<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Sorry all, I changed my mind mid email and meant to delete this.<br>
    <br>
    I support following the bylaws and triggered a vote. I personally am
    voting "no" to remove Fabio.<br>
    <br>
    Aloha,<br>
    Jim<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 8/18/15 8:35 AM, Jim Manico wrote:<br>
    </div>
    <blockquote cite="mid:55D37AF9.2030705@owasp.org" type="cite">
      <meta content="text/html; charset=windows-1252"
        http-equiv="Content-Type">
      Josh,<br>
      <br>
      First of all I have good attendance and my comments are not for
      personal benefit.<br>
      <br>
      Since the board is globally distributed, I think we should be more
      forgiving. To penalize a board member because they missed two
      meetings that were held at Midnight is not at all reasonable to
      me. I'm all about fiduciary duty and commitment and all that - but
      I'm also about sleep and Maslow's hierarchy of needs. I consider
      sleeping to be a Physiological need, the more core need from
      Maslow. I place attending OWASP Board meetings at the "Self
      actualization" portions of Maslows hierarchy. So while <br>
      <br>
      - Jim<br>
      <br>
      <div class="moz-cite-prefix">On 8/18/15 8:22 AM, Josh Sokol wrote:<br>
      </div>
      <blockquote
cite="mid:CAFwvDey9oCQG8S2HXErO6-Q3VCqx7GWa9Hr5Mh239JAtQWifEw@mail.gmail.com"
        type="cite">
        <div dir="ltr">
          <div>I agree 100% Eoin.  The rule is there for a reason. 
            Voting to change it is one thing, but that change cannot be
            applied retroactively to the present situation.  The Bylaws
            are very clear in that this should trigger a Board vote to
            determine whether they should be removed.  I am absolutely
            pushing for that vote to happen, regardless of whether it
            actually results in a removal.  If the Board wants to
            evaluate a change to the Bylaws at a later date, then so be
            it, but I will not support it.  The Board is a commitment. 
            When you run, you are doing so knowing that meetings will
            not always happen when convenient and that you are expected
            to attend 75% of them.  There are certainly extenuating
            circumstances where a case could be made here, but I don't
            think I've heard any thus far.<br>
            <br>
          </div>
          ~josh<br>
        </div>
        <div class="gmail_extra"><br>
          <div class="gmail_quote">On Tue, Aug 18, 2015 at 1:04 PM, Eoin
            Keary <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="auto">
                <div>Sorry I have to write this email....but...</div>
                <div><br>
                </div>
                <div>I hope you don't change the rules just because
                  certain members have not complied by them....</div>
                <div><br>
                </div>
                <div>I was forwarded some emails regarding board
                  attendance today which appear that the 75% rule of
                  board meeting attendance is now going to be changed
                  because some folks on the board have issue with it. </div>
                <div><br>
                </div>
                <div>This is like turkeys voting for Christmas.</div>
                <div><br>
                </div>
                <div>I respectfully hope the board abides by its owen
                  guidelines, if not I have great issue with the
                  foundations governance.</div>
                <div><br>
                </div>
                <div>Respect, for the good guys in OWASP. </div>
                <span class="">
                  <div><br>
                    <br>
                    Eoin Keary
                    <div>OWASP Volunteer</div>
                    <div>@eoinkeary</div>
                    <div><span style="font-size:13pt"><br>
                      </span></div>
                    <div><br>
                    </div>
                  </div>
                </span>
                <div>
                  <div class="h5">
                    <div><br>
                      On 18 Aug 2015, at 17:08, Josh Sokol <<a
                        moz-do-not-send="true"
                        class="moz-txt-link-abbreviated"
                        href="mailto:josh.sokol@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>>

                      wrote:<br>
                      <br>
                    </div>
                    <blockquote type="cite">
                      <div>
                        <div dir="ltr">
                          <div>
                            <div>
                              <div>
                                <div>
                                  <div>Johanna,<br>
                                    <br>
                                    <blockquote style="margin:0px 0px
                                      0px 0.8ex;border-left:1px solid
                                      rgb(204,204,204);padding-left:1ex"
                                      class="gmail_quote">So far I
                                      remember , the idea was proposed
                                      to the board by you and the board
                                      took the decision to implement
                                      Committee 2.0. I believe this was
                                      done with all good intentions but
                                      is not working.<br>
                                    </blockquote>
                                    <br>
                                  </div>
                                  Actually, I would argue that even
                                  though there's only a single committee
                                  right now, it is working exactly as
                                  intended.  The truth is that OWASP's
                                  leadership sits somewhere in-between
                                  an Oligarchy (as you describe it) and
                                  an Anarchy.  We're currently somewhere
                                  between Democracy and Ochlocracy
                                  depending on the topic if you really
                                  want to get technical.  In any case,
                                  what you need to realize is that
                                  somebody needs to have the power to
                                  make decisions or decisions will never
                                  get made and we veer into Anarchy. 
                                  What Committees 2.0 did is specify
                                  that decision making power starts with
                                  the Board as they have the fiduciary
                                  responsibility for the OWASP
                                  Foundation in all legal sense.  What
                                  it also did is allow any of our
                                  leaders to carve out a piece of that
                                  power that they are passionate about
                                  and run with it, just as you did with
                                  projects.  I really thought that we
                                  would see some other committees pop up
                                  similar to what we had before in other
                                  core areas of OWASP like Governance or
                                  Chapters, but the fact that there
                                  isn't just tells me that as of yet, no
                                  leader is passionate enough about it
                                  to carve out that power.  Maybe it's
                                  because of time commitments or because
                                  of some perceived "red tape" or even
                                  (I hope) because most people think the
                                  Board is doing an OK job making
                                  decisions, but the fact is that the
                                  ability is there and you are an
                                  example of it being used.  So, as I
                                  said, the system is working.  Where
                                  this is a void in the community
                                  wanting to take the power to make
                                  decisions, the Board fills that void. 
                                  In other words, if the community
                                  really thinks that they can do
                                  something better than the Board, they
                                  can form a Committee (or "Action Team"
                                  or "Initiative" or whatever they want
                                  to call it), and do it.<br>
                                  <br>
                                  <blockquote style="margin:0px 0px 0px
                                    0.8ex;border-left:1px solid
                                    rgb(204,204,204);padding-left:1ex"
                                    class="gmail_quote">Projects are
                                    global. They promote owasp at a
                                    global level. What is OWASP known
                                    for? for its chapters? Its
                                    conferences? I strongly believe
                                    OWASP is know for its projects, Code
                                    Review, Testing guide, the Cheat
                                    Sheets, ASVS, ZAP... Many references
                                    in major publications refer to OWASP
                                    top ten and respect them because of
                                    its projects.PCI  and major vendors
                                    use them as reference and
                                    guidelines.<br>
                                  </blockquote>
                                  <br>
                                </div>
                                There is no doubt in my mind that
                                Projects are important for OWASP.  They
                                spread our mission in places where even
                                our Chapters cannot go.  But, if you
                                want to talk about where most people
                                interface with OWASP, it's not projects,
                                it's Chapters.  You won't find a
                                reference in a major publication to the
                                OWASP Austin Chapter, for example, but
                                we held a CryptoParty in January and
                                invited members of our community, the
                                media, etc to participate because we
                                wanted to educate others on the
                                importance of privacy.  You're
                                passionate about OWASP Projects, I get
                                that, and I love it.  I'm passionate
                                about OWASP Chapters.  Neither should be
                                trivialized as they both play a very
                                important role within OWASP.<br>
                                <br>
                                <blockquote style="margin:0px 0px 0px
                                  0.8ex;border-left:1px solid
                                  rgb(204,204,204);padding-left:1ex"
                                  class="gmail_quote">I would like to
                                  see is a better schema for them to get
                                  more awareness, especially people
                                  doing great things and because of lack
                                  of funds cannot promote their
                                  projects. Chapters are rich ,projects
                                  are poor. That is in my opinion a huge
                                  misbalance.<br>
                                </blockquote>
                                <br>
                              </div>
                              We have many chapters with small bank
                              accounts, some even negative, and a few
                              with quite large accounts.  Total it all
                              up and it's a pretty decent sum of money. 
                              But, what you're arguing for here is
                              effectively Socialism.  You're saying that
                              it doesn't matter that the OWASP chapter
                              in Denver busted their ass (it is over a
                              year's worth of effort by a team of
                              people) to put on last year's AppSecUSA
                              Conference.  It doesn't matter that it can
                              cost a chapter hundreds if not thousands
                              of dollars to rent meeting space, bring in
                              food, fly in speakers, etc.  You only see
                              that they have money, you do not, and you
                              want it.  Not because you have a plan to
                              spend it either, because if you did you
                              could simply ask the Foundation for it,
                              but because it is perceived as being
                              disproportionate.  There is no payoff for
                              OWASP's mission if we rob from the rich,
                              give to the poor, and at the end of the
                              day still just have money sitting in a
                              savings account.  This highlights the
                              underlying issue here.  The issue is not
                              that Chapters or Projects HAVE money.  The
                              issue is that they have money and are NOT
                              SPENDING IT to further the OWASP Mission. 
                              Thus, the approach to fix this issue (and
                              I agree that it's an issue) shouldn't be
                              to take away their money, it should be to
                              get them to spend it.<br>
                              <br>
                              <blockquote style="margin:0px 0px 0px
                                0.8ex;border-left:1px solid
                                rgb(204,204,204);padding-left:1ex"
                                class="gmail_quote">The limit of
                                USD2,000- for supporting a project
                                leader a year is for most leaders not
                                enough. If a leader outside US or EU is
                                invited to blackhat , that amount is not
                                enough to cover his traveling expenses. 
                                And thats the maximum he can have in a
                                year after filling on forms and going
                                through some back-and-forth emails with
                                the staff...<br>
                              </blockquote>
                              <br>
                            </div>
                            Ahhhhh, finally we get to the root of the
                            issue.  The issue isn't that money isn't
                            available, because, frankly, we had a
                            significant amount of money budgeted last
                            year that wasn't used.  The issue is that
                            there is a cap on what any one project
                            leader can request/spend.  My personal
                            opinion here is that this $2k cap should be
                            treated as a guideline, not a rule.  It is
                            likely in place to prevent abuse by having a
                            significant amount of money from the pool go
                            to any one individual.  But, that cap
                            certainly should not prevent the OWASP
                            Foundation from investing in the projects,
                            and people behind the projects, to make them
                            better.  The Board entrusts Paul, as
                            Executive Director, and the OWASP staff to
                            handle the day-to-day operations of the
                            OWASP Foundation.  Part of their job is to
                            review these types of requests in order to
                            determine whether they make sense and there
                            are funds available.  That said, if you get
                            to a point where you feel that they are
                            being unreasonable, the Board can certainly
                            step in and try to determine if an exception
                            should be made.  So, net-net, maybe that $2k
                            cap is too low.  Should we raise it?  If so,
                            what should it be?  What amount would be
                            reasonable for any one individual to consume
                            from that shared pool of funds?  Guidelines
                            can be changed.  Guidelines can even be
                            overruled for the right reasons.  This is a
                            relatively minor issue that it sounds like
                            should be re-evaluated given rising costs,
                            bigger budget pools, unused funds, etc.  Can
                            you please come up with a reasonable
                            proposal here and I will take that to the
                            Board for approval to change this guideline?<br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">Should we scrap
                              projects and focus to be a dedicated
                              conference organisation?...thats what  I
                              see is happening whether consciously or
                              not. <br>
                            </blockquote>
                            <br>
                          </div>
                          Your perception is VERY far from the truth. 
                          I've spent the past 8.5 years working with the
                          OWASP Austin chapter and I've seen it grow
                          from literally 3 people in a monthly meeting
                          to around 70.  You, yourself, even said that
                          OWASP is being referenced in major
                          publications and our tools are being used
                          around the globe.  That said, keep in mind
                          that the OWASP mission is one of education,
                          and conferences address that mission
                          directly.  They are also the main fundraiser
                          that helps to make sure that our chapters and
                          projects have the money that they need in
                          order to be successful.<br>
                          <br>
                          <blockquote style="margin:0px 0px 0px
                            0.8ex;border-left:1px solid
                            rgb(204,204,204);padding-left:1ex"
                            class="gmail_quote">Should we scrap
                            conferences and focus to gather those funds
                            to create a better platforms for projects
                            and become the next Apache foundation?<br>
                          </blockquote>
                          <div><br>
                          </div>
                          <div>Where do you think those funds would come
                            from?  By far, the majority of OWASP's
                            annual revenue comes from AppSecUSA and
                            AppSecEU.  To be frank, OWASP would be VERY
                            different if it weren't for our conferences.
                            <br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">Should we use
                              crowdsource for gathering funds for
                              projects through the OWASP foundation?<br>
                            </blockquote>
                            <br>
                          </div>
                          <div>This is not a mutually exclusive
                            solution.  Yes, absolutely, use crowdfunding
                            to gather funds for projects.  Please prove
                            out this model of bringing another revenue
                            source to OWASP.  I would imagine that this
                            is a way that projects would be able to get
                            funds that a chapter never could.  <br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">Project summits =
                              events . Thats what I'm proposing. That
                              Summits are treated like events to
                              generate money for projects so they have
                              also a fair way to generate money as
                              chapters do. They will depend less from
                              sponsors with commercial intentions.<br>
                            </blockquote>
                            <br>
                          </div>
                          <div>OK, but every project summit that we have
                            had thus far has cost OWASP money, not made
                            it.  Speaking as the former Co-Chair of
                            LASCON and AppSecUSA, I can tell you that
                            these types of events are a lot of work and
                            that it is difficult to attract attendees. 
                            Attendees actually barely end up covering
                            their own costs (food, schwag, etc). 
                            Sponsors and trainings are usually the ones
                            who generate the profit for these events. 
                            So, let's say you do a project summit.  How
                            would you intend to attract attendees who
                            are willing to pay for the content?  If not,
                            how would you intend to attract sponsors
                            whose sole purpose in being there is to sell
                            product to the attendees?  Especially if you
                            don't want sponsors with commercial
                            intentions.  You would be lucky if you get
                            enough sponsors to cover costs.  Or, in the
                            situation of every past project summit that
                            we've had, the Foundation ends up covering
                            the difference.  I'm not saying that you
                            shouldn't try to prove out this model.  I'm
                            saying that it hasn't been proven to date. 
                            Also, it's a bit naive to say that chapters
                            leveraging their members and holding a
                            conference isn't "fair".  We should be
                            encouraging as many endeavors as we can at
                            OWASP that spread our mission.  Even more so
                            if they generate additional revenue because
                            that helps to further our mission even more
                            after the conference is over.  Nothing is
                            stopping a project from having a
                            conference.  This isn't a matter of "fair"
                            or "unfair".  It's a matter of a team of
                            people putting in the effort and making it
                            happen.  Please don't trivialize those
                            efforts.<br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">Also more focus on
                              crowdsourcing projects. If people finds it
                              a great idea they will sponsor it.<br>
                            </blockquote>
                            <br>
                          </div>
                          <div>As I said above, I think this is a great
                            idea.  Let's do it!<br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">I will ask the staff
                              to create a survey and ask the community
                              about it.  This is my proposal and based
                              on those results I hope and expect the
                              board to take actions.</blockquote>
                            <br>
                          </div>
                          <div>Ask the staff to create a survey?  Why
                            not make the survey yourself?  What exactly
                            are we surveying and why?  The only thing
                            that I think you've identified as an actual
                            issue preventing projects from operating
                            efficiently is a cap on the amount of
                            funding availing.  That doesn't require a
                            survey to get changed, just a plan and an
                            approval.  I can't guarantee support or
                            action as it depends on the varying opinions
                            of 7 unique individuals, but the Board would
                            certainly evaluate any proposal that is put
                            on the table.<br>
                            <br>
                          </div>
                          <div>~josh<br>
                          </div>
                        </div>
                        <div class="gmail_extra"><br>
                          <div class="gmail_quote">On Mon, Aug 17, 2015
                            at 8:31 PM, johanna curiel curiel <span
                              dir="ltr"><<a moz-do-not-send="true"
                                href="mailto:johanna.curiel@owasp.org"
                                target="_blank">johanna.curiel@owasp.org</a>></span>
                            wrote:<br>
                            <blockquote class="gmail_quote"
                              style="margin:0 0 0 .8ex;border-left:1px
                              #ccc solid;padding-left:1ex">
                              <div dir="ltr">Josh,
                                <div><br>
                                </div>
                                <div>
                                  <div>So far I remember , the idea was
                                    proposed to the board by you and the
                                    board took the decision to implement
                                    Committee 2.0. I believe this was
                                    done with all good intentions but is
                                    not working.</div>
                                  <div><a moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html"
                                      target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html</a><br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>In this same email Sarah
                                    mentions:</div>
                                  <div>
                                    <pre style="white-space:pre-wrap;color:rgb(0,0,0)">The 2008 committees worked, for the most part, independently of each other.
This often created duplicate or even conflicting efforts leading to frustration.</pre>
                                  </div>
                                  <div>Results now: I'm the only
                                    committee called the Project Task
                                    Force.Maybe thats why none wants to
                                    create anymore committees.<br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>Projects are global. They promote
                                    owasp at a global level. What is
                                    OWASP known for? for its chapters?
                                    Its conferences? I strongly believe
                                    OWASP is know for its projects, Code
                                    Review, Testing guide, the Cheat
                                    Sheets, ASVS, ZAP... Many references
                                    in major publications refer to OWASP
                                    top ten and respect them because of
                                    its projects.PCI  and major vendors
                                    use them as reference and
                                    guidelines.</div>
                                  <div><br>
                                  </div>
                                  <div>I would like to see is a better
                                    schema for them to get more
                                    awareness, especially people doing
                                    great things and because of lack of
                                    funds cannot promote their projects.
                                    Chapters are rich ,projects are
                                    poor. That is in my opinion a huge
                                    misbalance. </div>
                                  <div><br>
                                  </div>
                                  <div>The limit of USD2,000- for
                                    supporting a project leader a year
                                    is for most leaders not enough. If a
                                    leader outside US or EU is invited
                                    to blackhat , that amount is not
                                    enough to cover his traveling
                                    expenses.  And thats the maximum he
                                    can have in a year after filling on
                                    forms and going through some
                                    back-and-forth emails with the
                                    staff...</div>
                                  <div><br>
                                  </div>
                                  <div>
                                    <ul>
                                      <li>Should we scrap projects and
                                        focus to be a dedicated
                                        conference organisation?...thats
                                        what  I see is happening whether
                                        consciously or not. <br>
                                      </li>
                                      <li>Should we scrap conferences
                                        and focus to gather those funds
                                        to create a better platforms for
                                        projects and become the next
                                        Apache foundation?<br>
                                      </li>
                                      <li>Should we use crowdsource for
                                        gathering funds for projects
                                        through the OWASP foundation?<br>
                                      </li>
                                    </ul>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>I would like to see a solution to
                                    this or an action.</div>
                                  <div><br>
                                  </div>
                                  <div>
                                    <div>Project summits = events .
                                      Thats what I'm proposing. That
                                      Summits are treated like events to
                                      generate money for projects so
                                      they have also a fair way to
                                      generate money as chapters do.
                                      They will depend less from
                                      sponsors with commercial
                                      intentions.(easier to avoid
                                       Logogate issues and projects with
                                      the intention to promote apssec
                                      companies). Also more focus on
                                      crowdsourcing projects. If people
                                      finds it a great idea they will
                                      sponsor it.</div>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>I will ask the staff to create a
                                    survey and ask the community about
                                    it. This is my proposal and based on
                                    those results I hope and expect the
                                    board to take actions.<br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>regards</div>
                                  <span><font color="#888888">
                                      <div><br>
                                      </div>
                                      <div>Johanna</div>
                                      <div><br>
                                      </div>
                                      <div><br>
                                      </div>
                                    </font></span></div>
                              </div>
                              <div>
                                <div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Mon, Aug
                                      17, 2015 at 7:41 PM, Mario Robles
                                      <span dir="ltr"><<a
                                          moz-do-not-send="true"
                                          class="moz-txt-link-abbreviated"
href="mailto:mario.robles@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:mario.robles@owasp.org">mario.robles@owasp.org</a></a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote"
                                        style="margin:0 0 0
                                        .8ex;border-left:1px #ccc
                                        solid;padding-left:1ex">
                                        <div bgcolor="#FFFFFF"
                                          text="#000000"> Hey Josh,<br>
                                          <br>
                                          I could be wrong but the term
                                          Committee is commonly
                                          associated with "bureaucracy"
                                          even if it's not what you
                                          meant, at least it was the
                                          first thing on top of my head,
                                          I'm sure if you change the
                                          word Committee to something
                                          like "Action Team" it would be
                                          better accepted<br>
                                          <br>
                                          Just my point view,<br>
                                          <br>
                                          Mario
                                          <div>
                                            <div><br>
                                              <div>
                                                <table
                                                  style="font-size:12px">
                                                  <tbody>
                                                    <tr>
                                                      <td><br>
                                                      </td>
                                                      <td> <br>
                                                      </td>
                                                    </tr>
                                                  </tbody>
                                                </table>
                                              </div>
                                              <div>On 17/08/2015 04:21
                                                p.m., Josh Sokol wrote:<br>
                                              </div>
                                            </div>
                                          </div>
                                          <blockquote type="cite">
                                            <div>
                                              <div>
                                                <div dir="ltr">
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <div>
                                                          <blockquote
                                                          style="margin:0px
                                                          0px 0px
                                                          0.8ex;border-left:1px
                                                          solid
                                                          rgb(204,204,204);padding-left:1ex"
class="gmail_quote">I think we need to create Project Summits in the
                                                          form of events
                                                          with the whole
                                                          purpose to
                                                          gather funds
                                                          for projects<br>
                                                          </blockquote>
                                                          <br>
                                                        </div>
                                                        Please forgive
                                                        my ignorance. 
                                                        How does a
                                                        Project Summit
                                                        generate funds
                                                        for project? 
                                                        Every Project
                                                        Summit that we
                                                        have had to date
                                                        has cost the
                                                        Foundation
                                                        money, hasn't
                                                        it?  Can you
                                                        please
                                                        elaborate?<br>
                                                        <br>
                                                        <blockquote
                                                          style="margin:0px
                                                          0px 0px
                                                          0.8ex;border-left:1px
                                                          solid
                                                          rgb(204,204,204);padding-left:1ex"
class="gmail_quote">Look, Denver chapter has around 50K in their bucket.
                                                          The richest
                                                          Project is ZAP
                                                          with 10k...
                                                          but thats is
                                                          the exception.
                                                          Even worse
                                                          when you look
                                                          at chapters
                                                          outside US or
                                                          EU, mine has
                                                          only USD40
                                                          dollars. Most
                                                          projects have
                                                          Zero Dollars.<br>
                                                        </blockquote>
                                                        <br>
                                                      </div>
                                                      I'm not sure I
                                                      understand the
                                                      fixation on what
                                                      other chapters
                                                      have in their
                                                      bucket.  They have
                                                      these funds
                                                      because they
                                                      worked hard to
                                                      obtain them.  In
                                                      the case of
                                                      Denver, they ran
                                                      last year's
                                                      AppSecUSA
                                                      Conference.  Just
                                                      because they have
                                                      money in their
                                                      account, it
                                                      doesn't mean that
                                                      you aren't able to
                                                      do things with the
                                                      $40 you have in
                                                      your account.  It
                                                      just means that
                                                      they have to use
                                                      their account
                                                      funds first before
                                                      being able to use
                                                      money from the
                                                      Foundation pool
                                                      while you would
                                                      need to request
                                                      funds from that
                                                      pool for anything
                                                      over $40.  Any
                                                      sort of
                                                      reallocation just
                                                      moves the "ring
                                                      fenced funds"
                                                      issue to another
                                                      account.  The
                                                      model of chapters
                                                      and projects
                                                      having accounts is
                                                      not what's broken
                                                      here.  It's the
                                                      model of chapters
                                                      and projects
                                                      saving their funds
                                                      instead of
                                                      spending them. 
                                                      This is why I
                                                      voted "no" on the
                                                      Summer of Code
                                                      initiative.  It
                                                      was giving money
                                                      to those who
                                                      already had it and
                                                      not forcing them
                                                      to spend their
                                                      funds first.  In
                                                      any case, I'm not
                                                      sure I understand
                                                      why the amount of
                                                      money Denver has
                                                      in their account
                                                      has any impact on
                                                      any other chapter
                                                      or project other
                                                      than themselves. 
                                                      We have tens of
                                                      thousands of
                                                      dollars allocated
                                                      by the Foundation
                                                      to project and
                                                      chapters on an
                                                      annual basis, much
                                                      of which goes
                                                      completely
                                                      unused.  There is
                                                      money available at
                                                      OWASP for those
                                                      who need it and I
                                                      have yet to hear
                                                      of a situation
                                                      where someone was
                                                      told otherwise.<br>
                                                      <br>
                                                      <blockquote
                                                        style="margin:0px
                                                        0px 0px
                                                        0.8ex;border-left:1px
                                                        solid
                                                        rgb(204,204,204);padding-left:1ex"
class="gmail_quote">Yes but how do they know where to go, that's why the
                                                        survey. The
                                                        survey is the
                                                        compass. And the
                                                        leaders are
                                                        elected to
                                                        listed to the
                                                        community.<br>
                                                      </blockquote>
                                                      <br>
                                                    </div>
                                                    I agree with this
                                                    notion.  The OWASP
                                                    Board should act in
                                                    accordance with the
                                                    desires of the
                                                    community and should
                                                    be doing frequent
                                                    checks to confirm
                                                    that initiatives are
                                                    aligned.<br>
                                                    <br>
                                                    <blockquote
                                                      style="margin:0px
                                                      0px 0px
                                                      0.8ex;border-left:1px
                                                      solid
                                                      rgb(204,204,204);padding-left:1ex"
class="gmail_quote">So the committee concept in theory seemed like a
                                                      great idea but in
                                                      practice is not
                                                      working because in
                                                      my eyes, creating
                                                      a committee is
                                                      creating a mini
                                                      board inside
                                                      OWASP.<br>
                                                    </blockquote>
                                                    <br>
                                                  </div>
                                                  To be honest, I have
                                                  been surprised by the
                                                  lack of desire to
                                                  participate in OWASP
                                                  Committees.  The
                                                  community has said
                                                  that they want
                                                  empowerment and the
                                                  goal of the committees
                                                  was to do that.  But,
                                                  now that it's there,
                                                  nobody wants it?  Your
                                                  example with John Lita
                                                  follows the Committees
                                                  2.0 process almost
                                                  verbatim.  The only
                                                  difference is that it
                                                  provides scoping to
                                                  ensure that we don't
                                                  have competing, or
                                                  even worse,
                                                  conflicting
                                                  initiatives and it
                                                  specifies that the
                                                  individuals involved
                                                  need to work within
                                                  that scope.  Without
                                                  it, you have a loosely
                                                  knit group of people
                                                  running around with
                                                  their own individual
                                                  initiatives.  At that
                                                  level, OWASP is just a
                                                  funding source for
                                                  experimentation, not a
                                                  Foundation.  There is
                                                  no accountability, but
                                                  the liability on the
                                                  Foundation is still
                                                  there.  Legally, we
                                                  can't just have people
                                                  running around
                                                  spending money without
                                                  any form of guidance. 
                                                  <br>
                                                  <br>
                                                  <blockquote
                                                    style="margin:0px
                                                    0px 0px
                                                    0.8ex;border-left:1px
                                                    solid
                                                    rgb(204,204,204);padding-left:1ex"
                                                    class="gmail_quote">
                                                    <div> Allow me  and
                                                      let the staff know
                                                      that they should
                                                      support me and any
                                                      other volunteers
                                                      seeking for
                                                      implementing their
                                                      ideas ;-). </div>
                                                    <div>Lets cut the
                                                      red tape with
                                                      committees and let
                                                      people know that
                                                      if they want to do
                                                      something,</div>
                                                    <ul>
                                                      <li>Contact the
                                                        staff. <br>
                                                      </li>
                                                      <li>Set a survey
                                                        and gather
                                                        support<br>
                                                      </li>
                                                      <li>Need more
                                                        money? Set a
                                                        crowd funding
                                                        project @ <a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext" href="https://www.kickstarter.com"><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a></a>
                                                        under OWASP</li>
                                                      <li>Volunteers
                                                        implement idea
                                                        or project with
                                                        the support of
                                                        owasp staff and
                                                        other volunteers</li>
                                                    </ul>
                                                  </blockquote>
                                                  <p>I'm not sure how
                                                    this is that much
                                                    different from a
                                                    Committee.  Contact
                                                    the community via
                                                    the mailing list and
                                                    gather support,
                                                    scope the activities
                                                    (ie. define the
                                                    project), Board
                                                    ensures that there's
                                                    no conflict, do your
                                                    thing.  The "red
                                                    tape" that you keep
                                                    referring to is just
                                                    a process document
                                                    that walks you
                                                    through how to set
                                                    up a committee. 
                                                    After that's done,
                                                    the idea was to
                                                    empower you to act
                                                    within the defined
                                                    scope without going
                                                    to the Board.  If
                                                    we're talking
                                                    specifically about
                                                    projects, which it
                                                    sounds like this is
                                                    geared towards, then
                                                    it's even easier. 
                                                    Register as a
                                                    project (so that
                                                    staff knows you
                                                    exist and can
                                                    support you) and do
                                                    your thing.  If you
                                                    need money, ask for
                                                    it.  I'm not sure I
                                                    see the problem
                                                    here.  I'm also not
                                                    sure what you're
                                                    asking for as it
                                                    doesn't seem that
                                                    different to me than
                                                    how the status quo
                                                    is supposed to
                                                    operate.  Is it
                                                    operating
                                                    differently in
                                                    practice than it
                                                    should in theory?  I
                                                    don't have an OWASP
                                                    project and so
                                                    perhaps I'm blind to
                                                    the realities.  If
                                                    so, then the
                                                    specific issues need
                                                    to be addressed by
                                                    bylaw change, policy
                                                    change, staff
                                                    engagement, etc.  So
                                                    far, all you've said
                                                    is "projects need
                                                    money", which you
                                                    have access to, and
                                                    "cut the red tape",
                                                    of which I don't see
                                                    anything more than a
                                                    step to say "Hey, I
                                                    want to be a
                                                    project".  Please
                                                    help me to
                                                    understand.<br>
                                                  </p>
                                                  ~josh<br>
                                                </div>
                                                <div class="gmail_extra"><br>
                                                  <div
                                                    class="gmail_quote">On

                                                    Mon, Aug 17, 2015 at
                                                    12:04 PM, johanna
                                                    curiel curiel <span
                                                      dir="ltr"><<a
                                                        moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                                    wrote:<br>
                                                    <blockquote
                                                      class="gmail_quote"
                                                      style="margin:0 0
                                                      0
                                                      .8ex;border-left:1px
                                                      #ccc
                                                      solid;padding-left:1ex">
                                                      <div dir="ltr"><span>
                                                          <div> >I
                                                          don't think
                                                          there is
                                                          anything
                                                          preventing a
                                                          project from
                                                          doing the
                                                          same, but I
                                                          haven't seen
                                                          it done at
                                                          this point.</div>
                                                          <div><br>
                                                          </div>
                                                        </span>
                                                        <div>I think we
                                                          need to create
                                                          Project
                                                          Summits in the
                                                          form of events
                                                          with the whole
                                                          purpose to
                                                          gather funds
                                                          for projects
                                                          .Open samm has
                                                          done this and
                                                          I think we can
                                                          try that. Fo
                                                          that we need
                                                          the support of
                                                          the staff
                                                          Business
                                                          liaison, Event
                                                          manager, just
                                                          as they put
                                                          their work and
                                                          efforts in
                                                          Events and
                                                          appsecs. Here
                                                          cut share
                                                          between OWASp
                                                          staff time and
                                                          projects can
                                                          also be done.</div>
                                                        <span>
                                                          <div><br>
                                                          </div>
                                                          <div> >OWASP

                                                          has a project
                                                          funding
                                                          bucket.</div>
                                                        </span>
                                                        <div>Look,
                                                          Denver chapter
                                                          has around 50K
                                                          in their
                                                          bucket. The
                                                          richest
                                                          Project is ZAP
                                                          with 10k...
                                                          but thats is
                                                          the exception.
                                                          Even worse
                                                          when you look
                                                          at chapters
                                                          outside US or
                                                          EU, mine has
                                                          only USD40
                                                          dollars. Most
                                                          projects have
                                                          Zero Dollars.</div>
                                                        <div>And the
                                                          limits right
                                                          now are a
                                                          support but do
                                                          not help to
                                                          get important
                                                          things moving
                                                          like OWASP
                                                          Academy
                                                          portal,
                                                          Leaders like
                                                          Azzedine
                                                          assist and
                                                          show case his
                                                          chapter or
                                                          project or
                                                          other more
                                                          complex
                                                          initiatives.
                                                          Or major
                                                          improvements
                                                          or promotions
                                                          to their
                                                          projects. <br>
                                                        </div>
                                                        <span>
                                                          <div><br>
                                                          </div>
                                                          <div> 
                                                          >Remember
                                                          that the Board
                                                          is just a
                                                          handful of
                                                          leaders who
                                                          were elected
                                                          to set the
                                                          compass.</div>
                                                        </span>
                                                        <div>  Yes but
                                                          how do they
                                                          know where to
                                                          go, that's why
                                                          the survey.
                                                          The survey is
                                                          the compass.
                                                          And the
                                                          leaders are
                                                          elected to
                                                          listed to the
                                                          community.</div>
                                                        <div><br>
                                                        </div>
                                                        <div>And About
                                                          committees...</div>
                                                        <div>The only
                                                          existing
                                                          active
                                                          committee
                                                          right now is
                                                          the Project
                                                          Review (which
                                                          I still call
                                                          myself a
                                                          taskforce). I
                                                          haven't see
                                                          much
                                                          initiatives or
                                                          participation
                                                          from other
                                                          committees. So
                                                          the committee
                                                          concept in
                                                          theory seemed
                                                          like a great
                                                          idea but in
                                                          practice is
                                                          not working
                                                          because in my
                                                          eyes, creating
                                                          a committee is
                                                          creating a
                                                          mini board
                                                          inside OWASP.
                                                          We do not want
                                                          to create
                                                          oligarchies in
                                                          the end.</div>
                                                        <div><br>
                                                        </div>
                                                        <div>  I thik we
                                                          should cut off
                                                          that comitee
                                                          idea and be
                                                          more
                                                          practical.
                                                          More like this</div>
                                                        <div><br>
                                                        </div>
                                                        <div>  Example:</div>
                                                        <div><br>
                                                        </div>
                                                        <div>
                                                          <ul>
                                                          <li>John Lita
                                                          wants to
                                                          create an
                                                          academy portal
                                                          but developing
                                                          it costs money
                                                          and resources
                                                          that
                                                          volunteers
                                                          alone cannot
                                                          be easy pull
                                                          off(owaspa
                                                          project was
                                                          the same and
                                                          died, just
                                                          like many
                                                          educational
                                                          initiatives)<br>
                                                          </li>
                                                          <li>John must
                                                          create a
                                                          proposal with
                                                          defined goals
                                                          and how to
                                                          reach them. He
                                                          joins other
                                                          volunteers in
                                                          this effort.
                                                          No need to be
                                                          a commitee.<br>
                                                          </li>
                                                          <li> John
                                                          & Claudia
                                                          create a
                                                          survey and
                                                          seek support
                                                          of the
                                                          community<br>
                                                          </li>
                                                          <li>  If the
                                                          idea has major
                                                          feedback and
                                                          volunteers,
                                                          then John has
                                                          the support
                                                          from the staff
                                                          to execute
                                                          including
                                                          looking for
                                                          sponsors using
                                                          crowdsource
                                                          funding
                                                          portals<br>
                                                          </li>
                                                          <li>Staff
                                                          monitors
                                                          development
                                                          and results of
                                                          the actions
                                                          taken<br>
                                                          </li>
                                                          <li>Staff
                                                          reports
                                                          results to the
                                                          community back</li>
                                                          </ul>
                                                        </div>
                                                        <div>This is in
                                                          my eyes how I
                                                          have been
                                                          working in the
                                                          end, because ,
                                                          as volunteers,
                                                          available time
                                                          mostly depends
                                                          on one or 2
                                                          passionate
                                                          individuals
                                                          like
                                                          John-Lita,
                                                          which are more
                                                          dedicated and
                                                          the rest
                                                          follows...<br>
                                                        </div>
                                                        <div><br>
                                                        </div>
                                                        <div>Now if we
                                                          want to change
                                                          things, don't
                                                          tell me to set
                                                          a committee,
                                                          because Josh ,
                                                          this has not
                                                          work so far. </div>
                                                        <div><br>
                                                        </div>
                                                        <div> Allow me
                                                           and let the
                                                          staff know
                                                          that they
                                                          should support
                                                          me and any
                                                          other
                                                          volunteers
                                                          seeking for
                                                          implementing
                                                          their ideas
                                                          ;-). </div>
                                                        <div>Lets cut
                                                          the red tape
                                                          with
                                                          committees and
                                                          let people
                                                          know that if
                                                          they want to
                                                          do something,</div>
                                                        <div>
                                                          <ul>
                                                          <li>Contact
                                                          the staff. <br>
                                                          </li>
                                                          <li>Set a
                                                          survey and
                                                          gather support<br>
                                                          </li>
                                                          <li>Need more
                                                          money? Set a
                                                          crowd funding
                                                          project @ <a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext" href="https://www.kickstarter.com"><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a></a>
                                                          under OWASP</li>
                                                          <li>Volunteers
                                                          implement idea
                                                          or project
                                                          with the
                                                          support of
                                                          owasp staff
                                                          and other
                                                          volunteers</li>
                                                          </ul>
                                                          <div>How do we
                                                          get this idea
                                                          to action? </div>
                                                          <div>Shall we
                                                          create a
                                                          survey? </div>
                                                          <div>Do you
                                                          need to
                                                          discuss this
                                                          on a board
                                                          meeting?</div>
                                                        </div>
                                                        <div>How do I
                                                          get empowered
                                                          and let the
                                                          staff know
                                                          that as a
                                                          volunteer I
                                                          have your
                                                          support for
                                                          this?(if I
                                                          do? </div>
                                                        <div><br>
                                                        </div>
                                                        <div>You
                                                          see...how
                                                          dependable I'm
                                                          from the board
                                                          to be able to
                                                          execute?</div>
                                                        <div><br>
                                                        </div>
                                                        <div>Off course
                                                          I can always
                                                          do this on my
                                                          own but them I
                                                          better do it
                                                          without
                                                          OWASP...</div>
                                                        <div><br>
                                                        </div>
                                                        <div>Regards</div>
                                                        <span><font
                                                          color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          </font></span></div>
                                                      <div>
                                                        <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On

                                                          Mon, Aug 17,
                                                          2015 at 10:55
                                                          AM, Josh Sokol
                                                          <span
                                                          dir="ltr"><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:josh.sokol@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0

                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>Johanna,<br>
                                                          <br>
                                                          </div>
                                                          Thank you for
                                                          putting your
                                                          thoughts out
                                                          there for
                                                          everyone. 
                                                          Silence is not
                                                          good for
                                                          anyone and
                                                          OWASP will be
                                                          far more
                                                          successful if
                                                          we know what
                                                          our leaders
                                                          are struggling
                                                          with and make
                                                          a conscious
                                                          effort to
                                                          improve it.  I
                                                          think that
                                                          many of your
                                                          points are
                                                          very valid and
                                                          strongly
                                                          support the
                                                          idea of polls
                                                          to gauge
                                                          community
                                                          support for
                                                          actions being
                                                          taken.  I also
                                                          support the
                                                          idea that the
                                                          Board should
                                                          be making as
                                                          few of these
                                                          decisions as
                                                          possible and
                                                          putting the
                                                          power back in
                                                          the hands of
                                                          the community
                                                          with support
                                                          from the
                                                          staff.  The
                                                          Board should
                                                          be the
                                                          "compass"
                                                          making sure
                                                          that we are
                                                          moving in the
                                                          right
                                                          direction with
                                                          the community
                                                          and staff
                                                          being the ones
                                                          actually
                                                          pushing us
                                                          forward. 
                                                          That's not to
                                                          say that
                                                          members of the
                                                          Board won't
                                                          have their own
                                                          projects or
                                                          initiatives,
                                                          but they do so
                                                          as part of the
                                                          community, not
                                                          because of
                                                          their roles on
                                                          the Board. 
                                                          The Committees
                                                          2.0 framework
                                                          was a first
                                                          step in
                                                          driving this
                                                          level of
                                                          empowerment
                                                          back to the
                                                          community
                                                          while
                                                          maintaining
                                                          accountability
                                                          and providing
                                                          appropriately
                                                          scoped
                                                          actions.  My
                                                          impression was
                                                          that the
                                                          Projects
                                                          Committee was
                                                          rolling
                                                          forward quite
                                                          well under
                                                          this guidance,
                                                          but it sounds
                                                          like maybe I
                                                          was wrong. 
                                                          Are there
                                                          specific
                                                          actions that
                                                          you have tried
                                                          to take on the
                                                          committee that
                                                          got blocked by
                                                          the Board or
                                                          hung up in
                                                          "red tape"? 
                                                          Are there
                                                          needs for
                                                          funding that
                                                          haven't been
                                                          met?<br>
                                                          <br>
                                                          </div>
                                                          Regarding the
                                                          project vs
                                                          chapter
                                                          funding
                                                          schemas, I'm
                                                          not sure that
                                                          there is a
                                                          good answer. 
                                                          Projects are
                                                          typically made
                                                          up of a pocket
                                                          of
                                                          individuals. 
                                                          Typically one
                                                          leader with
                                                          sometimes one
                                                          or two others
                                                          assisting. 
                                                          Chapters are
                                                          typically
                                                          anywhere from
                                                          20 people to
                                                          hundreds.  We
                                                          provide
                                                          members with
                                                          the ability to
                                                          allocate their
                                                          funds to
                                                          either, but
                                                          most associate
                                                          themselves
                                                          with a chapter
                                                          rather than a
                                                          project
                                                          because that's
                                                          where they
                                                          participate. 
                                                          We also have
                                                          chapters
                                                          putting on
                                                          conferences
                                                          with the goal
                                                          of raising
                                                          funds.  I
                                                          don't think
                                                          there is
                                                          anything
                                                          preventing a
                                                          project from
                                                          doing the
                                                          same, but I
                                                          haven't seen
                                                          it done at
                                                          this point. 
                                                          Those are the
                                                          two main ways
                                                          that I see
                                                          chapters
                                                          raising
                                                          money.  Yes,
                                                          there is
                                                          certainly a
                                                          difference in
                                                          schemas and
                                                          projects will
                                                          have a more
                                                          difficult
                                                          time, but
                                                          that's also
                                                          why OWASP has
                                                          a project
                                                          funding
                                                          bucket.  Money
                                                          from these
                                                          local events
                                                          as well as
                                                          funds raised
                                                          by our AppSec
                                                          conferences
                                                          gets budgeted
                                                          specifically
                                                          for this
                                                          purpose.  To
                                                          my knowledge,
                                                          no reasonable
                                                          request for
                                                          funds by
                                                          projects has
                                                          been denied. 
                                                          Just because
                                                          there isn't
                                                          money sitting
                                                          "ring fenced"
                                                          in an account
                                                          for the
                                                          projects,
                                                          doesn't mean
                                                          that there
                                                          isn't money
                                                          that can be
                                                          spent.  It
                                                          just means
                                                          that it needs
                                                          to be
                                                          requested from
                                                          the pool. 
                                                          Yes, it's a
                                                          different
                                                          model of
                                                          funding, but
                                                          the end result
                                                          is the same. 
                                                          There are
                                                          funds
                                                          available at
                                                          OWASP for
                                                          everyone who
                                                          needs them.<br>
                                                          <br>
                                                          </div>
                                                          There are
                                                          obviously many
                                                          things that
                                                          need to be
                                                          improved at
                                                          OWASP and,
                                                          unfortunately,
                                                          the Board has
                                                          been tied up
                                                          in rules,
                                                          events,
                                                          bylaws, etc
                                                          for a while
                                                          now.  It's
                                                          definitely not
                                                          the "fun" part
                                                          of the job and
                                                          it is very
                                                          time
                                                          consuming. 
                                                          That said, I
                                                          would argue
                                                          that these are
                                                          the things
                                                          that need to
                                                          be changed in
                                                          order for
                                                          everyone else
                                                          (staff,
                                                          community,
                                                          etc) to be
                                                          able to be
                                                          better
                                                          served.  We've
                                                          made several
                                                          changes to the
                                                          Bylaws and are
                                                          working on
                                                          more.  We've
                                                          hired an
                                                          Executive
                                                          Director
                                                          (Paul), an
                                                          Event Manager
                                                          (Laura), a
                                                          Community
                                                          Manager
                                                          (Noreen), and
                                                          a Project
                                                          Coordinator
                                                          (Claudia) just
                                                          in the almost
                                                          two years that
                                                          I've been on
                                                          the Board. 
                                                          The needle on
                                                          the compass is
                                                          set and, while
                                                          it takes some
                                                          time to right
                                                          the ship, we
                                                          are getting
                                                          there by
                                                          giving our
                                                          community the
                                                          support it
                                                          requires to be
                                                          successful. 
                                                          So, here's my
                                                          general
                                                          thought:<br>
                                                          <br>
                                                          </div>
                                                          1) If it's
                                                          within the
                                                          scope of a
                                                          defined
                                                          Committee,
                                                          JUST DO IT!<br>
                                                          <br>
                                                          </div>
                                                          2) If there's
                                                          no Committee
                                                          defined for
                                                          it, CREATE
                                                          ONE, then JUST
                                                          DO IT!<br>
                                                          <br>
                                                          </div>
                                                          3) If a
                                                          Committee
                                                          doesn't make
                                                          sense, ASK THE
                                                          STAFF FOR IT!<br>
                                                          <br>
                                                          </div>
                                                          4) If asking
                                                          the staff
                                                          isn't working
                                                          or we need to
                                                          change a
                                                          policy to make
                                                          it happen, LET
                                                          THE BOARD
                                                          KNOW!<br>
                                                          <br>
                                                          </div>
                                                          The Board
                                                          should be the
                                                          last resort,
                                                          in my opinion,
                                                          not the
                                                          first.  We
                                                          should be the
                                                          enabler, not
                                                          the
                                                          bottleneck.  I
                                                          think that our
                                                          leaders make
                                                          too many
                                                          assumptions
                                                          (probably
                                                          based on past
                                                          Board actions)
                                                          about what
                                                          needs to go to
                                                          the Board and
                                                          we need to get
                                                          away from
                                                          that. 
                                                          Remember that
                                                          the Board is
                                                          just a handful
                                                          of leaders who
                                                          were elected
                                                          to set the
                                                          compass.  We
                                                          have a finite
                                                          number of
                                                          things that we
                                                          can handle and
                                                          our Board
                                                          meetings are
                                                          typically
                                                          overflowing
                                                          with topics. 
                                                          So, if
                                                          something is
                                                          bothering you,
                                                          I would
                                                          encourage you
                                                          to change it. 
                                                          That's why,
                                                          with the David
                                                          Rook
                                                          situation, I
                                                          encouraged
                                                          creation of a
                                                          new Committee
                                                          to determine a
                                                          reasonable
                                                          solution.  If
                                                          it requires a
                                                          policy change
                                                          by the Board,
                                                          then we can
                                                          vote on that,
                                                          but asking the
                                                          Board to take
                                                          action just
                                                          perpetuates
                                                          the oligarchy
                                                          that you
                                                          mention in
                                                          your e-mail. 
                                                          Instead of
                                                          pushing these
                                                          issues up to
                                                          the Board for
                                                          action, let's
                                                          have the
                                                          community
                                                          DECIDE what
                                                          they want and
                                                          have the Board
                                                          change the
                                                          compass needle
                                                          via bylaws,
                                                          policies, and
                                                          staff
                                                          discussions,
                                                          accordingly. 
                                                          At least,
                                                          that's my
                                                          vision for
                                                          OWASP.  Is
                                                          that something
                                                          that you can
                                                          get on board
                                                          with?<span><font
color="#888888"><br>
                                                          <br>
                                                          </font></span></div>
                                                          <span><font
                                                          color="#888888">~josh<br>
                                                          </font></span></div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Aug 17, 2015
                                                          at 8:11 AM,
                                                          johanna curiel
                                                          curiel <span
                                                          dir="ltr"><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:johanna.curiel@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0

                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Members

                                                          of the board,
                                                          <div><br>
                                                          </div>
                                                          <div>With the
                                                          recent issue
                                                          regarding
                                                          David Rook,
                                                          and my latest
                                                          experience
                                                          with red-tape,
                                                          I'm proposing
                                                          the following.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>My goals
                                                          is to call
                                                          your attention
                                                          to these
                                                          issues which I
                                                          have been
                                                          observing for
                                                          a years and
                                                          not as a
                                                          critique to
                                                          your work, but
                                                          I think if you
                                                          do not pay
                                                          attention to
                                                          these issues
                                                          and DO
                                                          something
                                                          about them,
                                                          OWASP will
                                                          loose valuable
                                                          community
                                                          participation.</div>
                                                          <div>
                                                          <ul>
                                                          <li>When an
                                                          initiative is
                                                          proposed or
                                                          launched by a
                                                          member of the
                                                          board, this
                                                          should be
                                                          followed up by
                                                          a survey where
                                                          the community
                                                          can
                                                          vote.Wether is
                                                          a rule or
                                                          money, these
                                                          decisions
                                                          should be
                                                          taken based on
                                                          collected data
                                                          and proper
                                                          substantiation
                                                          to avoid
                                                          oligarchy </li>
                                                          <li>When an
                                                          initiative is
                                                          launched by a
                                                          member of the
                                                          community,
                                                          especially
                                                          when this
                                                          initiative
                                                          cost more than
                                                          10k, it should
                                                          be
                                                          substantiated
                                                          with data how
                                                          this
                                                          initiative
                                                          will benefit
                                                          the community.
                                                          Also should be
                                                          followed by a
                                                          survey</li>
                                                          <li>Staff
                                                          should help
                                                          creating the
                                                          survey and
                                                          analyse the
                                                          votes</li>
                                                          <li><b>In
                                                          other words:
                                                          do more survey
                                                          to find out
                                                          what the
                                                          community
                                                          needs and
                                                          wants.</b></li>
                                                          </ul>
                                                          <div>My
                                                          observations
                                                          and where I
                                                          think you need
                                                          to give more
                                                          attention:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <ul>
                                                          <li>Board/Executive

                                                          director
                                                          should work
                                                          closer with
                                                          the staff for
                                                          guidance and
                                                          empowering
                                                          their role. I
                                                          have the
                                                          feeling that
                                                          the staff is
                                                          paralysed
                                                          waiting for
                                                          instructions
                                                          or following
                                                          strict rules.
                                                          The staff
                                                          should be
                                                          motivated to
                                                          take
                                                          initiative and
                                                          implement
                                                          projects on
                                                          their own that
                                                          can help the
                                                          community.
                                                          They should
                                                          not be too
                                                          dependent on
                                                          an Executive
                                                          director or
                                                          member of the
                                                          board for this
                                                          part</li>
                                                          </ul>
                                                          </div>
                                                          </div>
                                                          <div>As I see
                                                          it ,OWASP is
                                                          known for his
                                                          Projects &
                                                          Chapter
                                                          leaders which
                                                          as volunteers
                                                          have
                                                          contributed
                                                          the most to
                                                          set OWASP on
                                                          the spotlight.
                                                          Therefore:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <ul>
                                                          <li>You should
                                                          determine and
                                                          implement
                                                          better ways
                                                           to provide
                                                          better funding
                                                          schemas for
                                                          projects .
                                                          This is
                                                          something a
                                                          volunteer
                                                          cannot do. And
                                                          <i>nothing</i>
                                                          has been done
                                                          to help  solve
                                                          this issue</li>
                                                          <li>There is
                                                          an unfair
                                                          inequality in
                                                          the way
                                                          chapters can
                                                          generate funds
                                                          vs Projects.</li>
                                                          <li>Money is
                                                          locked down in
                                                          the chapters
                                                          budget</li>
                                                          <li>Chapters
                                                          outside US
                                                          & EU have
                                                          more struggles
                                                          to find
                                                          support. You
                                                          should
                                                          consider a way
                                                          to support
                                                          better these
                                                          ones since
                                                          their
                                                          countries are
                                                          not developed
                                                          in the area of
                                                          security as
                                                          countries in
                                                          EU and US.<br>
                                                          </li>
                                                          <li>Follow up:
                                                          when issues
                                                          like David
                                                          Rook or a
                                                          volunteer
                                                          rants(like me
                                                          or others )
                                                          out of
                                                          frustation,
                                                          take action.
                                                          Put it in the
                                                          agenda and try
                                                          to solve and
                                                          discuss the
                                                          issues to
                                                          improve the
                                                          actual
                                                          problems. So
                                                          far I have
                                                          seen very
                                                          little follow
                                                          up on major
                                                          issues and
                                                          discussions
                                                          raised in the
                                                          mailing lists</li>
                                                          <li>Way to
                                                          much attention
                                                          to rules, <i>events</i>
                                                          and bylaws
                                                          etc. Time to
                                                          take action
                                                          and take
                                                          decisions and
                                                          propose plans
                                                          for
                                                          improvements
                                                          of the actual
                                                          situation
                                                          above
                                                          mentioned</li>
                                                          </ul>
                                                          <div>Being
                                                          that said, and
                                                          with all due
                                                          respect to
                                                          you, I hope
                                                          that you can
                                                          take actions
                                                          and <i>execute</i>
                                                          improvements
                                                          that have been
                                                          an issue since
                                                          I joined OWASP
                                                          3 years ago.</div>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards</div>
                                                          <span><font
                                                          color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </font></span></div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          <span>_______________________________________________<br>
                                                          Governance
                                                          mailing list<br>
                                                          <a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:Governance@lists.owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a></a><br>
                                                          <a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="https://lists.owasp.org/mailman/listinfo/governance"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a></a><br>
                                                          <br>
                                                          </span></blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                        </div>
                                                      </div>
                                                    </blockquote>
                                                  </div>
                                                  <br>
                                                </div>
                                                <br>
                                                <fieldset></fieldset>
                                                <br>
                                              </div>
                                            </div>
                                            <pre>_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
                                          </blockquote>
                                          <br>
                                        </div>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                </div>
                              </div>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                      </div>
                    </blockquote>
                    <blockquote type="cite">
                      <div><span>_______________________________________________</span><br>
                        <span>Governance mailing list</span><br>
                        <span><a moz-do-not-send="true"
                            href="mailto:Governance@lists.owasp.org"
                            target="_blank">Governance@lists.owasp.org</a></span><br>
                        <span><a moz-do-not-send="true"
                            href="https://lists.owasp.org/mailman/listinfo/governance"
                            target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a></span><br>
                      </div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Owasp-board mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
      </blockquote>
      <br>
      <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  </body>
</html>