[Owasp-board] [Global_conference_committee] Loss from AppSec Asia

Mark Bristow mark.bristow at owasp.org
Thu Dec 8 10:50:42 UTC 2011


Eoin,

If OWASP is the only party involved, who would make up the liability over and beyond the cap?  There is no one else unless you mean the planners personally should be liable.  Something id strongly oppose.

-Mark

Sent from my wireless device

On Dec 8, 2011, at 2:40 AM, Eoin Keary <eoinkeary at gmail.com> wrote:

> Mark I disagree. I am happy to go with the majority decision.
> 
> 
> 
> 
> On 8 Dec 2011, at 00:22, Mark Bristow <mark.bristow at owasp.org> wrote:
> 
>> For multi party contracts that might be appropriate.  Not OWASP only events
>> 
>> -Mark
>> 
>> Sent from my wireless device
>> 
>> On Dec 7, 2011, at 6:59 PM, Eoin <eoin.keary at owasp.org> wrote:
>> 
>>> Mark,
>>> Nothing replaces a liability cap written into a contract and signed by both parties.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 7 Dec 2011, at 19:01, Mark Bristow <mark.bristow at owasp.org> wrote:
>>> 
>>>> Eoin,
>>>> 
>>>> Liability limitations is the point of the OCMS process and budgetary
>>>> review however I think the system could be made more robust.
>>>> Currently planners are only required to submit initial budgets for
>>>> review by the GCC and are supposed to get all major contracts signed
>>>> by the GCC liasion (although there have been several issues getting
>>>> this authority granted).  Once the initial budgets are reviewed, there
>>>> are no requirements for followup (it is often requested) or any
>>>> additional checks when funds are dispersed.
>>>> 
>>>> I'd propose that, for Global AppSecs we:
>>>> Require initial budgets as described for approvals
>>>> Require events report actual expendatures/revised budgets monthly
>>>> Have all expendatures not within the origional budget for that line
>>>> item be approved by the GCC liasion (and updated on subsequent
>>>> projections)
>>>> 
>>>> I think adding some of these basic controls would have alieviated this
>>>> issue.  However, on the other side of the issue we need to actually
>>>> enforce these rules which may be dificult.
>>>> 
>>>> On Wed, Dec 7, 2011 at 1:45 PM, Eoin <eoin.keary at owasp.org> wrote:
>>>>> Matt ,
>>>>> As treasurer what are your thoughts on limiting liability for losses at
>>>>> global conferences. My view is If we don't do this we are leaving the
>>>>> foundation exposed. Such a cap should be in a contract signed by the
>>>>> conference organisers?? It can be a % or a figure, but right now are we in a
>>>>> position if unlimited liability??
>>>>> Anyone, thoughts??
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On 7 Dec 2011, at 18:19, Sarah Baso <sarah.baso at owasp.org> wrote:
>>>>> 
>>>>> Alison -
>>>>> Can you find look to see (or maybe you know off the top of your head) if we
>>>>> sent any down payment or money (other than the approx. $3222 sent recently
>>>>> to cover hotel costs) to China for this conference.  It probably would have
>>>>> been in late July or August of this year?
>>>>> 
>>>>> They are currently at a $16,166.22 loss, but Frank Fan's company
>>>>> (DBAppSecurity) still owes $4742 and SecZone has said they can cover about
>>>>> $6,000 of the loss. The leaves about $5,500 for us to possibly cover.  I
>>>>> want to make sure we have a full financial picture of what we have paid
>>>>> before anything is decided though.
>>>>> 
>>>>> Thanks,
>>>>> Sarah
>>>>> 
>>>>> On Wed, Dec 7, 2011 at 9:41 AM, Mark Bristow <mark.bristow at owasp.org> wrote:
>>>>>> 
>>>>>> I believe some of the loss will be realized by each party
>>>>>> 
>>>>>> -Mark
>>>>>> 
>>>>>> Sent from my wireless device
>>>>>> 
>>>>>> On Dec 7, 2011, at 10:33 AM, "Kate Hartmann" <kate.hartmann at owasp.org>
>>>>>> wrote:
>>>>>> 
>>>>>> I know there is a documented loss for AppSec Asia for 2011.  Is the
>>>>>> foundation expected to reimburse SecZone for this loss?  What was the
>>>>>> agreement for the financials for this event.  I know that much of this has
>>>>>> come from Rip’s personal account.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> We need to clear this up before the end of the year.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Kate Hartmann
>>>>>> 
>>>>>> Operations Director
>>>>>> 
>>>>>> 301-275-9403
>>>>>> 
>>>>>> www.owasp.org
>>>>>> 
>>>>>> Skype:  Kate.hartmann1
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> <Copy of OWASP 2011 Appsec Asia cost-1128.xlsx>
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Global_conference_committee mailing list
>>>>>> Global_conference_committee at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Global_conference_committee mailing list
>>>>>> Global_conference_committee at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Administrator for
>>>>> OWASP Global Conference Committee
>>>>> OWASP Global Chapter Committee
>>>>> 
>>>>> Dir: 312-869-2779
>>>>> skype: sarah.baso
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>> 
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org



More information about the Owasp-board mailing list