[Owasp-board] [Global_conference_committee] Loss from AppSec Asia

Mark Bristow mark.bristow at owasp.org
Thu Dec 8 00:22:28 UTC 2011 

For multi party contracts that might be appropriate.  Not OWASP only events

-Mark

Sent from my wireless device

On Dec 7, 2011, at 6:59 PM, Eoin <eoin.keary at owasp.org> wrote:

> Mark,
> Nothing replaces a liability cap written into a contract and signed by both parties.
> 
> 
> 
> 
> 
> On 7 Dec 2011, at 19:01, Mark Bristow <mark.bristow at owasp.org> wrote:
> 
>> Eoin,
>> 
>> Liability limitations is the point of the OCMS process and budgetary
>> review however I think the system could be made more robust.
>> Currently planners are only required to submit initial budgets for
>> review by the GCC and are supposed to get all major contracts signed
>> by the GCC liasion (although there have been several issues getting
>> this authority granted).  Once the initial budgets are reviewed, there
>> are no requirements for followup (it is often requested) or any
>> additional checks when funds are dispersed.
>> 
>> I'd propose that, for Global AppSecs we:
>> Require initial budgets as described for approvals
>> Require events report actual expendatures/revised budgets monthly
>> Have all expendatures not within the origional budget for that line
>> item be approved by the GCC liasion (and updated on subsequent
>> projections)
>> 
>> I think adding some of these basic controls would have alieviated this
>> issue.  However, on the other side of the issue we need to actually
>> enforce these rules which may be dificult.
>> 
>> On Wed, Dec 7, 2011 at 1:45 PM, Eoin <eoin.keary at owasp.org> wrote:
>>> Matt ,
>>> As treasurer what are your thoughts on limiting liability for losses at
>>> global conferences. My view is If we don't do this we are leaving the
>>> foundation exposed. Such a cap should be in a contract signed by the
>>> conference organisers?? It can be a % or a figure, but right now are we in a
>>> position if unlimited liability??
>>> Anyone, thoughts??
>>> 
>>> 
>>> 
>>> 
>>> On 7 Dec 2011, at 18:19, Sarah Baso <sarah.baso at owasp.org> wrote:
>>> 
>>> Alison -
>>> Can you find look to see (or maybe you know off the top of your head) if we
>>> sent any down payment or money (other than the approx. $3222 sent recently
>>> to cover hotel costs) to China for this conference.  It probably would have
>>> been in late July or August of this year?
>>> 
>>> They are currently at a $16,166.22 loss, but Frank Fan's company
>>> (DBAppSecurity) still owes $4742 and SecZone has said they can cover about
>>> $6,000 of the loss. The leaves about $5,500 for us to possibly cover.  I
>>> want to make sure we have a full financial picture of what we have paid
>>> before anything is decided though.
>>> 
>>> Thanks,
>>> Sarah
>>> 
>>> On Wed, Dec 7, 2011 at 9:41 AM, Mark Bristow <mark.bristow at owasp.org> wrote:
>>>> 
>>>> I believe some of the loss will be realized by each party
>>>> 
>>>> -Mark
>>>> 
>>>> Sent from my wireless device
>>>> 
>>>> On Dec 7, 2011, at 10:33 AM, "Kate Hartmann" <kate.hartmann at owasp.org>
>>>> wrote:
>>>> 
>>>> I know there is a documented loss for AppSec Asia for 2011.  Is the
>>>> foundation expected to reimburse SecZone for this loss?  What was the
>>>> agreement for the financials for this event.  I know that much of this has
>>>> come from Rip’s personal account.
>>>> 
>>>> 
>>>> 
>>>> We need to clear this up before the end of the year.
>>>> 
>>>> 
>>>> 
>>>> Kate Hartmann
>>>> 
>>>> Operations Director
>>>> 
>>>> 301-275-9403
>>>> 
>>>> www.owasp.org
>>>> 
>>>> Skype:  Kate.hartmann1
>>>> 
>>>> 
>>>> 
>>>> <Copy of OWASP 2011 Appsec Asia cost-1128.xlsx>
>>>> 
>>>> _______________________________________________
>>>> Global_conference_committee mailing list
>>>> Global_conference_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Global_conference_committee mailing list
>>>> Global_conference_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Administrator for
>>> OWASP Global Conference Committee
>>> OWASP Global Chapter Committee
>>> 
>>> Dir: 312-869-2779
>>> skype: sarah.baso
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>> 
>> 
>> 
>> -- 
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>> 
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org

More information about the Owasp-board mailing list