[Owasp-board] [Global_conference_committee] Loss from AppSec Asia

Eoin eoin.keary at owasp.org
Wed Dec 7 23:59:47 UTC 2011


Mark,
Nothing replaces a liability cap written into a contract and signed by both parties.



 

On 7 Dec 2011, at 19:01, Mark Bristow <mark.bristow at owasp.org> wrote:

> Eoin,
> 
> Liability limitations is the point of the OCMS process and budgetary
> review however I think the system could be made more robust.
> Currently planners are only required to submit initial budgets for
> review by the GCC and are supposed to get all major contracts signed
> by the GCC liasion (although there have been several issues getting
> this authority granted).  Once the initial budgets are reviewed, there
> are no requirements for followup (it is often requested) or any
> additional checks when funds are dispersed.
> 
> I'd propose that, for Global AppSecs we:
> Require initial budgets as described for approvals
> Require events report actual expendatures/revised budgets monthly
> Have all expendatures not within the origional budget for that line
> item be approved by the GCC liasion (and updated on subsequent
> projections)
> 
> I think adding some of these basic controls would have alieviated this
> issue.  However, on the other side of the issue we need to actually
> enforce these rules which may be dificult.
> 
> On Wed, Dec 7, 2011 at 1:45 PM, Eoin <eoin.keary at owasp.org> wrote:
>> Matt ,
>> As treasurer what are your thoughts on limiting liability for losses at
>> global conferences. My view is If we don't do this we are leaving the
>> foundation exposed. Such a cap should be in a contract signed by the
>> conference organisers?? It can be a % or a figure, but right now are we in a
>> position if unlimited liability??
>> Anyone, thoughts??
>> 
>> 
>> 
>> 
>> On 7 Dec 2011, at 18:19, Sarah Baso <sarah.baso at owasp.org> wrote:
>> 
>> Alison -
>> Can you find look to see (or maybe you know off the top of your head) if we
>> sent any down payment or money (other than the approx. $3222 sent recently
>> to cover hotel costs) to China for this conference.  It probably would have
>> been in late July or August of this year?
>> 
>> They are currently at a $16,166.22 loss, but Frank Fan's company
>> (DBAppSecurity) still owes $4742 and SecZone has said they can cover about
>> $6,000 of the loss. The leaves about $5,500 for us to possibly cover.  I
>> want to make sure we have a full financial picture of what we have paid
>> before anything is decided though.
>> 
>> Thanks,
>> Sarah
>> 
>> On Wed, Dec 7, 2011 at 9:41 AM, Mark Bristow <mark.bristow at owasp.org> wrote:
>>> 
>>> I believe some of the loss will be realized by each party
>>> 
>>> -Mark
>>> 
>>> Sent from my wireless device
>>> 
>>> On Dec 7, 2011, at 10:33 AM, "Kate Hartmann" <kate.hartmann at owasp.org>
>>> wrote:
>>> 
>>> I know there is a documented loss for AppSec Asia for 2011.  Is the
>>> foundation expected to reimburse SecZone for this loss?  What was the
>>> agreement for the financials for this event.  I know that much of this has
>>> come from Rip’s personal account.
>>> 
>>> 
>>> 
>>> We need to clear this up before the end of the year.
>>> 
>>> 
>>> 
>>> Kate Hartmann
>>> 
>>> Operations Director
>>> 
>>> 301-275-9403
>>> 
>>> www.owasp.org
>>> 
>>> Skype:  Kate.hartmann1
>>> 
>>> 
>>> 
>>> <Copy of OWASP 2011 Appsec Asia cost-1128.xlsx>
>>> 
>>> _______________________________________________
>>> Global_conference_committee mailing list
>>> Global_conference_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>> 
>>> 
>>> _______________________________________________
>>> Global_conference_committee mailing list
>>> Global_conference_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>> 
>> 
>> 
>> 
>> --
>> Administrator for
>> OWASP Global Conference Committee
>> OWASP Global Chapter Committee
>> 
>> Dir: 312-869-2779
>> skype: sarah.baso
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org



More information about the Owasp-board mailing list