[Owasp-board] [Owasp-leaders] [Committees-chairs] Removal of Regional/Local event oversight from Conferences Committee

Tin Zaw tin.zaw at owasp.org
Tue Jun 21 04:34:39 UTC 2011


I am confused. I thought the board voted to put 4 Global AppSec
conferences under support and policies of Conf. Committee and the rest
under Chapter Committee. And Jeff's email sounded like that too.

Here is what Chapter Committee (mostly, Seba and me) is discussing to
propose -- the details.

* GLOBAL AppSec's will be under policies and support of Conference Committee.
* For the rest of the conferences, the conference organizers can
choose to call upon help of either Conference or Chapter Committee.
* Conf. Comm. provides bigger help, with bigger budget, subject to
split and cap rules.
* Chapter Comm. provides smaller help, with smaller budget, subject to
policies set by Chapter Comm.

The original proposal for vote by the board was not put together by
the Chapter Committee. With all good intentions, Kate proposed it.

Chapter Committee's official stance is that we can take this new
responsibility after this issue -- of which conference under what
committee -- has been fully resolved by the board.

Thanks.


On Mon, Jun 20, 2011 at 9:02 PM, Tom Brennan <tomb at owasp.org> wrote:
>
>
> For those watching at home... todays monthly board meeting had a few items
> on it, lasted about 1.5 hrs actually.  Thank you Mark for appealing your
> item as I believe the "vote" was a bit unclear as presented.  Having a
> passionate volunteer like Mark craft emails as an appeal in addition to
> having a new child enter the world today..  shows how passioned filled he is
> to the core mission - In addition Congratulations Mark, welcome to the other
> club Dad --  Boy(s) or Girl(s)  -- you will not forget when fathers day is
> anymore now it will be your kids birthday weekend!!
> Let's rewind and visit the request from today, click on the below URL and
> read it or scroll to the end of my reply to see the content.
> =====================================================
> = https://www.owasp.org/index.php/June_6,_2011#BOARD_VOTE_REQUESTED ====
> =====================================================
> So after reading both sides of the arguments the written rational and the
> counter arguments -  I agree (YES) with a adjustment to the current model.
> Of the proposed adjustments the one that I support is actually counter
> proposal B.
> OWASP Local chapters should not be required to run chapter events or chapter
> meetings via the Conferences Committee/OCMS approval system.  However, if a
> conference/event is going to be marketed as anything other than a local
> chapter meeting/working session such as "Regional Event, AppHacker2012,
> Build/Break2012, etc.." and use of the OWASP Foundation/EU brand, resources,
> insurance, backoffice employees, funds then the CC/OCMS system and be
> managed by the established polices of the Global Conferences Committee to do
> so ensuring a min., level of quality is prerequisite and the professional
> brand is maintained.
> It is REALLY important that people reading this understand what is a
> "OCMS" what is was purpose built
> for see: https://www.owasp.org/index.php/Owasp_Conference_Management_System
> +10 here (i used it just yesterday)
> The conferences committee volunteers like all committees are managed by
> volunteers to foster growth without malice as the regional representatives
> for around the world - the day-to-day process and administration of best
> practice should then be mapped and managed by owasp employees and
> contractors when possible to enable for scale of a repeatable and measurable
> process.
> 2nd item on the above URL;
> Chapter Finance Policy and Procedure, this item was NOT part of the vote
> today. For the record, I DO support this model of sweeping funds from local
> chapters back to the OWASP Foundation. There is currently $94,000.00 in
> funds set-aside for chapters see:
>  https://www.owasp.org/index.php/Donation_Scoreboard   However, once a
> ratified 201X  chapter handbook is produced as a deliverable from the
> conferences committee and is then agreed to by each chapter team as
> governance or suggested guideline document (*NOTE* these are two very
> different terms)  But note, chapter leaders in any country, state or region
> have with or without signature today agreed to run a local chapter as acting
> as a extension and agent of the foundation including its ethics and
> principals as volunteers. So lets make it really easy for them and future
> ones to foster collaboration of quality under the flag of OWASP Foundation.
>  A chapter measured only by quantity of attendees of meetings is not a very
> good measurement - quality first and always, experiment locally, promote
> success globally, people will come if the core is a solid group of
> professionals in it for the right reasons = community and the mission.
> So just to be very clear, I voted YES, continue to vote YES but to Counter
> Proposal B this provides the best flexibility globally, provides chapters
> with additional responsibility that they have to manage not only for XX
> events per year but also they need to get there hands around the 70+ active
> chapters.
> Test Cases:
>
> Chapter A Chapter wants to hold a training event - this does NOT
> require conferences committee/OCMS
> Chapter A + Chapter B  wants to hold a training event and IS requesting
> resources of monetary support - requires conferences committee/OCMS
> Chapter A + Chapter C  wants to hold a training event and does NOT
>  requesting resources of monetary support - this does
> not  require conferences committee/OCMS
> Chapter A  wants to hold a meeting in that will bring in 50,100,150,200+
> attendees as part of its regular meeting schedule, does not require OCMS
> Chapter A  wants to hold a meeting in Madison Square Garden and utilize the
> resources of its employees and contractors and enter into agreements etc...
> YES it needs the Conferences Committee to understand what is going on
> BIG APPLE SECURITY CONFERENCE (aka: Chapter A, Chapter B, Chapter C
> & Chapter D) want to do a event together utilize the resources of its
> employees and contractors and enter into agreements etc... = this would be
> an example of a regional event and YES it needs to the conferences
> committeee
> Chapter A + Chapter Z wants to do a virtual event - this does NOT
> require conferences committee/OCMS
> Chapter X gets really tired of  the perception of a bureaucratic,
> rule-based, control -- they want to do there own thing include Software,
> Midgets, and Costumes call it <insert cool name> - if it does not pass the
> established review process to keep quality events and after a meeting with
> the chapter/conference organizators it could be negotiated or completely
> rejected and if needed appealed.
>
> So where does this put ME?  Is this a FLIP FLOP to a NO or Abstain vote??
> No..... clearly the YES of ALL attending board members to the presented
> materials suggests that there needs to be an adjustment in providing a
> threshold for the chapters committee for the good of the global foundation -
> the extent is what needs to be defined clearly.  I would suggest that a
> committee chair meeting is held to discuss and nail down a collaborative
> solution that effects not any individual volunteer, but rather the
> committees look at the management of the workflow for the good of the
> organization and in the spirit of evolution, outreach and and
> experimentation. and provide a acceptable resolution by next board meeting
> that can be managed by OWASP staff.
> Interested in the other fun and exciting behind the curtain results be sure
> to visit:  https://www.owasp.org/index.php/OWASP_Board_Meetings  (note that
> the 6-June meeting is the 20-June meeting)
> Psssst hey Mark its 11:55am EST you will be getting up shortly to feed the
> new baby ;) thank you and your team - be aware that Chapters is here also to
> do heavy lifting too.  This also is a good example of what you as the reader
> should review and get behind a candidate for the forthcoming election:
>  https://www.owasp.org/index.php/Membership/2011Election#Self-Nominated_2012_Candidates
>  see WHY ME
> Semper Fi,
> Brennan
> Tel: 973-202-0122
> Skype: proactiverisk
>
> -----For those that did not click the above link below is the information we
> are talking about------------
>
> BOARD VOTE REQUESTED
>
> Updates and Changes to Conference Supervision by Committees
>
> 1. Global AppSec Events will remain under the Supervision of the Global
> Conference Committee.
>
> 2. Partner Events and Outreach (representation) will remain under the
> Supervision of the Global Conference Committee.
>
> 3. Local and Regional Events will move underneath the umbrella of the Global
> Chapter Committee.
>
> Additional Documentation
>
> Rational - Counter Argument
>
> Chapter Finance Policy and Procedure
>
> OCMS
>
> Counter proposal A
>
> Updates and Changes to Conference Supervision by Committees (counter
> proposal)
>
> Conferences and Chapters will continue their existing roles.
> Conferences will work to bolster support for local events and define events.
>
> Committee Supervison of Events Rational
>
> Counter proposal B
>
> Events expecting over 100 attendees* shall remain under the Supervision of
> the Global Conference Committee.
> Events expecting less than 100 will move underneath the umbrella of the
> Global Chapter Committee.
> Partner Events and Outreach (representation) will remain under the
> Supervision of the Global Conference Committee.
>
> * With the exception of regular chapter meetings which on very few occasions
> will be larger than this, I believe only NY/NJ has this issue currently
>
> -------------------
>
>
>
>
>
>
> On Jun 20, 2011, at 8:17 PM, Mark Bristow wrote:
>
> Kate,
> (sorry for the text wall, as you can tell I am passionate about this topic
> which is why I signed up for the conferences committee in the first place)
>
> Respectfully to you and Jason, I disagree.  I DO agree however that the
> Committees exist to facilitate and grow their areas of responsibility
> however sometimes this is done by setting guidelines/rules/policies to
> facilitate this.  If it doesn't matter who's "jurisdiction" things fall
> under, then why was it transfered from the Conferences to Chapter
> committees?
> Of course it matters, and it matters for several reasons.  As OWASP has
> grown there has been a need to share the load of organizing our activities.
>  In OWASP 1.0 there was just a loose collection of "leaders" who would
> organize projects, events, chapters et all in a somewhat organic way with
> little structure, then as we grew in notoriety, membership and became a
> 501c, OWASP 2.0 we added a board who's job it was to provide oversight and
> be the caretakers of OWASP, resolve conflicts and help steer the
> organization.  As of 2008, OWASP 3.0, the Global Committees were formed as
> the individual tasks of facilitating, growing, coordinating and organizing
> Chapters, Education, Conferences, Projects, Membership, Industry and
> Connections became too much for a single group of 6-7 people to coordinate.
>  The organization elected by nomination, volunteers with the skills,
> expertise and experience necessary to execute on the more focused committee
> missions with the board providing final oversight.  I know
> we occasionally pine for the days were things were loosely coordinated and
> organized but that was before OWASP had international recognition, a
> budget, complex infrastructure, full time staff members, summits, and
> thousands of members.
> We are not who we were in OWASP 1.0, to deny this is to deny ourselves,
> we've accomplished much and grown tremendously since then.  The key however
> is to be OWASP 3.0 in a way that keeps the spirit of OWASP 1.0's innovation,
> community and volunteerism.
> With OWASP 3.0 we realized that we NEED a bit more structure at the bottom
> (In my view the membership is always at the top of the pyramid and the board
> at the top of the bottom) in order to ensure that OWASP continues to
> function in a coordinated way.    I'm sure you remember Conferences in 2008,
> they were a hot mess.  We had a great event in NY but were having trouble
> extending that success into other events and keeping that institutional
> knowledge.  Events were "popping out of the woodwork" with overzealous event
> planners with big dreams asking for significant financial resources in order
> host their own events in their city (I remember I was one of them).  No-one
> was coordinating the schedules of the events, and thus, everyone
> had their events at nearly the same time of year, making
> our volunteers, speakers and sponsors weary.  Limited funds were not
> prioritized, tracked, ensured we could back them up.  I remember being told
> as an ASDC09 planner by allison that we needed to hold off on one of our big
> ticket items because the OWASP card was totally maxed out this month (much
> angering our catering people as I recall).  No one was keeping track if the
> events were making any money or not, we had the "wait and see" approach for
> profitability even as OWASP was taking on full time staff and having
> ever increasing overhead costs to support things like the summit, conference
> bridges, website support and staff.  In short it was a mess that worked by
> the skin of it's teeth and personal heroics.
> While not all gone, we don't have these problems anymore.  Why?  The
> Conferences Committee was put in place to provide just an ounce of oversite
> and set some really basic rules about how events were put on and to provide
> a TON of guidance (I dare you to look at the history of the how to host a
> conference page), templates, ops support, financial support etc
> from those who knew how to run successful OWASP events.  We changed how we
> coordinated events, evened out the schedule a bit relieving some of the
> financial pressures on the foundation, helped events get sponsors, do CFPs
> and CFTs, negotiate contracts, and now we are sending people to help on the
> ground at the larger events.  Conferences run a lot smoother now and this is
> because they are being coordinated/overseen in addition to fostered and
> grown.  This managed growth has allowed us to host more events, in more
> places (AppSec China Anyone, Brazil twice) and pop up a myriad of regional
> and local events, all while turning better profit for the foundation to
> support things like projects, infrastructure, loss-leader events (aka free),
> supply budgets to committees, sponsor leader travel, the list goes on and
> on.  This year we even started sharing some of these profits directly with
> the host chapters, although some decided to take this as a "limitation"
> rather than an improvement.
> Throughout this all, there has been ONE place to go to get information on
> events, ONE group of people setting high level organizational goals (do any
> of the other committees have posted goals?  we
> do:) https://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan)
> and one voice to mediate issues, set policies and guidelines to help foster
> great OWASP events.  When you start getting two voices, they start getting
> conflicting information and it causes issues (I know you have many examples
> where the committee had set one policy and certain individuals misinformed
> people about that policy when asked instead of re-directing the inquiry to
> the committee), you need a "one stop shop" so everything is clear.  Our
> wildly enthusiastic volunteers are to thank for these successes, but every
> once in a while, having someone there asking "why" before they write a $100k
> check has been a good thing.  Unfortunately OWASP does not have unlimited
> resources and occasionally we cant support everything everyone wants to do
> (although we almost never say no, just not now, or perhaps in a different
> way)
> This is not unique to conference, almost every committee has some set of
> "policies".  Projects define project criteria and set standards for
> active/inactive projects, Chapters have the chapter leader handbook and set
> rules for participation, openness, and frequency.  Membership sets the
> prices of membership levels, defines codes of conduct and manages voting
> rights.  Each committee has to define some level of "oversight" and
> "policies", to deny that eiteer Conferences or Chapters needs to do so is
> just well, terrible management practice.
> I think that the small one day, local events that perhaps don't charge a fee
> or cost less than $1000 to run, essentially large chapter meetings, could
> and should absolutely be managed by the chapters committee.  But when it
> comes to hosting the bigger Regional and Global AppSec events,
> with hundreds of guests, venue contracts, catering, travel, transportation,
> training these are the things that the Conference committee does best.  I've
> not heard a single criticism that the committee was not doing this well.
>  Why stop us from doing our jobs?  Lets continue to grow and investigate new
> ideas for events, new ways to reach more developers (I still owe the GPC a
> Secure the Flag Competition) but in the mean time, we still need people who
> have done successful events to help mentor and guide those just starting
> out, that's what the Conferences Committee is here to do.
> On Mon, Jun 20, 2011 at 7:12 PM, Kate Hartmann <kate.hartmann at owasp.org>
> wrote:
>>
>> Jason, you have summarized the role of the committees well:  Committees
>> exist to solely to facilitate and grow their respective areas of
>> responsibility, NOT to "oversee" or "govern" these areas.  From this
>> perspective, why the heck does it matter who's "jurisdiction" it falls
>> under?!?
>> The chapters committee had a great discussion on the next steps this
>> afternoon.  This is not about governance, but about which group might be
>> able to offer the best support.  It's also not about creating silos, but
>> about trying to create the best possible support for leaders who want to
>> take their chapters to the next level.
>> One of the discussion threads from today's chapter call was to allow the
>> planners the option to aim big by aligning their event with the conferences
>> committee.  I also have no reason to believe that OCMS would no longer be
>> required.  On the contrary, it is such a remarkable accomplishment that it
>> is now a critical step in the planning process.
>> The chapter committee is composed of leaders who have faced the challenges
>> of hosting a one day event or a large scale meeting.  I am confident that
>> their perspective along with the support of the conference team's global
>> conference experience will strengthen our outreach efforts.
>> Kate Hartmann
>> OWASP Operations Director
>>
>> On Jun 20, 2011, at 4:56 PM, Jason Li <jason.li at owasp.org> wrote:
>>
>> Board/Committee Chairs,
>> I apologize that I could not speak up more clearly on this issue during
>> the Board call due to my bad connection from Morocco.
>> Having watched the threads, the whole local/regional/global event debate
>> seems to me to be a proxy war for one issue: profit sharing via the
>> chapter/conference split.
>> Committees exist to solely to facilitate and grow their respective areas
>> of responsibility, NOT to "oversee" or "govern" these areas.  From this
>> perspective, why the heck does it matter who's "jurisdiction" it falls
>> under?!?
>> As Eoin alluded to on the conference call, the idea of sticking an
>> artificial wall between the chapters committee and the conferences committee
>> is ludicrous. Local and regional event planners should be able to leverage
>> the respective knowledge and experience of both the Chapters Committee and
>> the Conferences Committee!
>> Remove the split debate and I see absolutely no logical reason for any of
>> this whole event "governance" discussion at all. If anything, this should be
>> an amazing opportunity for a joint committee initiative to pursue some of
>> the ideas Jeff referred to in terms of growing chapters.
>> It seems to me that it only matters when it comes to who gets to decide
>> how to "divide up the money".
>> I agree with Mark that I think part of the discussion has been charged
>> with the undertones of revenue split. If we don't solve that issue, the next
>> flash point will simply be what gets considered a "regional event" versus a
>> "global conference".
>> I believe that most of Mark's points are legitimate concerns about the
>> financial situation of OWASP as a whole, and the organization's dependence
>> on revenue from all OWASP *events*.
>> While it would be nice if we could support every local chapter event to
>> grow the organization, the reality is that someone has to make the decision
>> on whether to fund events and I do not believe that it should be the
>> decision of any one committee. So I think the Board, the Chapters Committee,
>> and the Conferences Committee need to sit down together and distill their
>> conversation to the real point of the matter which is: what happens to money
>> that comes into OWASP?
>> And as it will be a long heated disucssion, it's a conversation that I
>> *DON"T* think should happen on the leader's list :)
>>
>> -Jason
>> On Mon, Jun 20, 2011 at 8:13 PM, Jeff Williams <jeff.williams at owasp.org>
>> wrote:
>>>
>>> Hi Mark,
>>>
>>>
>>>
>>> Congrats on the newborn – I understand those things can be time consuming
>>> J
>>>
>>>
>>>
>>> I support the board’s decision today because we want the Global Chapters
>>> Committee to grow into supporting the needs of chapters that want to put on
>>> local events.  I think there’s a good argument that these events *are*
>>> different than global events, and have different support needs.
>>>
>>>
>>>
>>> We want the Global Conferences Committee to focus on large-scale
>>> international events – can you support an AppSec for every development
>>> platform?  On every continent?  With thousands of attendees?  How about new
>>> kinds of events – open-space conferences, more OWASP Summits, training
>>> events, college events, etc… There are 15 million developers in the world
>>> and we are only reaching a few hundred of them today.  You’ve done a great
>>> job with our existing style of conference…  Can you take it to the next
>>> level?
>>>
>>>
>>>
>>> I think you’re exactly right that over time we will have to work out
>>> which are “Global” events and “Local” events. To me, the decision should be
>>> made by the folks organizing the conference – in collaboration with folks on
>>> both the Chapters and Conferences committees.  I hope that they’ll get
>>> different support and the event will come out differently.
>>>
>>>
>>>
>>> I’d like to make it perfectly clear that this vote wasn’t a referendum on
>>> the performance of the Global Conferences Committee by any means.  You and
>>> your team have done a great job of establishing infrastructure and managing
>>> all sorts of events.  The financial information you provided was greatly
>>> appreciated and is a perfect example of the work you’ve done.
>>>
>>>
>>>
>>> Thank you for all your hard work!
>>>
>>>
>>>
>>> --Jeff
>>>
>>>
>>>
>>>
>>>
>>> From: owasp-board-bounces at lists.owasp.org
>>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Mark Bristow
>>> Sent: Monday, June 20, 2011 2:50 PM
>>> To: OWASP Foundation Board List
>>> Cc: owasp-global-chapter-committee; global_conference_committee;
>>> owasp-leaders at lists.owasp.org
>>> Subject: [Owasp-board] Removal of Regional/Local event oversight from
>>> Conferences Committee
>>>
>>>
>>>
>>> OWASP Board,
>>>
>>> I apologize for not being able to make the meeting today but having a
>>> newborn at home simply had to take priority.  After reviewing the meeting
>>> minutes I was very sorry to see that you decided to take up this very
>>> important topic without my participation despite my request not to do so, I
>>> had made arrangements to attend the original meeting on June 6th but
>>> unfortunately the board postponed and I could not attend today.   I was very
>>> troubled to see the results of your decision to "Move local and regional
>>> events from umbrella of conferences committee to chapters committee,
>>> effective July 31, 2011" supported by "Tom, Seba, Eoin, Jeff, Dave" and
>>> frankly am somewhat bewildered at this change.
>>>
>>> Over the past 2 years under the Conferences Committee’s leadership, we’ve
>>> seen OWASP grow from having one, perhaps two global events each year to
>>> having a Global AppSec Conference in North America, South America, Europe
>>> and Asia every year in addition to increasing the number of regional and
>>> local events we participate in worldwide. In the last year the GCC has
>>> instituted clear, concise policies to govern events that were previously in
>>> a state of disarray causing significant internal conflict, developed a
>>> system for managing events automatically as well as streamline the event
>>> management process, and launched a new Global Sponsorship initiative to help
>>> OWASP better attract sponsors to events.   We have instituted new programs
>>> to better support events, streamline processes for getting promotional
>>> merchandise and booth support to non-OWASP events, attempted to streamline
>>> the contracting process and purchased common equipment to save OWASP money
>>> in running events.  The committee has grown from 3 to 11 members, and hired
>>> part time operations support giving us the additional bandwidth and support
>>> we need to get all of these done and done well.  While we are not perfect
>>> I'd argue you'd be hard pressed to find a more ambitious and successful
>>> global committee at OWASP.
>>>
>>> I don't know if this was discussed but it's not clear to me that the
>>> board has a full understanding of the financial implications that this
>>> change may reflect for OWASP.  Last year conference income accounted for 77%
>>> of OWASP's annual income and brought in a total profit of $240,399.71 (up
>>> 151% from 2009 under the conferences committee's oversight).  Regional and
>>> local event income totaled $295,845.52 representing 40% of OWASP's
>>> conference income.  Moving these responsibilities to an untested committee
>>> who is not focused on or experienced in running events could put OWASP in
>>> significant financial jeopardy.  To give you some perspective the regional
>>> and local event income is 149% more than the $198,620.74 that the foundation
>>> spent on the Summit last year.  Despite these operational, support and
>>> financial sucesses, it's unfortunate that the board has obviously lost
>>> confidence in our ability manage OWASP Events, by reducing our oversight, as
>>> was defined in our recently re-approved (by the board) mission statement
>>>
>>> I will not pretend that there are not some areas where the Conferences
>>> Committee needs to improve. I agree with the sentiment that we do not
>>> clearly define the differences between the "type" of event or level support
>>> between Global AppSec, Regional and Local events. We also need to continue
>>> our work of spreading out the OWASP Global Event Calendar as we are still
>>> very heavy in the second part of the year. I will also admit that not every
>>> decision the Global Conferences Committee has made has been popular however
>>> sometimes unpopular or difficult decisions need to be made for the greater
>>> good, this is why the committees exist. I will say that all of the decisions
>>> made by the conferences committee have been conducted in the most open and
>>> democratic way possible. We conduct almost all of our business on the
>>> mailing list for all to see and contribute and we vote on almost every
>>> decision so that those who have been validated by their peers to serve on
>>> the committee can have their say in the process. The conferences committee
>>> was even the first to develop a self governance document which was adopted
>>> in part or in whole by several of the other committees, including chapters.
>>> Considering the massive responsibility placed on the conferences committee
>>> in both leading the outreach effort and in ensure the foundation has
>>> sufficient operating income to continue it’s existence I’d say the Global
>>> Conferences Committee is doing a great job and don’t see the reason or
>>> rationale for making any move that would obstruct them from continuing to do
>>> great work on behalf of OWASP.
>>>
>>> I will concede however that if the board feels that local events,
>>> involving only 1 or 2 chapters or under a certain size, would be better
>>> served under the responsibility of the Chapters Committee, I would
>>> understand that.  To support these smaller events we mostly provide
>>> foundation funds, guidance when asked and leave the vast majority of the
>>> planning to the local team, something that the Chapters Committee could take
>>> on.  Additionally these events have a less significant impact to the
>>> foundation as a whole and in general do not generate significant income
>>> (last year they represented 0.88% or $2065.07 of total event income, many
>>> local events don't charge and we think that's GREAT!). However, the
>>> Conferences Committee has the experts for running larger events such as
>>> Regional (such as AppSec DC and LASCON, which can have hundreds of
>>> attendees) and Global AppSec events and I'm not sure I see the wisdom or
>>> logic in moving their oversight, especially for Regional events, to a
>>> committee who is not focused on events and does not have the expertise in
>>> this area.
>>>
>>> I have a suspicious feeling that this initiative is really a different
>>> venue for a small number of individuals who object to one and only one of
>>> the GCC policies on profit sharing (see
>>> https://www.owasp.org/index.php/Confernece_Profit_Sharing_Split_Rationale
>>> for some hard facts on that issue) what was voted on by the GCC and ratified
>>> by the board.  If so, then this entire issue should be dropped and those
>>> individuals should challenge the policy not the committee that oversees
>>> events.  The committees are there to make tough decisions and this decision
>>> was based on significant community input, conducted in a fair and open
>>> manor, and was set specifically to allow the most OWASP outreach possible,
>>> be fiscally responsible for OWASP as a whole and eliminate the creation of
>>> rich/poor OWASP chapters.  Opponents of the policy suggest a system that
>>> last year would have allocated an additional $35,976 to only 2 chapters
>>> leaving almost every other chapter unchanged.
>>>
>>> Again I apologize for not being able to make the meeting, however if
>>> someone could outline the board's rationale for this decision I would
>>> certainly appreciate it.
>>>
>>> Regards,
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
> _______________________________________________
> Committees-chairs mailing list
> Committees-chairs at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/committees-chairs
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>



-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter
Chair, OWASP Global Chapter Committee
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw



More information about the Owasp-board mailing list