_committee mailing list
> >>> Global_chapter_committee at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
> >>>
> >>
> >
> >
> > _______________________________________________
> > Global_chapter_committee mailing list
> > Global_chapter_committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/global_chapter_committee
> >
>
>
>
> --
> Tin Zaw, CISSP, CSSLP
> Chapter Leader and President, OWASP Los Angeles Chapter Member, OWASP
> Global Chapter Committee Google Voice: (213) 973-9295
> LinkedIn: http://www.linkedin.com/in/tinzaw_______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter
Member, OWASP Global Chapter Committee
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_chapter_committee/attachments/20120319/b69b5616/attachment-0001.html>


More information about the Global_chapter_committee mailing list