[Global_conference_committee] Conference/Chapter Revenue Splitting

Mark Bristow mark.bristow at owasp.org
Mon Dec 13 15:25:22 EST 2010


So my question to you,

"As an organizer of AppSecUS, a cap somewhat upsets me.  I would love
to get as much of the cut as I can.  I would love to hold another
event and fly in some very high quality speakers including someone
like Schneier to draw in a few of the "superficials" as I call them."

What of this can't you do?  Your welcome to have a local event and fly
people in.  Chapter funds are really just for chapter meeting stuff, not
events.  Foundation money is for events.

I have the same issue, as a AppSec planner, I stand to benefit from lots of
money going to the chapter from events, but as a GCC member, I have to look
at the bigger picture and where that money can be most effective.  We'd
never spend 30k in the DC chapter, without blowing it on Booze or something,
that's what sponsors are for, not foundation $.

-Mark

On Mon, Dec 13, 2010 at 3:17 PM, Neil Matatall <neil at owasp.org> wrote:

> Disclaimer:  I'm about 2 weeks behind on owasp email, haven't had time
> to read the entire thread, but I wanted to throw my 2 cents in before
> it's too late...
>
> As an organizer of AppSecUS, a cap somewhat upsets me.  I would love
> to get as much of the cut as I can.  I would love to hold another
> event and fly in some very high quality speakers including someone
> like Schneier to draw in a few of the "superficials" as I call them.
>
> However, as an OWASP member, I would rather see the money go to OWASP
> projects or promotion.  There could be a precedent that some of the
> profit should be required to be invested in something on a global
> level.  Antisamy needs more documentation.  Students need grants.  The
> OWASP web site...
>
> So I guess my position on this topic is to either lower the "cut" for
> the local chapter, or drastically raise the caps on a graduated scale
> based on the number of attendees, total profit, etc.  3k for
> organizing AppSecUS seems far too low, especially since it made 100k!
> 30k would be nice...but I'd rather see some of the money go elsewhere.
>
> This sounds like a sticky situation.  It could upset some people.  I
> would personally rather see a cap-less cut of a smaller percentage.
>
> Neil
>
> On Mon, Dec 13, 2010 at 10:28 AM, Mark Bristow <mark.bristow at owasp.org>
> wrote:
> > Dinis,
> > As always, I appreciate your input, and agree to disagree ;)  That said,
> I'd
> > like to hear from more of the committee members so we can come to
> consensus
> > on this.
> > I'd also like some input from chapters if possible before we make any
> > decisions.
> > -Mark
> >
> > On Mon, Dec 13, 2010 at 1:25 PM, dinis cruz <dinis.cruz at owasp.org>
> wrote:
> >>
> >> Mark, fair enough, its your call and I will respect your decision (I
> just
> >> wanted to make sure that if you guys wanted to have no caps on the 30%
> going
> >> to the local chapter, you would have my support as a Board Member)
> >> Since the Conferences Committee is the one that will have to deal with
> the
> >> 'conferences + local chapter teams', you guys need to choose the model
> that
> >> you are more comfortable with and fell will be more successful on
> the ground
> >> :)
> >>
> >> Dinis Cruz
> >>
> >> On 13 December 2010 18:17, Mark Bristow <mark.bristow at owasp.org> wrote:
> >>>
> >>> Dinis,
> >>> We're discussing 30% of conference profits going to a chapter, with 70%
> >>> to the foundation with a cap.  As an example AppSecUS made just north
> of
> >>> 100k this year, so about 30k.
> >>> The pre-submitted budgets isn't something that's on the table.  It's a
> >>> requirement for AppSec Conferences to submit to the committee so we
> have
> >>> proper management and oversight.
> >>> I would argue having X months to spend the money adds complexity in
> >>> accounting as now you have to look at when funds were deposited.
> >>> I'm still not seeing where there are local leaders who are NOT getting
> >>> the support they need if they need substantial funds to do something.
>  Is
> >>> there some outcry I am not aware of?
> >>> With my chapter leader hat on, there's nothing I can think of doing
> that
> >>> I either don't have money for, or can't get money for from OWASP
> Foundation.
> >>>  As a committee member, I can think of TONS of ways to spend this money
> such
> >>> as sponsoring Developer contests, or outreach as an example.  If other
> >>> chapter leaders aren't aware of these ways to get funds, perhaps we
> need to
> >>> to a better job of messaging this.
> >>> -Mark
> >>>
> >>> On Mon, Dec 13, 2010 at 1:09 PM, dinis cruz <dinis.cruz at owasp.org>
> wrote:
> >>>>
> >>>> We are talking about 40% of the profit of the conference going to the
> >>>> local conference and 60 going to the OWASP mothership, right?
> >>>> So in the case where the local chapter would get 32k, that would mean
> a
> >>>> profit of 80k in the conference with 48k going to OWASP (so there is a
> level
> >>>> of fairness here, isn't it?).
> >>>> I do think that the model I am proposing in much simpler (since it
> >>>> doesn't require pre-submitted budgets for example) and if you add a
> rule
> >>>> that a chapter has X months to spend wisely  these funds, that money
> goes
> >>>> back to the mothership (note how I keep using the wise word).
> >>>> I guess, my intent here is to create a model that will promote the
> right
> >>>> behaviour from our local leaders, and encourage/motivate them to have
> highly
> >>>> profitable conferences (assuming that all is done accordingly with our
> >>>> values)
> >>>>
> >>>> Dinis Cruz
> >>>> On 13 December 2010 14:52, Mark Bristow <mark.bristow at owasp.org>
> wrote:
> >>>>>
> >>>>> That's not what I said, in fact I think that chapters can come up
> with
> >>>>> new and creative ways to wisely spend funds.  What I said was that
> the
> >>>>> organization at large needs them too.  Is there some outcry of
> chapters that
> >>>>> need more $ and can't find a source that I am missing?
> >>>>> My point is that chapters may do all of the things you mention, but
> >>>>> with the exception of some cases they are not.  The ones that are
> adopting
> >>>>> projects, flying in speakers et all are doing so already as far as I
> know
> >>>>> with the funds they have and the additional funding sources from the
> >>>>> foundation that are available, especially with some of the
> >>>>> recently established programs.
> >>>>> I agree that chapters should have some funds and feel empowered to
> use
> >>>>> them as they see fit, however in my example 30k represents 10% of ALL
> 2009
> >>>>> OWASP Expenditures (based
> >>>>> on http://www.owasp.org/images/3/3f/2009AnnualReport.pdf).  I feel
> that this
> >>>>> is disproportionate for one chapter to hold 10% of OWASP
> >>>>> operational expenditures.  Also there are 174 chapters.  With this
> model, we
> >>>>> can easily over-subscribe our funding to chapters, so this is not
> >>>>> sustainable.
> >>>>>
> >>>>> On Mon, Dec 13, 2010 at 9:18 AM, dinis cruz <dinis.cruz at owasp.org>
> >>>>> wrote:
> >>>>>>
> >>>>>> Why not allowing the chapters have those funds? Do you think they
> will
> >>>>>> abuse it?
> >>>>>> There is no reason why chapters cannot have a bigger role in OWASP's
> >>>>>> governance and on money spending activities (for example a chapter
> could
> >>>>>> 'adopt' a number of projects / Committee and on the Summit case
> cover the
> >>>>>> cost of multiple participants). The main thing about money at OWASP
> is
> >>>>>> people feeling empowered to spend it wisely, which if you look
> around is
> >>>>>> actually a big problem at OWASP.
> >>>>>> Everytime we spend a bit of money we tend to make more money, so one
> >>>>>> of the big issues we have at OWASP is for our leaders to feel
> empowered and
> >>>>>> motivated to spend it.
> >>>>>> Ultimately it is all OWASP money, so the more it is wisely spent the
> >>>>>> better (and remember that the local chapters will only screw-up once
> :)
> >>>>>>  i.e. if there are abuses we can always move that money to OWASP
> central)
> >>>>>> And if the chapter cannot find a way to spend the money wisely, then
> >>>>>> after a period (6 or 12 months) that money should go back to OWASP
> central
> >>>>>> (the idea of an 'expiry date' we talked before)
> >>>>>> Dinis Cruz
> >>>>>>
> >>>>>> On 13 December 2010 14:07, Mark Bristow <mark.bristow at owasp.org>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> Sorry I got to push back.  Take AppSec US, your telling me you are
> >>>>>>> fine with them getting 30k in their budget?  Compared with my new
> model
> >>>>>>> that's 27k that the foundation can't spend on stuff like the
> summit.
> >>>>>>> I'm ok with raising the cap to say 5/7 k but I don't see the needs
> of
> >>>>>>> any chapter to have such a substantial budget, especially when
> chapters
> >>>>>>> don't have to front money from their budgets for conferences or
> events (GCC
> >>>>>>> does that) and there are a variety of funding sources like  OotM
> and the
> >>>>>>> $500/$2500 available through dinis's new program..
> >>>>>>> I agree chapters need a pool of funds for a variety of items
> >>>>>>> (especially the ones I can't think of) but I can't see a chapter
> spending
> >>>>>>> 30k even over a few years.
> >>>>>>>
> >>>>>>> -Mark
> >>>>>>> Sent from my wireless device
> >>>>>>> On Dec 13, 2010, at 8:48 AM, dinis cruz <dinis.cruz at owasp.org>
> wrote:
> >>>>>>>
> >>>>>>> I agree with Tin that there shouldn't be a cap on the split to the
> >>>>>>> chapter.
> >>>>>>> Also, with the Summit, we are going to (hopefully) start the
> >>>>>>> tradition that the local funds should also be used for such
> >>>>>>> events/activities (which is where OWASP central would use that
> money).
> >>>>>>> And after all, its all OWASP money, the only difference is 'who
> feels
> >>>>>>> empowered to spend it'
> >>>>>>> On the topic of spending, in the future it might be a good idea to
> >>>>>>> put an expiry date on those funds so that the Chapters/Projects
> don't just
> >>>>>>> sit on the funds
> >>>>>>> Dinis Cruz
> >>>>>>>
> >>>>>>> On 13 December 2010 07:34, Tin Zaw <tin.zaw at owasp.org> wrote:
> >>>>>>>>
> >>>>>>>> I don't think the cap is a good idea. If the conference generates
> >>>>>>>> more than $10k in profit (like AppSec USA did), why not let the
> local
> >>>>>>>> chapter(s) get more share. It's a win-win for both local
> chapter(s) and HQ
> >>>>>>>> -- more incentive to make it more profitable. The cap could also
> mean more
> >>>>>>>> incentive for local chapters to cap conference profits at $10k by
> spending
> >>>>>>>> conference on extravagant stuff like gifts, parties, etc.
> >>>>>>>>
> >>>>>>>> On Sun, Dec 12, 2010 at 5:16 PM, Mark Bristow
> >>>>>>>> <mark.bristow at owasp.org> wrote:
> >>>>>>>>>
> >>>>>>>>> Ooh, important oversite, sorry just not thinking.
> >>>>>>>>> Membership revenue will count to the conference overall budget
> (at
> >>>>>>>>> the normal rate).  This way, it indirectly still helps the
> chapter (by
> >>>>>>>>> increasing profitability) and is infinitely easier for Kate and
> Alison to
> >>>>>>>>> reconcile the ledger.
> >>>>>>>>> On Sun, Dec 12, 2010 at 8:12 PM, Michael Coates
> >>>>>>>>> <michael.coates at owasp.org> wrote:
> >>>>>>>>>>
> >>>>>>>>>> How do you plan to handle Membership signups under this new
> policy
> >>>>>>>>>> (i.e bullet #2 below)?
> >>>>>>>>>>
> >>>>>>>>>> Michael Coates
> >>>>>>>>>> OWASP
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On Dec 12, 2010, at 5:07 PM, Mark Bristow wrote:
> >>>>>>>>>>
> >>>>>>>>>> GCC,
> >>>>>>>>>> The current policy on how conference profit splitting is done is
> >>>>>>>>>> unclear and has been unevenly applied.  This issue has come up
> recently and
> >>>>>>>>>> I can't seem to find a final policy decision on it, so here we
> go.  We
> >>>>>>>>>> should get this squared away with a vote after some debate.
>  Things that
> >>>>>>>>>> people thought it were are:
> >>>>>>>>>>
> >>>>>>>>>> None
> >>>>>>>>>> Chapter gets the normal split of any Membership signups/renewals
> >>>>>>>>>> done with Con registration & at the conference
> >>>>>>>>>> Chapters get 30% of Conference Profits (note, profits not
> >>>>>>>>>> revenue), Conference keeps membership income
> >>>>>>>>>>
> >>>>>>>>>> I propose a new policy:
> >>>>>>>>>> A conference host chapter shall receive 30% of conference
> profits,
> >>>>>>>>>> up to a cap of $3,000 into their chapter expense account.  In
> cases where
> >>>>>>>>>> there are multiple host chapters, 30% of conference profits, up
> to a cap of
> >>>>>>>>>> $4,000 shall be split evenly among the host chapters, or via
> >>>>>>>>>> any distribution agreed upon by the host chapters.  This applies
> to Global
> >>>>>>>>>> AppSec and Regional Conferences.  Profits from local events will
> be split
> >>>>>>>>>> 50/50 with the foundation.
> >>>>>>>>>> Now, before we get into "why do chapters need to get a split at
> >>>>>>>>>> all", a camp I used to be a member of, hosting an
> AppSec conference or
> >>>>>>>>>> regional conference is a HUGE undertaking, as we all know.  I
> think this is
> >>>>>>>>>> a fair policy in compensating the local chapter
> who volunteers much
> >>>>>>>>>> of their time to put on a conference.  While the amounts are
> capped I think
> >>>>>>>>>> it's a reasonable cap as chapters don't generally have large
> expenses.
> >>>>>>>>>> Any thoughts, comments on this?
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Mark Bristow
> >>>>>>>>>> (703) 596-5175
> >>>>>>>>>> mark.bristow at owasp.org
> >>>>>>>>>>
> >>>>>>>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>>>>>>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>>>>>>>>> AppSec DC Organizer - https://www.appsecdc.org
> >>>>>>>>>>
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> Global_conference_committee mailing list
> >>>>>>>>>> Global_conference_committee at lists.owasp.org
> >>>>>>>>>>
> >>>>>>>>>>
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Mark Bristow
> >>>>>>>>> (703) 596-5175
> >>>>>>>>> mark.bristow at owasp.org
> >>>>>>>>>
> >>>>>>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>>>>>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>>>>>>>> AppSec DC Organizer - https://www.appsecdc.org
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> _______________________________________________
> >>>>>>>>> Global_conference_committee mailing list
> >>>>>>>>> Global_conference_committee at lists.owasp.org
> >>>>>>>>>
> >>>>>>>>>
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Tin Zaw, CISSP, CSSLP
> >>>>>>>> Chapter Leader and President, OWASP Los Angeles Chapter
> >>>>>>>> Google Voice: (213) 973-9295
> >>>>>>>> LinkedIn: http://www.linkedin.com/in/tinzaw
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> Global_conference_committee mailing list
> >>>>>>>> Global_conference_committee at lists.owasp.org
> >>>>>>>>
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Mark Bristow
> >>>>> (703) 596-5175
> >>>>> mark.bristow at owasp.org
> >>>>>
> >>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>>>> AppSec DC Organizer - https://www.appsecdc.org
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Mark Bristow
> >>> (703) 596-5175
> >>> mark.bristow at owasp.org
> >>>
> >>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>> AppSec DC Organizer - https://www.appsecdc.org
> >>>
> >>
> >
> >
> >
> > --
> > Mark Bristow
> > (703) 596-5175
> > mark.bristow at owasp.org
> >
> > OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> > OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> > AppSec DC Organizer - https://www.appsecdc.org
> >
> >
> > _______________________________________________
> > Global_conference_committee mailing list
> > Global_conference_committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >
> >
>
>
>
> --
>
> --
>
> Neil
>



-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101213/3a006294/attachment-0001.html 


More information about the Global_conference_committee mailing list