[Owasp-board] [Global_conference_committee] Loss from AppSec Asia

Sarah Baso sarah.baso at owasp.org
Wed Dec 7 20:24:10 UTC 2011


Mark -
Can you clarify why AppSec AsiaPac 2011 was an anomaly?  Also what makes
this a partner event vs. 100% OWASP event?  I want to make sure we are all
on the same page and those hosting the event in China understand the
difference as well.

The "other organization" involved - SecZone - plans to continue handling
OWASP-related money in China and if they want to do an event like this in
the future, what would they do differently to not make it a partner event?

I also think it is important to separate the event definitions and "lessons
learned" from this conference from the larger issues of: How can OWASP
maintain financial transparency for international events (especially large
ones like this)?  and What policies can OWASP put into place to protect
ourselves from future unanticipated losses at events (especially large ones
like this)?

I think these two questions/issues important for the Foundation to look at
as we move more and more into bring an international organization.

Sarah



On Wed, Dec 7, 2011 at 1:46 PM, Mark Bristow <mark.bristow at owasp.org> wrote:

> So before we get to far down this road.  AppSecASIAPAC was an anomoly.
>  GCC (at least I) was not aware that there was another organization
> involved until VERY late in the game (weeks before the event).
> Technically it should have been classified as a partner event, where a
> contract between our two organizations would have been signed (by the
> board) up front, clearly identifiying these issues.
>
> In this case, this was presented as a 100% OWASP event when it reality
> it was not.  That's the root of the problem here and unlike LATAM the
> other organization is more "partner" than "contractor".
>
> On Wed, Dec 7, 2011 at 1:50 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
> > I agree with capping the loss. I also think we should have some more
> strict
> > budget requirements for global appsec conferences, especially when we
> have
> > 3rd parties handling the money.  If Alison is the one making payments and
> > accepting money, we can check in with her at any point to find out the
> > status of an event; however, we don't have this visibility/transparency
> > right now with the 3rd parties.
> >
> > I think before we go forward with signing contracts for 2012 events
> > (especially in Latin America and AsiaPac where they have not run the
> money
> > through the Foundation), we should discuss and decide on  a policy for
> this.
> >
> > Sarah
> >
> >
> > On Wed, Dec 7, 2011 at 12:45 PM, Eoin <eoin.keary at owasp.org> wrote:
> >>
> >> Matt ,
> >> As treasurer what are your thoughts on limiting liability for losses at
> >> global conferences. My view is If we don't do this we are leaving the
> >> foundation exposed. Such a cap should be in a contract signed by the
> >> conference organisers?? It can be a % or a figure, but right now are we
> in a
> >> position if unlimited liability??
> >> Anyone, thoughts??
> >>
> >>
> >>
> >>
> >> On 7 Dec 2011, at 18:19, Sarah Baso <sarah.baso at owasp.org> wrote:
> >>
> >> Alison -
> >> Can you find look to see (or maybe you know off the top of your head) if
> >> we sent any down payment or money (other than the approx. $3222 sent
> >> recently to cover hotel costs) to China for this conference.  It
> probably
> >> would have been in late July or August of this year?
> >>
> >> They are currently at a $16,166.22 loss, but Frank Fan's company
> >> (DBAppSecurity) still owes $4742 and SecZone has said they can cover
> about
> >> $6,000 of the loss. The leaves about $5,500 for us to possibly cover.  I
> >> want to make sure we have a full financial picture of what we have paid
> >> before anything is decided though.
> >>
> >> Thanks,
> >> Sarah
> >>
> >> On Wed, Dec 7, 2011 at 9:41 AM, Mark Bristow <mark.bristow at owasp.org>
> >> wrote:
> >>>
> >>> I believe some of the loss will be realized by each party
> >>>
> >>> -Mark
> >>>
> >>> Sent from my wireless device
> >>>
> >>> On Dec 7, 2011, at 10:33 AM, "Kate Hartmann" <kate.hartmann at owasp.org>
> >>> wrote:
> >>>
> >>> I know there is a documented loss for AppSec Asia for 2011.  Is the
> >>> foundation expected to reimburse SecZone for this loss?  What was the
> >>> agreement for the financials for this event.  I know that much of this
> has
> >>> come from Rip’s personal account.
> >>>
> >>>
> >>>
> >>> We need to clear this up before the end of the year.
> >>>
> >>>
> >>>
> >>> Kate Hartmann
> >>>
> >>> Operations Director
> >>>
> >>> 301-275-9403
> >>>
> >>> www.owasp.org
> >>>
> >>> Skype:  Kate.hartmann1
> >>>
> >>>
> >>>
> >>> <Copy of OWASP 2011 Appsec Asia cost-1128.xlsx>
> >>>
> >>> _______________________________________________
> >>> Global_conference_committee mailing list
> >>> Global_conference_committee at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >>>
> >>>
> >>> _______________________________________________
> >>> Global_conference_committee mailing list
> >>> Global_conference_committee at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >>>
> >>
> >>
> >>
> >> --
> >> Administrator for
> >> OWASP Global Conference Committee
> >> OWASP Global Chapter Committee
> >>
> >> Dir: 312-869-2779
> >> skype: sarah.baso
> >>
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >
> >
> >
> >
> > --
> > Administrator for
> > OWASP Global Conference Committee
> > OWASP Global Chapter Committee
> >
> > Dir: 312-869-2779
> > skype: sarah.baso
> >
> >
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>



-- 
Administrator for
OWASP Global Conference Committee
OWASP Global Chapter Committee

Dir: 312-869-2779
skype: sarah.baso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20111207/a5d66864/attachment-0002.html>


More information about the Owasp-board mailing list