[Owasp-board] [Owasp-leaders] [Committees-chairs] Removal of Regional/Local event oversight from Conferences Committee

Martin Knobloch martin.knobloch at owasp.org
Fri Jun 24 11:35:06 UTC 2011


Christian,

I am totally in with you, but disagree this to be a committee thing.
Also we do not have, and I doubt it is to be wanted, sub-committees!

As committees should be enabling, projects executing, I once addressed this
as a possible project:
https://www.owasp.org/index.php/Speakers_Bureau_Project
Unfortunately, I did not get many reply nor help and the project went into a
stall.
There is a list of speakers available. So, we have a nice start!
https://www.owasp.org/index.php/Category:OWASP_Speakers_Project

Budget to get speakers for you local event / chapter meetings is enabled via
the OWASP on the move project:
https://www.owasp.org/index.php/OWASP_on_the_Move
Those this answer your proposal?

Cheers,
-Martin
On Tue, Jun 21, 2011 at 12:06 PM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> Tin,
>
> For the second item from the top on your list can I recommend that
> events which include international speakers, i.e. those requiring a
> passport, presenting at an event organised by the chapters within the
> specific country which the international speaker is entering fall
> within the scope of the GCC (i.e. Conference)?
>
> Furthermore, can I raise the idea of the "Speakers Sub-Committee",
> i.e. the thread starts at
>
> https://lists.owasp.org/pipermail/global_conference_committee/2011-March/001083.html
> ,
> for consideration by the OWASP Board since it is relevant to this
> discussion also?
>
> On Tue, Jun 21, 2011 at 2:34 PM, Tin Zaw <tin.zaw at owasp.org> wrote:
> > I am confused. I thought the board voted to put 4 Global AppSec
> > conferences under support and policies of Conf. Committee and the rest
> > under Chapter Committee. And Jeff's email sounded like that too.
> >
> > Here is what Chapter Committee (mostly, Seba and me) is discussing to
> > propose -- the details.
> >
> > * GLOBAL AppSec's will be under policies and support of Conference
> Committee.
> > * For the rest of the conferences, the conference organizers can
> > choose to call upon help of either Conference or Chapter Committee.
> > * Conf. Comm. provides bigger help, with bigger budget, subject to
> > split and cap rules.
> > * Chapter Comm. provides smaller help, with smaller budget, subject to
> > policies set by Chapter Comm.
> >
> > The original proposal for vote by the board was not put together by
> > the Chapter Committee. With all good intentions, Kate proposed it.
> >
> > Chapter Committee's official stance is that we can take this new
> > responsibility after this issue -- of which conference under what
> > committee -- has been fully resolved by the board.
> >
> > Thanks.
> >
> >
> > On Mon, Jun 20, 2011 at 9:02 PM, Tom Brennan <tomb at owasp.org> wrote:
> >>
> >>
> >> For those watching at home... todays monthly board meeting had a few
> items
> >> on it, lasted about 1.5 hrs actually.  Thank you Mark for appealing your
> >> item as I believe the "vote" was a bit unclear as presented.  Having a
> >> passionate volunteer like Mark craft emails as an appeal in addition to
> >> having a new child enter the world today..  shows how passioned filled
> he is
> >> to the core mission - In addition Congratulations Mark, welcome to the
> other
> >> club Dad --  Boy(s) or Girl(s)  -- you will not forget when fathers day
> is
> >> anymore now it will be your kids birthday weekend!!
> >> Let's rewind and visit the request from today, click on the below URL
> and
> >> read it or scroll to the end of my reply to see the content.
> >> =====================================================
> >> = https://www.owasp.org/index.php/June_6,_2011#BOARD_VOTE_REQUESTED====
> >> =====================================================
> >> So after reading both sides of the arguments the written rational and
> the
> >> counter arguments -  I agree (YES) with a adjustment to the current
> model.
> >> Of the proposed adjustments the one that I support is actually counter
> >> proposal B.
> >> OWASP Local chapters should not be required to run chapter events or
> chapter
> >> meetings via the Conferences Committee/OCMS approval system.  However,
> if a
> >> conference/event is going to be marketed as anything other than a local
> >> chapter meeting/working session such as "Regional Event, AppHacker2012,
> >> Build/Break2012, etc.." and use of the OWASP Foundation/EU brand,
> resources,
> >> insurance, backoffice employees, funds then the CC/OCMS system and be
> >> managed by the established polices of the Global Conferences Committee
> to do
> >> so ensuring a min., level of quality is prerequisite and the
> professional
> >> brand is maintained.
> >> It is REALLY important that people reading this understand what is a
> >> "OCMS" what is was purpose built
> >> for see:
> https://www.owasp.org/index.php/Owasp_Conference_Management_System
> >> +10 here (i used it just yesterday)
> >> The conferences committee volunteers like all committees are managed by
> >> volunteers to foster growth without malice as the regional
> representatives
> >> for around the world - the day-to-day process and administration of best
> >> practice should then be mapped and managed by owasp employees and
> >> contractors when possible to enable for scale of a repeatable and
> measurable
> >> process.
> >> 2nd item on the above URL;
> >> Chapter Finance Policy and Procedure, this item was NOT part of the vote
> >> today. For the record, I DO support this model of sweeping funds from
> local
> >> chapters back to the OWASP Foundation. There is currently $94,000.00 in
> >> funds set-aside for chapters see:
> >>  https://www.owasp.org/index.php/Donation_Scoreboard   However, once a
> >> ratified 201X  chapter handbook is produced as a deliverable from the
> >> conferences committee and is then agreed to by each chapter team as
> >> governance or suggested guideline document (*NOTE* these are two very
> >> different terms)  But note, chapter leaders in any country, state or
> region
> >> have with or without signature today agreed to run a local chapter as
> acting
> >> as a extension and agent of the foundation including its ethics and
> >> principals as volunteers. So lets make it really easy for them and
> future
> >> ones to foster collaboration of quality under the flag of OWASP
> Foundation.
> >>  A chapter measured only by quantity of attendees of meetings is not a
> very
> >> good measurement - quality first and always, experiment locally, promote
> >> success globally, people will come if the core is a solid group of
> >> professionals in it for the right reasons = community and the mission.
> >> So just to be very clear, I voted YES, continue to vote YES but to
> Counter
> >> Proposal B this provides the best flexibility globally, provides
> chapters
> >> with additional responsibility that they have to manage not only for XX
> >> events per year but also they need to get there hands around the 70+
> active
> >> chapters.
> >> Test Cases:
> >>
> >> Chapter A Chapter wants to hold a training event - this does NOT
> >> require conferences committee/OCMS
> >> Chapter A + Chapter B  wants to hold a training event and IS requesting
> >> resources of monetary support - requires conferences committee/OCMS
> >> Chapter A + Chapter C  wants to hold a training event and does NOT
> >>  requesting resources of monetary support - this does
> >> not  require conferences committee/OCMS
> >> Chapter A  wants to hold a meeting in that will bring in 50,100,150,200+
> >> attendees as part of its regular meeting schedule, does not require OCMS
> >> Chapter A  wants to hold a meeting in Madison Square Garden and utilize
> the
> >> resources of its employees and contractors and enter into agreements
> etc...
> >> YES it needs the Conferences Committee to understand what is going on
> >> BIG APPLE SECURITY CONFERENCE (aka: Chapter A, Chapter B, Chapter C
> >> & Chapter D) want to do a event together utilize the resources of its
> >> employees and contractors and enter into agreements etc... = this would
> be
> >> an example of a regional event and YES it needs to the conferences
> >> committeee
> >> Chapter A + Chapter Z wants to do a virtual event - this does NOT
> >> require conferences committee/OCMS
> >> Chapter X gets really tired of  the perception of a bureaucratic,
> >> rule-based, control -- they want to do there own thing include Software,
> >> Midgets, and Costumes call it <insert cool name> - if it does not pass
> the
> >> established review process to keep quality events and after a meeting
> with
> >> the chapter/conference organizators it could be negotiated or completely
> >> rejected and if needed appealed.
> >>
> >> So where does this put ME?  Is this a FLIP FLOP to a NO or Abstain
> vote??
> >> No..... clearly the YES of ALL attending board members to the presented
> >> materials suggests that there needs to be an adjustment in providing a
> >> threshold for the chapters committee for the good of the global
> foundation -
> >> the extent is what needs to be defined clearly.  I would suggest that a
> >> committee chair meeting is held to discuss and nail down a collaborative
> >> solution that effects not any individual volunteer, but rather the
> >> committees look at the management of the workflow for the good of the
> >> organization and in the spirit of evolution, outreach and and
> >> experimentation. and provide a acceptable resolution by next board
> meeting
> >> that can be managed by OWASP staff.
> >> Interested in the other fun and exciting behind the curtain results be
> sure
> >> to visit:  https://www.owasp.org/index.php/OWASP_Board_Meetings  (note
> that
> >> the 6-June meeting is the 20-June meeting)
> >> Psssst hey Mark its 11:55am EST you will be getting up shortly to feed
> the
> >> new baby ;) thank you and your team - be aware that Chapters is here
> also to
> >> do heavy lifting too.  This also is a good example of what you as the
> reader
> >> should review and get behind a candidate for the forthcoming election:
> >>
> https://www.owasp.org/index.php/Membership/2011Election#Self-Nominated_2012_Candidates
> >>  see WHY ME
> >> Semper Fi,
> >> Brennan
> >> Tel: 973-202-0122
> >> Skype: proactiverisk
> >>
> >> -----For those that did not click the above link below is the
> information we
> >> are talking about------------
> >>
> >> BOARD VOTE REQUESTED
> >>
> >> Updates and Changes to Conference Supervision by Committees
> >>
> >> 1. Global AppSec Events will remain under the Supervision of the Global
> >> Conference Committee.
> >>
> >> 2. Partner Events and Outreach (representation) will remain under the
> >> Supervision of the Global Conference Committee.
> >>
> >> 3. Local and Regional Events will move underneath the umbrella of the
> Global
> >> Chapter Committee.
> >>
> >> Additional Documentation
> >>
> >> Rational - Counter Argument
> >>
> >> Chapter Finance Policy and Procedure
> >>
> >> OCMS
> >>
> >> Counter proposal A
> >>
> >> Updates and Changes to Conference Supervision by Committees (counter
> >> proposal)
> >>
> >> Conferences and Chapters will continue their existing roles.
> >> Conferences will work to bolster support for local events and define
> events.
> >>
> >> Committee Supervison of Events Rational
> >>
> >> Counter proposal B
> >>
> >> Events expecting over 100 attendees* shall remain under the Supervision
> of
> >> the Global Conference Committee.
> >> Events expecting less than 100 will move underneath the umbrella of the
> >> Global Chapter Committee.
> >> Partner Events and Outreach (representation) will remain under the
> >> Supervision of the Global Conference Committee.
> >>
> >> * With the exception of regular chapter meetings which on very few
> occasions
> >> will be larger than this, I believe only NY/NJ has this issue currently
> >>
> >> -------------------
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Jun 20, 2011, at 8:17 PM, Mark Bristow wrote:
> >>
> >> Kate,
> >> (sorry for the text wall, as you can tell I am passionate about this
> topic
> >> which is why I signed up for the conferences committee in the first
> place)
> >>
> >> Respectfully to you and Jason, I disagree.  I DO agree however that the
> >> Committees exist to facilitate and grow their areas of responsibility
> >> however sometimes this is done by setting guidelines/rules/policies to
> >> facilitate this.  If it doesn't matter who's "jurisdiction" things fall
> >> under, then why was it transfered from the Conferences to Chapter
> >> committees?
> >> Of course it matters, and it matters for several reasons.  As OWASP has
> >> grown there has been a need to share the load of organizing our
> activities.
> >>  In OWASP 1.0 there was just a loose collection of "leaders" who would
> >> organize projects, events, chapters et all in a somewhat organic way
> with
> >> little structure, then as we grew in notoriety, membership and became a
> >> 501c, OWASP 2.0 we added a board who's job it was to provide oversight
> and
> >> be the caretakers of OWASP, resolve conflicts and help steer the
> >> organization.  As of 2008, OWASP 3.0, the Global Committees were formed
> as
> >> the individual tasks of facilitating, growing, coordinating and
> organizing
> >> Chapters, Education, Conferences, Projects, Membership, Industry and
> >> Connections became too much for a single group of 6-7 people to
> coordinate.
> >>  The organization elected by nomination, volunteers with the skills,
> >> expertise and experience necessary to execute on the more focused
> committee
> >> missions with the board providing final oversight.  I know
> >> we occasionally pine for the days were things were loosely coordinated
> and
> >> organized but that was before OWASP had international recognition, a
> >> budget, complex infrastructure, full time staff members, summits, and
> >> thousands of members.
> >> We are not who we were in OWASP 1.0, to deny this is to deny ourselves,
> >> we've accomplished much and grown tremendously since then.  The key
> however
> >> is to be OWASP 3.0 in a way that keeps the spirit of OWASP 1.0's
> innovation,
> >> community and volunteerism.
> >> With OWASP 3.0 we realized that we NEED a bit more structure at the
> bottom
> >> (In my view the membership is always at the top of the pyramid and the
> board
> >> at the top of the bottom) in order to ensure that OWASP continues to
> >> function in a coordinated way.    I'm sure you remember Conferences in
> 2008,
> >> they were a hot mess.  We had a great event in NY but were having
> trouble
> >> extending that success into other events and keeping that institutional
> >> knowledge.  Events were "popping out of the woodwork"
> with overzealous event
> >> planners with big dreams asking for significant financial resources in
> order
> >> host their own events in their city (I remember I was one of them).
>  No-one
> >> was coordinating the schedules of the events, and thus, everyone
> >> had their events at nearly the same time of year, making
> >> our volunteers, speakers and sponsors weary.  Limited funds were not
> >> prioritized, tracked, ensured we could back them up.  I remember being
> told
> >> as an ASDC09 planner by allison that we needed to hold off on one of our
> big
> >> ticket items because the OWASP card was totally maxed out this month
> (much
> >> angering our catering people as I recall).  No one was keeping track if
> the
> >> events were making any money or not, we had the "wait and see" approach
> for
> >> profitability even as OWASP was taking on full time staff and having
> >> ever increasing overhead costs to support things like the summit,
> conference
> >> bridges, website support and staff.  In short it was a mess that worked
> by
> >> the skin of it's teeth and personal heroics.
> >> While not all gone, we don't have these problems anymore.  Why?  The
> >> Conferences Committee was put in place to provide just an ounce of
> oversite
> >> and set some really basic rules about how events were put on and to
> provide
> >> a TON of guidance (I dare you to look at the history of the how to host
> a
> >> conference page), templates, ops support, financial support etc
> >> from those who knew how to run successful OWASP events.  We changed how
> we
> >> coordinated events, evened out the schedule a bit relieving some of the
> >> financial pressures on the foundation, helped events get sponsors, do
> CFPs
> >> and CFTs, negotiate contracts, and now we are sending people to help on
> the
> >> ground at the larger events.  Conferences run a lot smoother now and
> this is
> >> because they are being coordinated/overseen in addition to fostered and
> >> grown.  This managed growth has allowed us to host more events, in more
> >> places (AppSec China Anyone, Brazil twice) and pop up a myriad of
> regional
> >> and local events, all while turning better profit for the foundation to
> >> support things like projects, infrastructure, loss-leader events (aka
> free),
> >> supply budgets to committees, sponsor leader travel, the list goes on
> and
> >> on.  This year we even started sharing some of these profits directly
> with
> >> the host chapters, although some decided to take this as a "limitation"
> >> rather than an improvement.
> >> Throughout this all, there has been ONE place to go to get information
> on
> >> events, ONE group of people setting high level organizational goals (do
> any
> >> of the other committees have posted goals?  we
> >> do:)
> https://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan)
> >> and one voice to mediate issues, set policies and guidelines to help
> foster
> >> great OWASP events.  When you start getting two voices, they start
> getting
> >> conflicting information and it causes issues (I know you have many
> examples
> >> where the committee had set one policy and certain individuals
> misinformed
> >> people about that policy when asked instead of re-directing the inquiry
> to
> >> the committee), you need a "one stop shop" so everything is clear.  Our
> >> wildly enthusiastic volunteers are to thank for these successes, but
> every
> >> once in a while, having someone there asking "why" before they write a
> $100k
> >> check has been a good thing.  Unfortunately OWASP does not have
> unlimited
> >> resources and occasionally we cant support everything everyone wants to
> do
> >> (although we almost never say no, just not now, or perhaps in a
> different
> >> way)
> >> This is not unique to conference, almost every committee has some set of
> >> "policies".  Projects define project criteria and set standards for
> >> active/inactive projects, Chapters have the chapter leader handbook and
> set
> >> rules for participation, openness, and frequency.  Membership sets the
> >> prices of membership levels, defines codes of conduct and manages voting
> >> rights.  Each committee has to define some level of "oversight" and
> >> "policies", to deny that eiteer Conferences or Chapters needs to do so
> is
> >> just well, terrible management practice.
> >> I think that the small one day, local events that perhaps don't charge a
> fee
> >> or cost less than $1000 to run, essentially large chapter meetings,
> could
> >> and should absolutely be managed by the chapters committee.  But when it
> >> comes to hosting the bigger Regional and Global AppSec events,
> >> with hundreds of guests, venue contracts, catering,
> travel, transportation,
> >> training these are the things that the Conference committee does best.
>  I've
> >> not heard a single criticism that the committee was not doing this well.
> >>  Why stop us from doing our jobs?  Lets continue to grow and investigate
> new
> >> ideas for events, new ways to reach more developers (I still owe the GPC
> a
> >> Secure the Flag Competition) but in the mean time, we still need people
> who
> >> have done successful events to help mentor and guide those just starting
> >> out, that's what the Conferences Committee is here to do.
> >> On Mon, Jun 20, 2011 at 7:12 PM, Kate Hartmann <kate.hartmann at owasp.org
> >
> >> wrote:
> >>>
> >>> Jason, you have summarized the role of the committees well:  Committees
> >>> exist to solely to facilitate and grow their respective areas of
> >>> responsibility, NOT to "oversee" or "govern" these areas.  From this
> >>> perspective, why the heck does it matter who's "jurisdiction" it falls
> >>> under?!?
> >>> The chapters committee had a great discussion on the next steps this
> >>> afternoon.  This is not about governance, but about which group might
> be
> >>> able to offer the best support.  It's also not about creating silos,
> but
> >>> about trying to create the best possible support for leaders who want
> to
> >>> take their chapters to the next level.
> >>> One of the discussion threads from today's chapter call was to allow
> the
> >>> planners the option to aim big by aligning their event with the
> conferences
> >>> committee.  I also have no reason to believe that OCMS would no longer
> be
> >>> required.  On the contrary, it is such a remarkable accomplishment that
> it
> >>> is now a critical step in the planning process.
> >>> The chapter committee is composed of leaders who have faced the
> challenges
> >>> of hosting a one day event or a large scale meeting.  I am confident
> that
> >>> their perspective along with the support of the conference team's
> global
> >>> conference experience will strengthen our outreach efforts.
> >>> Kate Hartmann
> >>> OWASP Operations Director
> >>>
> >>> On Jun 20, 2011, at 4:56 PM, Jason Li <jason.li at owasp.org> wrote:
> >>>
> >>> Board/Committee Chairs,
> >>> I apologize that I could not speak up more clearly on this issue during
> >>> the Board call due to my bad connection from Morocco.
> >>> Having watched the threads, the whole local/regional/global event
> debate
> >>> seems to me to be a proxy war for one issue: profit sharing via the
> >>> chapter/conference split.
> >>> Committees exist to solely to facilitate and grow their respective
> areas
> >>> of responsibility, NOT to "oversee" or "govern" these areas.  From this
> >>> perspective, why the heck does it matter who's "jurisdiction" it falls
> >>> under?!?
> >>> As Eoin alluded to on the conference call, the idea of sticking an
> >>> artificial wall between the chapters committee and the conferences
> committee
> >>> is ludicrous. Local and regional event planners should be able to
> leverage
> >>> the respective knowledge and experience of both the Chapters Committee
> and
> >>> the Conferences Committee!
> >>> Remove the split debate and I see absolutely no logical reason for any
> of
> >>> this whole event "governance" discussion at all. If anything, this
> should be
> >>> an amazing opportunity for a joint committee initiative to pursue some
> of
> >>> the ideas Jeff referred to in terms of growing chapters.
> >>> It seems to me that it only matters when it comes to who gets to decide
> >>> how to "divide up the money".
> >>> I agree with Mark that I think part of the discussion has been charged
> >>> with the undertones of revenue split. If we don't solve that issue, the
> next
> >>> flash point will simply be what gets considered a "regional event"
> versus a
> >>> "global conference".
> >>> I believe that most of Mark's points are legitimate concerns about the
> >>> financial situation of OWASP as a whole, and the organization's
> dependence
> >>> on revenue from all OWASP *events*.
> >>> While it would be nice if we could support every local chapter event to
> >>> grow the organization, the reality is that someone has to make the
> decision
> >>> on whether to fund events and I do not believe that it should be the
> >>> decision of any one committee. So I think the Board, the Chapters
> Committee,
> >>> and the Conferences Committee need to sit down together and distill
> their
> >>> conversation to the real point of the matter which is: what happens to
> money
> >>> that comes into OWASP?
> >>> And as it will be a long heated disucssion, it's a conversation that I
> >>> *DON"T* think should happen on the leader's list :)
> >>>
> >>> -Jason
> >>> On Mon, Jun 20, 2011 at 8:13 PM, Jeff Williams <
> jeff.williams at owasp.org>
> >>> wrote:
> >>>>
> >>>> Hi Mark,
> >>>>
> >>>>
> >>>>
> >>>> Congrats on the newborn – I understand those things can be time
> consuming
> >>>> J
> >>>>
> >>>>
> >>>>
> >>>> I support the board’s decision today because we want the Global
> Chapters
> >>>> Committee to grow into supporting the needs of chapters that want to
> put on
> >>>> local events.  I think there’s a good argument that these events *are*
> >>>> different than global events, and have different support needs.
> >>>>
> >>>>
> >>>>
> >>>> We want the Global Conferences Committee to focus on large-scale
> >>>> international events – can you support an AppSec for every development
> >>>> platform?  On every continent?  With thousands of attendees?  How
> about new
> >>>> kinds of events – open-space conferences, more OWASP Summits, training
> >>>> events, college events, etc… There are 15 million developers in the
> world
> >>>> and we are only reaching a few hundred of them today.  You’ve done a
> great
> >>>> job with our existing style of conference…  Can you take it to the
> next
> >>>> level?
> >>>>
> >>>>
> >>>>
> >>>> I think you’re exactly right that over time we will have to work out
> >>>> which are “Global” events and “Local” events. To me, the decision
> should be
> >>>> made by the folks organizing the conference – in collaboration with
> folks on
> >>>> both the Chapters and Conferences committees.  I hope that they’ll get
> >>>> different support and the event will come out differently.
> >>>>
> >>>>
> >>>>
> >>>> I’d like to make it perfectly clear that this vote wasn’t a referendum
> on
> >>>> the performance of the Global Conferences Committee by any means.  You
> and
> >>>> your team have done a great job of establishing infrastructure and
> managing
> >>>> all sorts of events.  The financial information you provided was
> greatly
> >>>> appreciated and is a perfect example of the work you’ve done.
> >>>>
> >>>>
> >>>>
> >>>> Thank you for all your hard work!
> >>>>
> >>>>
> >>>>
> >>>> --Jeff
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> From: owasp-board-bounces at lists.owasp.org
> >>>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Mark
> Bristow
> >>>> Sent: Monday, June 20, 2011 2:50 PM
> >>>> To: OWASP Foundation Board List
> >>>> Cc: owasp-global-chapter-committee; global_conference_committee;
> >>>> owasp-leaders at lists.owasp.org
> >>>> Subject: [Owasp-board] Removal of Regional/Local event oversight from
> >>>> Conferences Committee
> >>>>
> >>>>
> >>>>
> >>>> OWASP Board,
> >>>>
> >>>> I apologize for not being able to make the meeting today but having a
> >>>> newborn at home simply had to take priority.  After reviewing the
> meeting
> >>>> minutes I was very sorry to see that you decided to take up this very
> >>>> important topic without my participation despite my request not to do
> so, I
> >>>> had made arrangements to attend the original meeting on June 6th but
> >>>> unfortunately the board postponed and I could not attend today.   I
> was very
> >>>> troubled to see the results of your decision to "Move local and
> regional
> >>>> events from umbrella of conferences committee to chapters committee,
> >>>> effective July 31, 2011" supported by "Tom, Seba, Eoin, Jeff, Dave"
> and
> >>>> frankly am somewhat bewildered at this change.
> >>>>
> >>>> Over the past 2 years under the Conferences Committee’s leadership,
> we’ve
> >>>> seen OWASP grow from having one, perhaps two global events each year
> to
> >>>> having a Global AppSec Conference in North America, South America,
> Europe
> >>>> and Asia every year in addition to increasing the number of regional
> and
> >>>> local events we participate in worldwide. In the last year the GCC has
> >>>> instituted clear, concise policies to govern events that were
> previously in
> >>>> a state of disarray causing significant internal conflict, developed a
> >>>> system for managing events automatically as well as streamline the
> event
> >>>> management process, and launched a new Global Sponsorship initiative
> to help
> >>>> OWASP better attract sponsors to events.   We have instituted new
> programs
> >>>> to better support events, streamline processes for getting promotional
> >>>> merchandise and booth support to non-OWASP events, attempted to
> streamline
> >>>> the contracting process and purchased common equipment to save OWASP
> money
> >>>> in running events.  The committee has grown from 3 to 11 members, and
> hired
> >>>> part time operations support giving us the additional bandwidth and
> support
> >>>> we need to get all of these done and done well.  While we are not
> perfect
> >>>> I'd argue you'd be hard pressed to find a more ambitious and
> successful
> >>>> global committee at OWASP.
> >>>>
> >>>> I don't know if this was discussed but it's not clear to me that the
> >>>> board has a full understanding of the financial implications that this
> >>>> change may reflect for OWASP.  Last year conference income accounted
> for 77%
> >>>> of OWASP's annual income and brought in a total profit of $240,399.71
> (up
> >>>> 151% from 2009 under the conferences committee's oversight).  Regional
> and
> >>>> local event income totaled $295,845.52 representing 40% of OWASP's
> >>>> conference income.  Moving these responsibilities to an untested
> committee
> >>>> who is not focused on or experienced in running events could put OWASP
> in
> >>>> significant financial jeopardy.  To give you some perspective the
> regional
> >>>> and local event income is 149% more than the $198,620.74 that the
> foundation
> >>>> spent on the Summit last year.  Despite these operational, support and
> >>>> financial sucesses, it's unfortunate that the board has obviously lost
> >>>> confidence in our ability manage OWASP Events, by reducing our
> oversight, as
> >>>> was defined in our recently re-approved (by the board) mission
> statement
> >>>>
> >>>> I will not pretend that there are not some areas where the Conferences
> >>>> Committee needs to improve. I agree with the sentiment that we do not
> >>>> clearly define the differences between the "type" of event or level
> support
> >>>> between Global AppSec, Regional and Local events. We also need to
> continue
> >>>> our work of spreading out the OWASP Global Event Calendar as we are
> still
> >>>> very heavy in the second part of the year. I will also admit that not
> every
> >>>> decision the Global Conferences Committee has made has been popular
> however
> >>>> sometimes unpopular or difficult decisions need to be made for the
> greater
> >>>> good, this is why the committees exist. I will say that all of the
> decisions
> >>>> made by the conferences committee have been conducted in the most open
> and
> >>>> democratic way possible. We conduct almost all of our business on the
> >>>> mailing list for all to see and contribute and we vote on almost every
> >>>> decision so that those who have been validated by their peers to serve
> on
> >>>> the committee can have their say in the process. The conferences
> committee
> >>>> was even the first to develop a self governance document which was
> adopted
> >>>> in part or in whole by several of the other committees, including
> chapters.
> >>>> Considering the massive responsibility placed on the conferences
> committee
> >>>> in both leading the outreach effort and in ensure the foundation has
> >>>> sufficient operating income to continue it’s existence I’d say the
> Global
> >>>> Conferences Committee is doing a great job and don’t see the reason or
> >>>> rationale for making any move that would obstruct them from continuing
> to do
> >>>> great work on behalf of OWASP.
> >>>>
> >>>> I will concede however that if the board feels that local events,
> >>>> involving only 1 or 2 chapters or under a certain size, would be
> better
> >>>> served under the responsibility of the Chapters Committee, I would
> >>>> understand that.  To support these smaller events we mostly provide
> >>>> foundation funds, guidance when asked and leave the vast majority of
> the
> >>>> planning to the local team, something that the Chapters Committee
> could take
> >>>> on.  Additionally these events have a less significant impact to the
> >>>> foundation as a whole and in general do not generate significant
> income
> >>>> (last year they represented 0.88% or $2065.07 of total event income,
> many
> >>>> local events don't charge and we think that's GREAT!). However, the
> >>>> Conferences Committee has the experts for running larger events such
> as
> >>>> Regional (such as AppSec DC and LASCON, which can have hundreds of
> >>>> attendees) and Global AppSec events and I'm not sure I see the wisdom
> or
> >>>> logic in moving their oversight, especially for Regional events, to a
> >>>> committee who is not focused on events and does not have the expertise
> in
> >>>> this area.
> >>>>
> >>>> I have a suspicious feeling that this initiative is really a different
> >>>> venue for a small number of individuals who object to one and only one
> of
> >>>> the GCC policies on profit sharing (see
> >>>>
> https://www.owasp.org/index.php/Confernece_Profit_Sharing_Split_Rationale
> >>>> for some hard facts on that issue) what was voted on by the GCC and
> ratified
> >>>> by the board.  If so, then this entire issue should be dropped and
> those
> >>>> individuals should challenge the policy not the committee that
> oversees
> >>>> events.  The committees are there to make tough decisions and this
> decision
> >>>> was based on significant community input, conducted in a fair and open
> >>>> manor, and was set specifically to allow the most OWASP outreach
> possible,
> >>>> be fiscally responsible for OWASP as a whole and eliminate the
> creation of
> >>>> rich/poor OWASP chapters.  Opponents of the policy suggest a system
> that
> >>>> last year would have allocated an additional $35,976 to only 2
> chapters
> >>>> leaving almost every other chapter unchanged.
> >>>>
> >>>> Again I apologize for not being able to make the meeting, however if
> >>>> someone could outline the board's rationale for this decision I would
> >>>> certainly appreciate it.
> >>>>
> >>>> Regards,
> >>>>
> >>>> --
> >>>> Mark Bristow
> >>>> (703) 596-5175
> >>>> mark.bristow at owasp.org
> >>>>
> >>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>>> AppSec DC Organizer - https://www.appsecdc.org
> >>>>
> >>>> _______________________________________________
> >>>> Owasp-board mailing list
> >>>> Owasp-board at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>>>
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >> --
> >> Mark Bristow
> >> (703) 596-5175
> >> mark.bristow at owasp.org
> >>
> >> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >> AppSec DC Organizer - https://www.appsecdc.org
> >>
> >> _______________________________________________
> >> Committees-chairs mailing list
> >> Committees-chairs at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/committees-chairs
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >
> >
> >
> > --
> > Tin Zaw, CISSP, CSSLP
> > Chapter Leader and President, OWASP Los Angeles Chapter
> > Chair, OWASP Global Chapter Committee
> > Google Voice: (213) 973-9295
> > LinkedIn: http://www.linkedin.com/in/tinzaw
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
>
>
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
>  _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110624/53985949/attachment-0002.html>


More information about the Owasp-board mailing list