[Global_chapter_committee] [Owasp-board] ProposedConferences/Chapters policy changes

Kate Hartmann kate.hartmann at owasp.org
Wed Mar 21 16:37:58 UTC 2012


Josh, I’m not sure I can put my opinions in words, but I’ll try.  Answers inline below

 

Kate Hartmann

Operations Director

301-275-9403

 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1

 

From: global_chapter_committee-bounces at lists.owasp.org [mailto:global_chapter_committee-bounces at lists.owasp.org] On Behalf Of Josh Sokol
Sent: Wednesday, March 21, 2012 12:13 PM
To: OWASP Chapters Committee
Subject: Re: [Global_chapter_committee] [Owasp-board] ProposedConferences/Chapters policy changes

 

OK, I'm pulling the others off of this thread (some may be on our mailing list still) and making this a committee discussion.  As the Chapters Committee, I see it as our role to see to it that OWASP's mission and core values are applied to Chapter level activities.  That said, I agree with the overall approach of letting the chapters run things for themselves and only serving to provide policies to guide the chapters on the mission/values and being the group to resolve any possible contention around those policies.  To be effective at this, I have some questions for you all that I think we need good answers for in order to guide us in this effort:

1) How do we, as a committee, define what constitutes "stale" chapter funds?  Is it a timeframe?  Is it an active/inactive chapter status?  



I believe it is important to focus on the chapter that the funds are there to support.  If the local chapter has funds but isn’t using them, then this shows that support exisits for the chapter (individual contributions or corporate donations) but the volunteer support is not at a strong enough level to energize the chapter.  Perhaps maybe changing the focus from the funds to the people might get to the root of the solution.


2) If "stale" chapter funds are reclaimed, where do they go?  To the Foundation?  To the Chapters Committee budget to reallocate?  Can a chapter ever get those funds back?

I have always been an advocate of absorbed funds from local chapters remaining in the hands of the chapter committee.  Should a chapter then need to access the funds as seed money, they can appeal to the committee of their peers – less intimidating than “the mothership” As I have said before, perception is 99% of reality, so maintaining that chapter support group seems like it would be critical



3) What are the Foundation costs (hard and soft) that could be associated with running a Chapter event?  Can we put a dollar value on those such as $X per paid attendee?  That would make it easy for chapters to absorb them as part of the event fee.

The amount it costs for an attendee to attend a particular event will vary  depending on a number of fluctuating criteria.  There is the registration cost – depends on registration vendor, the Insurance cost (all chapter events, conferences, meetings, etc globally are covered in the Foundation policy), support staff time (varies depending on event and effectiveness of local planning team), financial oversight, direct cost of attendee (food, coffee, etc) which is usually covered by sponsorships, and the use of the OWASP Brand.  The last item seems to be the most difficult one to quantify.  How successful would Bill and Teds Application Security conference be compared to Bill and Ted’s OWASP AppSec Event?  Can we measure this?



4) How do we handle startup fees if the chapter does not have money in their accounts?

See answer to #2

The chapter committee can “budget” annually for startup fees for local chapters.



4) How do we handle profit (ie. after both event and Foundation costs are paid) from chapter events?  I've seen examples in OWASP of both 60/40 splits (membership) and 90/10 (chapter sponsorships).  I've also seen 50/50 tossed out there and Ivy's 80/20 from below.

See answer to #2

The Chapter committee can have the ability to directly support local chapter activities through the donations from local events.  Again, perception is important and I believe that local chapters may be less critical with funds returning to the foundation if they had the comfort level that it will go directly to support other chapters than be absorbed by the Foundation.  The chapter committee then needs to understand their own budget and be prepared to provide support for the hard and soft costs back to the foundation on behalf of the local chapters.

5) How do we handle loss?  More importantly, how do we ensure that events don't lose more than a chapter has in their account?

See answer to #2

The chapter committee will have visibility to events that require contracts, deposits, etc.  These events can receive additional support from the committee (updates, reports)  The best way to prevent loss is to plan adequately.  I think that the LASCON team has worked out a great formula for a revenue generating local event that could be scaled globally.  Start with a break even, bare bones event and then as sponsorships increase, the event can be added to (thinking last minute addition of mechanical bull sponsor in 2010)



Let me know your thoughts on these and I'll keep thinking about more questions.  ;-)

~josh



On Wed, Mar 21, 2012 at 4:25 AM, Ivy <ivy at owasp.org.cn> wrote:

Thanks for Josh's document collection and sharing.

here is to express my points:

Annual Budget Process:

Agreed most of items listed in "OWASP Event Policy" Document from Josh. But i don't agree with "  In the event that the chapter does not submit a budget for the remaining funds or if any unbudgeted funds remain after December 31, the chapter will be given one month to determine another OWASP Chapter, Committee, or Project to allocate the unused funds toward. "  

 i think we should give a chapter another one year to determine the remaining funds. Maybe we could not budget profit over 3-5 years, but 1-2 years are acceptable. 

Conference and Profit sharing : 

I agreed with Tin's idea and i suggest:

    1. Global AppSec Conferences : profit--100% to OWASP Foundation

    2. Self-supporting Events  

--Profit --we may say 80% to local chapter and 20% to Foundation, administrative overhead or regonline registration can charge for another fee separately; If there is large amount of profit(we may set an amount or decide by the chapters next year's budget), the chapter can choose to share more percentage to Foundation or allocate part of funds to other chapters/commitees/projects, etc. 

-- Loss--100% to local chapter

    3. Events that require Financial Investment by the Foundation

--profit/loss:  how to split can be negotiable.

    4.  Events that require Financial Support by the Foundation

--Normally, new chapters always need financial support from Foundation. 

 

------------------

Ivy Zhang

------------------ Original ------------------

From:  "Josh Sokol"<josh.sokol at owasp.org>;

Date:  Tue, Mar 20, 2012 09:25 PM

To:  "Matt Tesauro"<matt.tesauro at owasp.org>; 

Cc:  "OWASP Foundation Board List"<owasp-board at lists.owasp.org>; "OWASP Chapters Committee"<global_chapter_committee at lists.owasp.org>; "Mark Bristow"<mark.bristow at owasp.org>; 

Subject:  Re: [Global_chapter_committee] [Owasp-board] ProposedConferences/Chapters policy changes

 

We have 1 vote "Yes", 3 votes "No", and one vote absent.  The motion to approve fails.

 

Rather than ditch all of this hard work, I'd now like to put this back on the committee to come up with a plan that satisfies ALL of the Board's Guiding Objectives.  I have shared with you a Google Doc containing these or you may refer to them as they were sent by Kate in a previous message.  I have also shared a Google Doc containing the wording for the policy that you just voted on.  I realize that it's a short timeframe, but given the timeline that the Board set for this I'd like to have the Chapter Committee's ideal policy ready for a Committee vote no later than next Monday, March 26 .  Tin has already put forward something that makes a good base for this so I'd suggest working to improve upon this to make sure 1) This satisfies all of the Board's objectives and 2) Everyone approves of this general approach.

 

~josh

On Mon, Mar 19, 2012 at 9:43 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:

> "single point of truth": why? 

 

I was one of the proponents of this guiding principal.  The idea was to have a method of knowing what events are going on for OWASP.  Fundamentally, and particularly for the full-time employees we have, knowing that we put on X local events in Y locations over the course of year helps form a clear picture of how active and vibrant our community is.  It also will allow us to focus energy on supporting events (be they conference or chapter ones) by providing us some numbers on how many occur and what they are like.  The current call for marketing & press information would be more helpful and focused if we had some easy to gather numbers at hand.

 

This does not have to represent a significant burden to chapters - its simply the Foundation saying "Let us know what you're up to so we can help you and the community fulfill our mission"  It was not intended to be a "Get permission before you do something" principal.  I've seen the forms on OCMS and they're not large or painful.  At most 15 minutes to fill in a web form so that we can get better visibility on OWASP events overall was the intent.

 

The one thing I was trying to avoid by the "single point of truth" was a list of events on the conference page (conferences) and a list of events on the chapters page (chapter events).  For those who are not inside the community, this makes no sense.  Having a "single point of truth" allows us to better list, organize (e.g. on the Wiki, geographically, etc), and promote OWASP's efforts to bring our message to broader groups.  

 

There will always be contention between centralized and de-centralized notions in OWASP.  As long as we stick to our core values (e.g. innovation) we can provide the best balance between laissez-faire and centralized command.  I see this as, like John Wilander recently pointed out, a "tax" on those parties wanting to put on OWASP events.  Its not much to pay and it helps drive and inform the overall community so it can iteratively get better over time. 


--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project 
http://AppSecLive.org <http://appseclive.org/>  - Community and Download site



On Mon, Mar 19, 2012 at 3:29 PM, Seba <seba at owasp.org> wrote:

All,

 

As chapters committee member, I am also voting No. 

There are too many questions / remarks I have with the proposed policy:

 

Training: not part of the question (leave it up to the education committee)

How many chapter have > € 5000 now? Aren't we trying to solve a challenge for the happy few with too many red tape for the upcoming chapters?

Why > 10k board approval required?

Handbook chapter 4 is guidance, not policy: if we want to make it mandatory we have to add it to the mandatory section

 

Don't agree with "Have the responsibility and authority for supporting and managing all chapter meetings": Why? 

"single point of truth": why?

  

I don't agree that a chapter who charges a fee for an event = event defacto "managed by the conferences committee"

I don't agree with the "single point of truth" for the conference page

Why "Global Conferences Committee will take a more active, direct role in the planning the marquee foundation events" : the original issue at hand (lascon) was not about the global appsec events: why this direct role?

Why does the conferences committee set the branding rules for all the events?

What business & authority does the conference committee have with the chapter budgets?

I don't agree with " ■ It is the responsibility of the chapter to plan ahead appropriately to get this budget through the Global Chapters Committee approval process if they intend to use the event to generate chapter revenue" => that would mean each event that e.g. Generates extra chapter sponsoring requires the conferences approval: what are you trying to achieve here? 

Chapter sponsorship should be explicitly out of this policy: only governed by the chapters committee

The split is not clear: 50/50 or policy per type of event (still to be decided?)

 

I don't agree with the top-down management point of view in general: to be scalable our guidance/policies should encourage local responsability and empowerment. 

 

--seba 

 

On Wed, Mar 14, 2012 at 8:27 PM, Tin Zaw <tin.zaw at owasp.org> wrote:

Josh, Mark, and Sarah,

Thank you for your hard work to come up with the draft.

I intend to vote No on this as the new policies are not in agreement
with my philosophy of stronger chapters. In addition, they put much
more burden on the committee members (of both committees).

I am for stronger, more independent chapters with the board and the
committees providing oversight, not routine management, to prevent bad
things from happening. The goal for the board and the committees
should not be to approve every decision by chapters.

There are items in the proposal that I disagree more strongly with,
but at this point, I won't elaborate on it, because my intent on No
vote is based on philosophical standing.

Thanks.




On Tue, Mar 13, 2012 at 11:35 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> For single-chapter events there would be two "buckets" each with a target
> amount of the chapter budget.  For multi-chapter events we just add more
> buckets for the additional chapter budgets.  Once a chapter bucket is full,
> they stop earning money from the event and the remaining amount goes to the
> Foundation.  This ensures that the Foundation and the Chapter earn money
> from the event at an equal rate.  Your example of how the funds would get
> split is correct.
>
> Budgets are only necessary if a chapter wants to receive money from an event
> or if they have more than $5,000 in their bank account at the end of the
> year.  This was requested by the Board in the guiding objective which states
> "We would like some sort of annual review, requirements, or rules to address
> the issue of stale chapter funds in excessive amounts" as well as "We would
> like some periodic recap on funds spent by chapters to help ensure funds are
> appointed on items aligned with the OWASP Mission".  Yes, this does add some
> additional operational work for our committee.
>
> ~josh
>
>
> On Tue, Mar 13, 2012 at 1:19 PM, Seba <seba at owasp.org> wrote:
>>
>> can you explain:
>> "Profit will be split 50/50 between the foundation and the chapter up
>> until the chapter has received an amount equal to the chapter annual budget
>> amount"
>> My understanding is:
>> if in belgium we have an annual budget of € 10000, and we organize an
>> event with income resulting in a e.g. € 25000 the split would be € 15000 to
>> the foundation and €10000 to the chapter?
>>
>> a general remark: it seems we are loading a lot of operational work on the
>> committee in reviewing local budgets?
>>
>> --seba
>> On Tue, Mar 13, 2012 at 6:11 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>> Please discuss.  We will be taking this to a committee vote for approval
>>> at the next Chapter Committee meeting next Monday, March 19th.  Please be
>>> sure to send me and Sarah your vote before that deadline if you will be
>>> unable to attend the meeting.  Thank you.
>>>
>>> ~josh
>>>
>>>
>>> On Tue, Mar 13, 2012 at 12:05 PM, Sarah Baso <sarah.baso at owasp.org>
>>> wrote:
>>>>
>>>> Global Chapters Committee,
>>>>
>>>> (Note: same email send to Conference Committee on separate thread)
>>>>
>>>>
>>>>
>>>> In response to the guiding objectives by the board, the Conferences and
>>>> Chapter Committee Chairs have worked together to formulate some policy
>>>> changes that we believe will meet the direction of the board while allowing
>>>> chapters and the foundation to grow and innovate.  These points have been
>>>> discussed at length and now we wish to hear your input on the matter.  We
>>>> have agreed on the outlined plan below and as a result each of us will not
>>>> make comments here past clarifications to any questions any of you have to
>>>> the proposed policy.  We would like to cap the debate on this topic and take
>>>> the following to a committee vote on Monday, March 19th using a majority
>>>> approval rule for both committees in order to meet the board's 45 day
>>>> deadline.
>>>>
>>>>
>>>>
>>>> The Global Chapters Committee shall:
>>>>
>>>> ●      Manage all chapter meetings or trainings that do not charge a fee
>>>> for admission.
>>>>
>>>> ●      Establish an annual budget process for all chapters
>>>>
>>>> ○      At the end of each calendar year, a chapter with more than $5,000
>>>> in it's bank account must submit a budget to be reviewed by the Global
>>>> Chapters Committee to justify the rollover of any funds beyond that amount.
>>>> In the event that the chapter does not submit a budget for the remaining
>>>> funds or if any unbudgeted funds remain after December 31, the chapter will
>>>> be given one month to determine another OWASP Chapter, Committee, or Project
>>>> to allocate the unused funds toward.  If no designations are made before
>>>> February 1, then all unused funds will be transferred to the OWASP
>>>> Foundation main account.
>>>>
>>>> ○      Any chapter with more than $10,000 must also obtain Board
>>>> approval for their annual budget.
>>>>
>>>> ○      The Global Chapters Committee will maintain "official" budgets on
>>>> the wiki or via google docs where they are accessible to all OWASP
>>>> participants.
>>>>
>>>> ○      The Global Chapters Committee will update Chapter 4 - Section 7
>>>> of the Chapter Handbook with the new budget policy.
>>>>
>>>> ●      Establish by June 1st chapter spending guidelines (These should
>>>> be under Chapter 4 - Section 7.1 of the Chapter Handbook)
>>>>
>>>> ●      Have the responsibility and authority for supporting and managing
>>>> all chapter meetings
>>>>
>>>> ○      The Chapter Handbook authored by the Global Chapters Committee
>>>> shall serve as the single point of truth for all chapter policies
>>>>
>>>> ○      The Global Chapters Committee shall set all chapter policies
>>>>
>>>>
>>>>
>>>> The Global Conferences Committee shall:
>>>>
>>>> ●      Manage all events that charge a fee for admission (voluntary
>>>> donations exempted) and any free event determined by the organizer to be a
>>>> conference versus a chapter meeting
>>>>
>>>> ●      Have the responsibility and authority for supporting and managing
>>>> all events
>>>>
>>>> ○      The Global Conferences Committee has the responsibility for
>>>> procuring and managing centralized assets such as, but not limited to
>>>> registration tools and financial management tools
>>>>
>>>> ○      The Global Conferences Committee policy page shall serve as the
>>>> single point of truth for all event policies
>>>>
>>>> ○      The Global Conferences Committee shall set all event policies
>>>> with the exception of the profit sharing policy which requires the
>>>> concurrence of the majority of the Global Chapters Committee to be modified.
>>>>
>>>> ●      The OWASP Event Management System (formerly OCMS) will serve as
>>>> the single point of truth for OWASP events, AND will provide functionality
>>>> to track chapter meetings in the next release
>>>>
>>>> ●      The Global Conferences Committee will revisit current event
>>>> definitions and include clear, objective definitions of event types as well
>>>> as the anticipated support level from the foundation.  These must be
>>>> approved by June 1st.
>>>>
>>>> ●      The Global Conferences Committee will take a more active, direct
>>>> role in the planning the marquee foundation events (currently defined as
>>>> Global AppSec Events) including having a representative serve as Chair for
>>>> these events.  (For this, Global Conferences Committee will require a full
>>>> time support asset to handle the additional event coordination.  Without
>>>> these additional resources the conferences committee can not take on this
>>>> added responsibility and will maintain an advisory/oversight role)
>>>>
>>>> ●      Any and all event policies in effect at the time of event
>>>> approval shall apply to the event without modification unless a specific
>>>> requirement to do so is set by the Board.
>>>>
>>>> ●      The Global Conferences Committee will implement a policy for
>>>> managing all event funds through the foundation
>>>>
>>>> ○      The OWASP foundation will provide all "seed funds" needed for
>>>> events up to the approved event budget and beyond with Global Conferences
>>>> Committee approval
>>>>
>>>> ○      The Global Conferences Committee shall be responsible for the
>>>> review, approval and signature of all contracts related to events
>>>>
>>>> ○      The Global Conferences Committee may provide an exception for
>>>> events with extraordinary circumstances
>>>>
>>>> ○      Any event using the OWASP brand not using the Foundation to
>>>> process it's finances will be in violation of OWASP brand usage rules and
>>>> will be referred to the Board for action
>>>>
>>>> ●      The Global Conferences Committee will set the following branding
>>>> rules except where it is unreasonable to do so
>>>>
>>>> ○      All events must use "OWASP" in their title, such as "OWASP's
>>>> AppSec XYZ"
>>>>
>>>> ○      Events may use their own logos so long as they include the OWASP
>>>> wasp (The Global Conferences Committee will manage logo approvals), color
>>>> palate is optional
>>>>
>>>> ○      The OWASP logo must be present on all websites/materials, except
>>>> where it is unreasonable to do so
>>>>
>>>> ○      A link back to owasp.org <http://owasp.org/>  must be present on all
>>>> websites/materials except where it is unreasonable to do so
>>>>
>>>> ●      The Global Conferences Committee sets the following event profit
>>>> sharing model for all events:
>>>>
>>>> ○      At the time of approval, the Global Conferences Committee will
>>>> record the chapter's current annual budget expenditures (referred to as
>>>> chapter annual budget)
>>>>
>>>>                                           ■Chapters that do not have
>>>> approved budgets shall have the chapter annual budget value set to $0
>>>>
>>>>                                           ■It is the responsibility of
>>>> the chapter to plan ahead appropriately to get this budget through the
>>>> Global Chapters Committee approval process if they intend to use the event
>>>> to generate chapter revenue
>>>>
>>>> ○      Profits are all monies collected for the event (regardless of
>>>> source) above the direct expenditures for the event
>>>>
>>>>                                           ■Any membership registrations
>>>> as result of an event will be handled per Global Membership Committee policy
>>>> and are not considered in this equation
>>>>
>>>> ○      Profit will be split 50/50 between the foundation and the chapter
>>>> up until the chapter has received an amount equal to the chapter annual
>>>> budget amount
>>>>
>>>> ○      After the chapter has received an amount equal to the chapter
>>>> annual budget the Foundation shall receive 100% of the remaining profits.
>>>>
>>>> ○      Any Event Losses shall be the responsibility of the Foundation
>>>>
>>>>
>>>>
>>>> Sarah Baso on behalf of Mark Bristow and Josh Sokol
>>>>
>>>> --
>>>> OWASP Operational Support:
>>>> Conference Logistics & Community Relations
>>>>
>>>> Dir: 312-869-2779 
>>>> skype: sarah.baso
>>>>
>>>
>>>
>>> _______________________________________________
>>> Global_chapter_committee mailing list
>>> Global_chapter_committee at lists.owasp.org 
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee 
>>>
>>
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org 
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee 
>




--
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter
Member, OWASP Global Chapter Committee
Google Voice: (213) 973-9295 
LinkedIn: http://www.linkedin.com/in/tinzaw 

 

 

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org 
https://lists.owasp.org/mailman/listinfo/owasp-board 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_chapter_committee/attachments/20120321/684315f4/attachment-0001.html>


More information about the Global_chapter_committee mailing list