[Governance] [Owasp-board] Bylaw Update Discussion - Board Member Confidence

Bil Corry bil.corry at owasp.org
Tue Aug 25 09:22:10 UTC 2015


Hi Josh,

Tabulation is described as thus (emphasis is mine):

"Attendance is tabulated after every scheduled meeting for the purpose of
determining if the 75% attendance requirement has been met, and the
tabulation is *based upon the entire calendar year.*"

That means if there are 12 meetings during the year and you miss the first
meeting, your attendance is 11/12 or 92%.  No vote required.

As far as your other concerns, I've updated the text below, hopefully I've
covered it all?  I pulled deadlines out of thin air, so feel free to tweak
the numbers and method of voting.


*SECTION 3.03 Regular Meetings.* The Board of Directors shall have regular
meetings as needed.  A link to the board meeting agenda’s and the
historical minutes is here:
https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall be at
such dates, times, and places as the Board shall determine in December of
the preceding year and as amended by the Board. In no event will there be
less than one meeting per quarter.  These meetings will be open to public
attendance, however, certain portions of the meeting may be closed to board
members and their delegates when required for legal reasons, or to shield
liability, or to handle personnel issues, or similar.  Attendance in person
or virtually by board members is required at no less than 75% of the total
meetings each year and shall be highly encouraged to meet in person at
least once annually at a date to be announced and agreed upon.  Attendance
is tabulated by the Executive Director or delegate within seven days after
every scheduled meeting for the purpose of determining if the 75%
attendance requirement has been met, and the tabulation is based upon the
entire calendar year.  Cancelled meetings are considered attended for the
purposes of the tabulation.  Failure by a board member to meet the 75%
attendance requirement after any tabulation will cause a mandatory vote of
confidence by the remaining board members, whose votes will be publicly
recorded.  The vote of confidence is to take place within 21 days, but not
sooner than 7 days, of notification by the Executive Director or delegate
that a board member has not met the attendance threshold.  During the first
seven days, the board member in question will have an opportunity to make
their case to their fellow board members.  The vote of confidence will take
place on the OWASP Board of Directors email list, unless the Board votes to
review the matter at their next meeting, so long as the next meeting occurs
within the 21-day window.  An overall vote of "confidence" is record if
half or more of the board members vote for it and it will prevent further
votes of confidence for the remainder of the year so long as the board
member in question does not miss any further meetings.  An overall vote of
"no confidence" is recorded if more than half of the board members vote for
it, which causes the board member in question to be instantly removed from
their seat on the board.  Vacancies on the board are handled as per Section
3.10.




2 OWASP Board of Directors will hold quarterly board meetings lasting 4­6
hours each. The schedule of meetings will be set by the board in December
before the year. It is likely the the board meetings will take place on
Saturdays or on a dedicated day before a large OWASP conference. This
change is a result of the success of the longer format board meeting and
also a result of the Executive Director role that has enabled full time
involvement and focus on OWASP operations. Board members must attend (in
person or virtually) 3 of the 4 meetings to fulfill the attendance
requirements. This will take effect in January, 2014. Changes passed August
19, 2013.

3 “and shall be highly encouraged to meet in person at least once annually
at a date to be announced and agreed upon” amendment to document passed
June 10, 2013.




- Bil


On Mon, Aug 24, 2015 at 2:31 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Bil,
>
> I initiated a Board vote on the new text that you had proposed back in
> April or May this year and the Board unanimously voted to approve.  Paul
> has been working to try to identify all of the changes that have been made
> (there's only been one or two this year) in order to get a new version of
> the Bylaws on the website.  Regardless, the one that is there is definitely
> out-of-date.
>
> With respect to your update, thank you, I was thinking something similar
> as well, but this doesn't address a few of my bullet points:
>
>    - The method of tabulation is unspecified.  If we are tabulating
>    sequentially, then we have a situation where if a Board member missed their
>    first meeting, a vote is required to be held for three tabulations (0%,
>    50%, and 66%) until they make it up over 75%.  I am guessing that the
>    intent is for this to be tabulated assuming attendance for all future
>    meetings and action would be taken if the person would be unable to
>    maintain 75% attendance, but if anyone disagrees and has a different
>    interpretation, please let me know.
>    - The timeframe for the vote is unspecified.  It just says that it
>    will cause a mandatory vote of confidence, but never says when that vote is
>    supposed to take place or who is supposed to initiate it.  Is it to be
>    handled immediately at the time of tabulation?  Is it handled offline over
>    e-mail as we recently did?  Is it handled at the next Board meeting?  Based
>    on the current verbiage, technically the Board could drag it's heels on it
>    indefinitely.  I would think that something reasonable would be having the
>    vote initiated by our Executive Director within two weeks of the tabulation
>    that found them to be not meeting their attendance requirements.  If there
>    is a Board meeting during that window, then it could be handled then, or
>    handled via the mailing list otherwise.  That provides time to handle the
>    situation and removes any Board member bias from the initiation of the vote.
>    - This does not offer the offender an opportunity to explain why they
>    failed to meet their attendance requirement.  I think that a reasonable
>    process would assume that there is a rational explanation for why they did
>    not attend.  Maybe it's because all of the meetings were being held at 2 AM
>    in their timezone.  Maybe it's because of a death in the family.  I think
>    this process should take the personal factor into consideration.
>
> Would you care to take a stab at addressing these?  If not, I can
> certainly take a shot at it as well.
>
> ~josh
>
> On Mon, Aug 24, 2015 at 2:07 AM, Bil Corry <bil.corry at owasp.org> wrote:
>
>> Hi Josh,
>>
>> The current bylaw I see is from last year, which doesn't have the text
>> you quoted.  It's here:
>>
>>      https://www.owasp.org/index.php/OWASP_Foundation_ByLaws
>>
>> I know we discussed changing the bylaws, but I don't know what was
>> ultimately adopted.  FWIW, this is the wording from last proposed text,
>> which is very clear on how tabulation is calculated, although it doesn't
>> give strict time limes for tabulation and confidence voting.  The thought
>> was to allow the Board some flexibility in how they want to execute it.
>> But if you'd like it to be formally incorporated into the bylaws, then
>> please proposed some text.
>>
>>
>> *SECTION 3.03 Regular Meetings.* The Board of Directors shall have
>> regular meetings as needed.  A link to the board meeting agenda’s and the
>> historical minutes is here:
>> https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall be
>> at such dates, times, and places as the Board shall determine in December
>> of the preceding year and as amended by the Board. In no event will there
>> be less than one meeting per quarter.  These meetings will be open to
>> public attendance, however, certain portions of the meeting may be closed
>> to board members  and their delegates when required for legal reasons, or
>> to shield liability, or to handle personnel issues, or similar.  Attendance
>> in person or virtually by board members is required at no less than 75% of
>> the total meetings each year and shall be highly encouraged to meet in
>> person at least once annually at a date to be announced and agreed upon.
>> Attendance is tabulated after every scheduled meeting for the purpose of
>> determining if the 75% attendance requirement has been met, and the
>> tabulation is based upon the entire calendar year.  Cancelled meetings are
>> considered attended for the purposes of the tabulation.  Failure by a board
>> member to meet the 75% attendance requirement after any tabulation will
>> cause a mandatory vote of confidence by the remaining board members,
>> whose votes will be publicly recorded.  An overall vote of "no confidence"
>> is recorded if half or more of the board members vote for it, which causes
>> the board member in question to be instantly removed from their seat on the
>> board.  Vacancies on the board are handled as per Section 3.10.
>>
>>
>>
>>
>>
>> 2 OWASP Board of Directors will hold quarterly board meetings lasting 4­6
>> hours each. The schedule of meetings will be set by the board in December
>> before the year. It is likely the the board meetings will take place on
>> Saturdays or on a dedicated day before a large OWASP conference. This
>> change is a result of the success of the longer format board meeting and
>> also a result of the Executive Director role that has enabled full time
>> involvement and focus on OWASP operations. Board members must attend (in
>> person or virtually) 3 of the 4 meetings to fulfill the attendance
>> requirements. This will take effect in January, 2014. Changes passed August
>> 19, 2013.
>>
>> 3 “and shall be highly encouraged to meet in person at least once
>> annually at a date to be announced and agreed upon” amendment to document
>> passed June 10, 2013.
>>
>>
>>
>> - Bil
>>
>>
>> On Sat, Aug 22, 2015 at 6:01 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> Board,
>>>
>>> As recently discussed and voted on in a separate thread, our current
>>> Bylaws state as follows:
>>>
>>> *Failure by a board member to meet the 75% attendance requirement after
>>> any tabulation will cause a mandatory vote of confidence by the remaining
>>> board members, whose votes will be publicly recorded.  An overall vote of
>>> "no confidence" is recorded if half or more of the board members vote for
>>> it, which causes the board member in question to be instantly removed from
>>> their seat on the board.*
>>>
>>> I see a few issues with this:
>>>
>>>    - The timeframe that this applies to is unspecified.  Is it per
>>>    quarter?  Per calendar year?  Over the two year duration of a Board member
>>>    term?  Over the cumulative time that a Board member is in office?  I'm
>>>    guessing that the intent is for this to be over the calendar year, but if
>>>    anyone disagrees and has a different interpretation, please let me know.
>>>    - The definition of "tabulation" is unspecified.  Who is doing the
>>>    tabulation?  Is there a certain time that this tabulation is conducted?
>>>    I'm guessing that the intent is for this to be based on the attendance role
>>>    that is captured during the Board meeting, but if anyone disagrees and has
>>>    a different interpretation, please let me know.
>>>    - The method of tabulation is unspecified.  If we are tabulating
>>>    sequentially, then we have a situation where if a Board member missed their
>>>    first meeting, a vote is required to be held for three tabulations (0%,
>>>    50%, and 66%) until they make it up over 75%.  I am guessing that the
>>>    intent is for this to be tabulated assuming attendance for all future
>>>    meetings and action would be taken if the person would be unable to
>>>    maintain 75% attendance, but if anyone disagrees and has a different
>>>    interpretation, please let me know.
>>>    - The timeframe for the vote is unspecified.  It just says that it
>>>    will cause a mandatory vote of confidence, but never says when that vote is
>>>    supposed to take place or who is supposed to initiate it.  Is it to be
>>>    handled immediately at the time of tabulation?  Is it handled offline over
>>>    e-mail as we recently did?  Is it handled at the next Board meeting?  Based
>>>    on the current verbiage, technically the Board could drag it's heels on it
>>>    indefinitely.  I would think that something reasonable would be having the
>>>    vote initiated by our Executive Director within two weeks of the tabulation
>>>    that found them to be not meeting their attendance requirements.  If there
>>>    is a Board meeting during that window, then it could be handled then, or
>>>    handled via the mailing list otherwise.  That provides time to handle the
>>>    situation and removes any Board member bias from the initiation of the vote.
>>>    - This does not offer the offender an opportunity to explain why
>>>    they failed to meet their attendance requirement.  I think that a
>>>    reasonable process would assume that there is a rational explanation for
>>>    why they did not attend.  Maybe it's because all of the meetings were being
>>>    held at 2 AM in their timezone.  Maybe it's because of a death in the
>>>    family.  I think this process should take the personal factor into
>>>    consideration.
>>>
>>> With the above in mind, I don't see a reason to lower the bar from 75%.
>>> My thinking is that this is a reasonable expectation to have of a Board
>>> member with all things being equal.  It may not be the best measure of
>>> engagement, but it is still a responsibility that all Board members are
>>> aware of going into it, and I am not aware of it having been an issue in
>>> the past (until now), so I'm not sure why we would change it now that one
>>> Board member had a vote initiated for it.  I would propose that we update
>>> the language in order to better clarify my bullet points above, but leave
>>> the requirement itself in place.  Please provide your thoughts regarding
>>> each of these bullet points (or any other issues that you think need to be
>>> addressed here).  Once we have some level of agreement with these, I can
>>> take the action item of re-writing this section of the Bylaws in order to
>>> incorporate these changes.  Thanks.
>>>
>>> ~josh
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150825/64f73f32/attachment-0001.html>


More information about the Governance mailing list