[Global_conference_committee] [Global_chapter_committee] [Global_membership_committee] Conference/Chapter Revenue Splitting

Tin Zaw tin.zaw at owasp.org
Tue Dec 21 22:47:01 EST 2010

Mark, you do not need to snip anything. I said it on the record and I stand
by it.

And I agree, OWASP's needs come first, hence 75% of the proceeds, and the
local chapter's needs come second, hence 25% of the proceeds. In this case,
the local chapters over-fund OWASP, not the other way around.

After such split, with OWASP being first, local chapters should have certain
freedom, within OWASP guidelines, on how they allocate their funds. They
should not feel guilty for it. In case it is not noticed, this is the core
of the matter here.

As I mentioned for the Summit cost, I am willing to negotiate, and I believe
Kate and Dinis have made some good arguments on why spending chapter funds
for the Summit is a good idea.

We could go a long way if we all collaborate.


On Tue, Dec 21, 2010 at 6:52 PM, Mark Bristow <mark.bristow at owasp.org>wrote:

> This to me is a great example of why we should not over-fund chapters....
> Some context, this chapter is proposing that, even tho they have ample
> funds to send some of their leaders to the summit, that they split the cost
> 50/50 with the foundation even after Tom's call for "donations" to the
> summit fund from local chapter funds.  Clearly the summit is a huge priority
> for OWASP, however in the isolation of this chapter, it's not as important.
> <snip>
> As for local chapter funds, I have not been informed of, nor do I subscribe
> to the notion that funds are to be used for next calendar year. Our plans
> for chapter funds are for 2011 and beyond, with recognition that we will not
> be hosting AppSec -- and enjoy its proceeds -- anytime soon. Our current
> plans include more local outreach, support for local university chapters,
> and potential rental expenses for chapter meetings or mini-conferences when
> we outgrow space. In addition, I plan to leave the chapter in a better
> financial shape when I step down one day.
> I hope my points are understandable. I also understand that OWASP plans to
> bring as many people as possible, and if and when it comes down to financial
> necessity, I am willing to negotiate other options.
> </snip>
> While I've snipped out the bits that identify the chapter, the message is
> almost perfectly intact.  It's pretty clear to me that the foundation could
> really use some of these funds currently, however the chapter disagrees and
> therefore we have to hunt for funds elsewhere.
> I agree it's a TON of work to organize a conference, I've done it directly
> 2 years in a row.  But the motivation for doing so should not be a financial
> one and the needs of the foundation should always come first, because in the
> end, it was an OWASP event, not a chapter one.
> On Sun, Dec 19, 2010 at 2:58 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> The Samy tour is a great example of what happens when you remove from the
>> Chapters the responsibility to make the initial decision (and some of the
>> financial cost).
>> John's email below is spot on, when I talk about 'financial paralysis' and
>> the inability from our chapter leaders to spend (or ask) for money, that is
>> exactly what I'm talking about. If (in the curent model) John W. doesn't
>> feel confortable in asking for money, then who is?
>> Our current OWASP culture, doesn't promote a 'spending proactivity' of our
>> projects and chapter leaders. In fact, it is not even enough to say *'here
>> is money, we trust you, go and spend it'* (as we see with the 30k
>> allocated to Projects, Committees and Chapters which has barely been used).
>> I think that this is a reflection of the normal non-OWASP world where
>> there are always very strong controls on the use of financial resources.
>> Add to that a *"I don't need the headache of having to justify why I need
>> the money"* to a *"If I'm doing this for OWASP and I have the track
>> record, why should I even have to justify it"* to a *"I really like OWASP
>> and don't want to spend the resources badly"*  to a *"What are the rules
>> for engagement if it doesn't work out as well as I would like it to?"*you have a perfect storm for inaction
>> Dinis Cruz
>> On 17 December 2010 12:21, John Wilander <john.wilander at owasp.org> wrote:
>>> Gosh, some heavy emailing going on here.
>>> Just a short one to answer Mark's request for examples of chapters being
>>> denies funding.
>>> I think this is not a case of chapters asking for money and being denied.
>>> No such examples to my knowledge. I think the case is "we have no money so
>>> we don't do X and Y". Chapters don't feel empowered or comfortable to write
>>> an email to Mark or Kate and ask for $. Instead they strive in mediocracy
>>> and skip doing better events.
>>> In concrete terms ... Samy Kamkar's talks at several European chapters
>>> were a huge success. But they were *not* initiated by empowered
>>> chapters. It was a *central* OWASP initiative with a *central* funding
>>> solution in place. Now OWASP Sweden wants to pursue this path and invite
>>> Mario Heiderich, Gareth Heyes, Dinis Cruz etc. Great! But have we written an
>>> email to Mark yet? No. Not even I, being a member of the GCC, feel
>>> comfortable asking for the foundation's money to run a local event.
>>> In this case OWASP Sweden actually has money. Why? Because we got a share
>>> of the revenue from OWASP AppSec in Stockholm. So we're going to fly Mario
>>> Heiderich in and build upon the success with Samy. We already have more than
>>> 500 members and we asked them what we should use the chapter's money for.
>>> Answer: More international experts giving talks and tutorials. This is what
>>> the chapter members want.
>>> (Of course we will try to find sponsors to lower the chapter's costs and
>>> we will try to cooperate with OWASP Finland and Norway so we can share
>>> travel costs.)
>>>    Regards, John
>>> 2010/12/16 L. Gustavo C. Barbato <lgbarbato at owasp.org>
>>>> I also defend the idea of collaboration between chapters in order to
>>>> achieve great conferences results - when I say collaboration I do mean
>>>> collaborate <http://dictionary.reference.com/browse/collaborate> (*to
>>>> work, one with another; cooperate, as on a literary work*), in other
>>>> words, without having profits in mind.
>>>> However, aiming to compensate the collaboration on conferences and have
>>>> a fair support of OWASP, I do defend the idea of having conferences in
>>>> different cities yearly according to local chapters locations. Nevertheless,
>>>> we can't forget the hard work necessary of local chapters to host a
>>>> conference -- I know that because after the AppSec Brazil 2010 (last month),
>>>> I don't stop thinking and working on AppSec 2011 -- it's already being
>>>> time-consuming.
>>>> L. *Gustavo* C. *Barbato*, Ph.D.
>>>> Chapter Leader, OWASP Porto Alegre / *Brazil*
>>>> Global Chapter Committee Member
>>>>  http://www.owasp.org/index.php/User:Gustavo_Barbato
>>>> On 12/15/2010 12:29 PM, Mark Bristow wrote:
>>>> Comments forwarded on Lucas's behalf (he's on vacation and can't send as
>>>> the right user.....)
>>>>  =======
>>>>  I don't like the idea of having one chapter getting so more funds then
>>>> others. For AppSec Brasil, we will have people from multiple chapters
>>>> involved and it would not be nice to have one chapter getting all the
>>>> money. Having to decide a split amongst chapters would need energy
>>>> that could be better used somewhere else.
>>>> In principle, I don't like the idea of having chapters "fighting" for
>>>> money, and we may have this in the future if the chapter split is too
>>>> high. I'm afraid collaboration may decrease in the long run. On the
>>>> oher hand, I'd like to see a solution that increases the involvement
>>>> of chapter leader in our conferences, specially to have people from
>>>> different chpaters to collaborate in conference teams.
>>>> I think that having many chapters with some money is better than
>>>> having a few chapters with a lot of money. I think we should invest
>>>> more in getting more active chapters than making a few chapters more
>>>> active.
>>>> The fund idea seams a good solution to me.
>>>> Regards,
>>>> Lucas
>>>> On Tue, Dec 14, 2010 at 7:19 PM, Neil Matatall <neil at owasp.org> wrote:
>>>>> Well this thread has become epic and unfortunately I haven't been able
>>>>> to catch all of the ideas.  I really hope I can catch up, but why
>>>>> don't we have a conference call or discuss this at the summit (those
>>>>> not in attendance will have to be accommodated somehow)?
>>>>> Times like these make me wish my phone has an "threaded" email view :(
>>>>> On Tue, Dec 14, 2010 at 12:13 PM, Jason Li <jason.li at owasp.org> wrote:
>>>>> > So taking Michael's suggestion of starting fresh, I've cleared the
>>>>> long
>>>>> > quote of the thread.
>>>>> > As an observer to the thread, I'm going to capture what I think has
>>>>> been
>>>>> > mentioned so far on the thread.
>>>>> >
>>>>> > And then I'll weigh in with my humble opinion, keeping in mind that I
>>>>> am not
>>>>> > involved in the Conferences Committee, Membership Committee, Chapter
>>>>> > Committee, or the Board (in other words, I'm a nobody in this
>>>>> conversation
>>>>> > :)).
>>>>> > ----
>>>>> > Summary of Problem:
>>>>> > Where does Conference revenue go?
>>>>> > Points of Concern:
>>>>> > 1) Conferences are put on with the assistance of local chapters and
>>>>> > coordination/support from the OWASP mothership
>>>>> > 2) We want a way to reward local chapters for their help with
>>>>> > running/coordinating a conference
>>>>> > 3) We want conference attendees the option to get OWASP Memberships
>>>>> bundled
>>>>> > in with the conference
>>>>> > 4) Chapters need money to do things
>>>>> > -------
>>>>> > Now with that out of the way, my personal thoughts:
>>>>> > #4 is completely independent of Conference revenue. There are lots of
>>>>> other
>>>>> > OWASP sectors that also need money to do things (Projects and Summits
>>>>> for
>>>>> > example). If there is a need for Chapters to do something, then this
>>>>> should
>>>>> > be allocated out of the main OWASP mothership budget and not out of
>>>>> > Conference revenue.
>>>>> > In my view, conference revenue should go to one of three places:
>>>>> > 1) OWASP Mothership fund (where the Board can then re-allocate as
>>>>> needed to
>>>>> > support Chapters or other initiatives as appropriate)
>>>>> > 2) Local Chapter(s) supporting the conference (in order to recognize
>>>>> their
>>>>> > support)
>>>>> > 3) Conferences fund managed by the Conferences Committee
>>>>> > I'm not even sure if #3 is really necessary as that could also fall
>>>>> under
>>>>> > #1.
>>>>> > The only real debate is what proportion of the revenue should go into
>>>>> which
>>>>> > bucket. That's where I believe this debate originally started. All
>>>>> this
>>>>> > other talk about chapter needs and a chapter fund has clouded the
>>>>> > discussion.
>>>>> > -Jason
>>>>>  > _______________________________________________
>>>>> > Global_conference_committee mailing list
>>>>> > Global_conference_committee at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>>> >
>>>>> >
>>>>> --
>>>>>  --
>>>>> Neil
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>> _______________________________________________
>>>> Global_chapter_committee mailing listGlobal_chapter_committee at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>>> _______________________________________________
>>>> Global_conference_committee mailing list
>>>> Global_conference_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>> --
>>> John Wilander, https://twitter.com/johnwilander
>>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>>>  <http://owaspsweden.blogspot.com>Co-organizer Global Summit,
>>> http://www.owasp.org/index.php/Summit_2011
>>> <http://www.owasp.org/index.php/Summit_2011>Conf Comm,
>>> http://www.owasp.org/index.php/Global_Conferences_Committee
>>> _______________________________________________
>>> Global_conference_committee mailing list
>>> Global_conference_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>> _______________________________________________
>> Global_conference_committee mailing list
>> Global_conference_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee

Chapter Leader and President, OWASP Los Angeles Chapter
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101221/0b5417ec/attachment-0001.html 

More information about the Global_conference_committee mailing list