[Governance] [Owasp-board] Bylaw Update Discussion - Board Member Confidence

Bil Corry bil.corry at owasp.org
Mon Aug 24 07:07:30 UTC 2015


Hi Josh,

The current bylaw I see is from last year, which doesn't have the text you
quoted.  It's here:

     https://www.owasp.org/index.php/OWASP_Foundation_ByLaws

I know we discussed changing the bylaws, but I don't know what was
ultimately adopted.  FWIW, this is the wording from last proposed text,
which is very clear on how tabulation is calculated, although it doesn't
give strict time limes for tabulation and confidence voting.  The thought
was to allow the Board some flexibility in how they want to execute it.
But if you'd like it to be formally incorporated into the bylaws, then
please proposed some text.


*SECTION 3.03 Regular Meetings.* The Board of Directors shall have regular
meetings as needed.  A link to the board meeting agenda’s and the
historical minutes is here:
https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall be at
such dates, times, and places as the Board shall determine in December of
the preceding year and as amended by the Board. In no event will there be
less than one meeting per quarter.  These meetings will be open to public
attendance, however, certain portions of the meeting may be closed to board
members  and their delegates when required for legal reasons, or to shield
liability, or to handle personnel issues, or similar.  Attendance in person
or virtually by board members is required at no less than 75% of the total
meetings each year and shall be highly encouraged to meet in person at
least once annually at a date to be announced and agreed upon.  Attendance
is tabulated after every scheduled meeting for the purpose of determining
if the 75% attendance requirement has been met, and the tabulation is based
upon the entire calendar year.  Cancelled meetings are considered attended
for the purposes of the tabulation.  Failure by a board member to meet the
75% attendance requirement after any tabulation will cause a mandatory vote
of confidence by the remaining board members, whose votes will be publicly
recorded.  An overall vote of "no confidence" is recorded if half or more
of the board members vote for it, which causes the board member in question
to be instantly removed from their seat on the board.  Vacancies on the
board are handled as per Section 3.10.





2 OWASP Board of Directors will hold quarterly board meetings lasting 4­6
hours each. The schedule of meetings will be set by the board in December
before the year. It is likely the the board meetings will take place on
Saturdays or on a dedicated day before a large OWASP conference. This
change is a result of the success of the longer format board meeting and
also a result of the Executive Director role that has enabled full time
involvement and focus on OWASP operations. Board members must attend (in
person or virtually) 3 of the 4 meetings to fulfill the attendance
requirements. This will take effect in January, 2014. Changes passed August
19, 2013.

3 “and shall be highly encouraged to meet in person at least once annually
at a date to be announced and agreed upon” amendment to document passed
June 10, 2013.



- Bil


On Sat, Aug 22, 2015 at 6:01 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Board,
>
> As recently discussed and voted on in a separate thread, our current
> Bylaws state as follows:
>
> *Failure by a board member to meet the 75% attendance requirement after
> any tabulation will cause a mandatory vote of confidence by the remaining
> board members, whose votes will be publicly recorded.  An overall vote of
> "no confidence" is recorded if half or more of the board members vote for
> it, which causes the board member in question to be instantly removed from
> their seat on the board.*
>
> I see a few issues with this:
>
>    - The timeframe that this applies to is unspecified.  Is it per
>    quarter?  Per calendar year?  Over the two year duration of a Board member
>    term?  Over the cumulative time that a Board member is in office?  I'm
>    guessing that the intent is for this to be over the calendar year, but if
>    anyone disagrees and has a different interpretation, please let me know.
>    - The definition of "tabulation" is unspecified.  Who is doing the
>    tabulation?  Is there a certain time that this tabulation is conducted?
>    I'm guessing that the intent is for this to be based on the attendance role
>    that is captured during the Board meeting, but if anyone disagrees and has
>    a different interpretation, please let me know.
>    - The method of tabulation is unspecified.  If we are tabulating
>    sequentially, then we have a situation where if a Board member missed their
>    first meeting, a vote is required to be held for three tabulations (0%,
>    50%, and 66%) until they make it up over 75%.  I am guessing that the
>    intent is for this to be tabulated assuming attendance for all future
>    meetings and action would be taken if the person would be unable to
>    maintain 75% attendance, but if anyone disagrees and has a different
>    interpretation, please let me know.
>    - The timeframe for the vote is unspecified.  It just says that it
>    will cause a mandatory vote of confidence, but never says when that vote is
>    supposed to take place or who is supposed to initiate it.  Is it to be
>    handled immediately at the time of tabulation?  Is it handled offline over
>    e-mail as we recently did?  Is it handled at the next Board meeting?  Based
>    on the current verbiage, technically the Board could drag it's heels on it
>    indefinitely.  I would think that something reasonable would be having the
>    vote initiated by our Executive Director within two weeks of the tabulation
>    that found them to be not meeting their attendance requirements.  If there
>    is a Board meeting during that window, then it could be handled then, or
>    handled via the mailing list otherwise.  That provides time to handle the
>    situation and removes any Board member bias from the initiation of the vote.
>    - This does not offer the offender an opportunity to explain why they
>    failed to meet their attendance requirement.  I think that a reasonable
>    process would assume that there is a rational explanation for why they did
>    not attend.  Maybe it's because all of the meetings were being held at 2 AM
>    in their timezone.  Maybe it's because of a death in the family.  I think
>    this process should take the personal factor into consideration.
>
> With the above in mind, I don't see a reason to lower the bar from 75%.
> My thinking is that this is a reasonable expectation to have of a Board
> member with all things being equal.  It may not be the best measure of
> engagement, but it is still a responsibility that all Board members are
> aware of going into it, and I am not aware of it having been an issue in
> the past (until now), so I'm not sure why we would change it now that one
> Board member had a vote initiated for it.  I would propose that we update
> the language in order to better clarify my bullet points above, but leave
> the requirement itself in place.  Please provide your thoughts regarding
> each of these bullet points (or any other issues that you think need to be
> addressed here).  Once we have some level of agreement with these, I can
> take the action item of re-writing this section of the Bylaws in order to
> incorporate these changes.  Thanks.
>
> ~josh
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150824/7482744e/attachment.html>


More information about the Governance mailing list