[Owasp-board] AppSecUSA 2010 Profit Sharing Split

Mark Bristow mark.bristow at owasp.org
Mon Mar 21 23:55:33 UTC 2011


<Mark hat on>
Eoin I for the most part personally agree with your sentiments, although I
don't believe that the leaders involved are acting in an "improper" way, as
chapter leaders, they are responsible to do what they think is best
for their chapter.  It's the responsibility of the committees/board to weigh
that on the needs of the organization as a whole, IMO.

<GCC Chair/Governance hat on>
I'd like the opportunity for the GCC to come to it's own resolution on this
matter and then present to the board for final review (As described in my
initial email).  In general I feel that the committees should handle this
sort of issue internally as possible and only involve the board if there is
a dispute in the resolution the committee comes to.

On Mon, Mar 21, 2011 at 7:42 PM, Eoin <eoin.keary at owasp.org> wrote:

> this is crazy......... (im sorry i have t say this)
> the funds are all owasp money.
> feels like holding owasp to ransom tbh
> "we will only hold the event for x $$$ usd for our chapter"...talk about
> missing the point of OWASP in the first place.
> Not very values driven imho.
>
> -ek
>
>
> On 21 March 2011 19:20, Mark Bristow <mark.bristow at owasp.org> wrote:
>
>> Richard,
>>
>> Thanks for the information.  We'll take this under consideration and let
>> you know when we present our decision to the board for review.
>>
>> Thanks,
>> -Mark
>>
>>
>> On Mon, Mar 21, 2011 at 3:08 PM, Richard Greenberg <
>> richard.greenberg at owasp.org> wrote:
>>
>>> Folks,
>>>
>>> *As promised, below is the response from the OC and LA Chapters:*
>>>
>>> The OC and LA Chapters were extremely surprised upon hearing that the
>>> recently adopted policies, particularly the cap, regarding conference splits
>>> with local chapters were being used retroactively to disperse funds from
>>> AppSec SoCal. Clearly, I don't think any members of this committee would
>>> intentionally proceed in this fashion. I am presuming that the understanding
>>> was that there was no other agreement in place. However, this was not
>>> the case.
>>>
>>>
>>>
>>> You may or may not have seen the discussion threads I am including
>>> below. They give a pretty definitive indication to the LA and OC Boards
>>> that the agreed upon AppSec split was 25/75. However, there has been quite a
>>> bit of discussion and some compelling thoughts on the finances of the
>>> organization as a whole, and "the needs of the many outweigh the needs of
>>> the few" (one of my favorite movie scenes). With that said, I am proposing
>>> some type of compromise that would honor the pre-conference agreement and
>>> understanding, yet not take too much of the revenue needed by OWASP, the
>>> mothership. Rather than my stating a specific additional percentage, I am
>>> asking the GCC to come up with a compromise figure. I think that this is
>>> essential to honor the spirit and openness of what we are all about, and
>>> what we stand for as an organization.
>>>
>>>
>>>
>>> As requested, a working version of AppSec USA 2010 budget is attached.
>>> The real budget (P&L statement) resides with Alison (we left detailed
>>> bookkeeping to Alison once we figured out that we are making a profit).
>>>
>>>
>>>
>>> The OC and LA chapters intend to use the proceeds from AppSec USA 2010 to
>>> advance the OWASP mission in OC and LA counties, in accordance with
>>> OWASP chapter guidelines. Activities planned include, but are not
>>> limited to, bringing in the best of class speakers to chapter meetings,
>>> providing free or discounted training opportunities, and covering increased
>>> venue costs when attendance exceeds current facility capacity. We also
>>> are firm believers that our future lies with the upcoming generations, and
>>> we intend to support local student chapters as best as we can.
>>>
>>>
>>>
>>> Keep in mind that larger cities like LA, NY and Dc have higher costs than
>>> most of the country. The arguments that I have heard that there should be no
>>> rich chapters aren’t really sound ones. Strong chapters are the best allies
>>> a centralized OWASP could possibly have. Keep in mind that in emergencies,
>>> funds can always be reclaimed from chapters.
>>>
>>>
>>>
>>> We appreciate your consideration of our position, and trust that when all
>>> the facts are reviewed, a compromise can indeed be reached that is equitable
>>> and will leave all of us happy to move ahead with our important work.
>>>
>>>
>>> I am available for any questions you may have in this matter:
>>> 323-869-8120.
>>>
>>>
>>> Thanks, again, for agreeing to resolve this issue.
>>>
>>>
>>>  *Below is the historical record of the discussions that took place
>>> prior to the Global SoCal AppSec:*
>>>
>>>
>>> From: *Kate Hartmann* <kate.hartmann at owasp.org>
>>> Date: Mon, Mar 22, 2010 at 12:37 PM
>>> Subject: RE: [AppSec USA 2010] Trainer Split
>>> To: Tin Zaw <tin.zaw at owasp.org>
>>> Cc: Neil Matatall <neil at owasp.org>, Cassio Goldschmidt <cassio at owasp.org
>>> >
>>>
>>> Yes, you are correct.  Remember, however, that the annual AppSec
>>> conferences are one of the greatest sources of income for the foundation, so
>>> the budget and expenses need to be monitored closely.  The expectation for
>>> the US AppSec revenue would be in the neighborhood of $100K.
>>>
>>>
>>>
>>> Kate Hartmann
>>>
>>> OWASP Operations Director
>>>
>>> 9175 Guilford Road
>>>
>>> Suite 300
>>>
>>> Columbia, MD  21046
>>>
>>>
>>>
>>> 301-275-9403
>>>
>>> kate.hartmann at owasp.org
>>>
>>> Skype:  kate.hartmann1
>>>
>>>
>>>
>>> *From:* Tin Zaw [mailto:tin.zaw at owasp.org]
>>> *Sent:* Monday, March 22, 2010 3:36 PM
>>> *To:* Kate Hartmann
>>> *Cc:* Neil Matatall; Cassio Goldschmidt
>>> *Subject:* Re: [AppSec USA 2010] Trainer Split
>>>
>>>
>>>
>>> Thanks Kate.
>>>
>>>
>>>
>>> I assume 40/60 split is of revenue (what we charge to students) for
>>> training. 40% goes to trainer, and 60% goes to conference revenue (or gross
>>> income) right?
>>>
>>>
>>>
>>> What is the split of proceeds (net income/profit) from all 4 days? I
>>> believe it is 25/75 (25% goes to local chapter(s) and 75% goes to OWASP
>>> Foundation). Please confirm.
>>>
>>>
>>>
>>> Thanks.
>>>
>>> On Mon, Mar 22, 2010 at 11:44 AM, Kate Hartmann <kate.hartmann at owasp.org>
>>> wrote:
>>>
>>> The conferences committee recommends a 40/60 split (trainer/owasp)
>>>
>>>
>>>
>>> Kate Hartmann
>>>
>>> OWASP Operations Director
>>>
>>> 9175 Guilford Road
>>>
>>> Suite 300
>>>
>>> Columbia, MD  21046
>>>
>>>
>>>
>>> 301-275-9403
>>>
>>> kate.hartmann at owasp.org
>>>
>>> Skype:  kate.hartmann1
>>>
>>>
>>>
>>> *From:* pc_appsec_us_2010-bounces at lists.owasp.org [mailto:
>>> pc_appsec_us_2010-bounces at lists.owasp.org] *On Behalf Of *Neil Matatall
>>> *Sent:* Friday, March 19, 2010 12:45 PM
>>> *To:* pc_appsec_us_2010 at lists.owasp.org
>>> *Subject:* [AppSec USA 2010] Trainer Split
>>>
>>>
>>>
>>> Can someone remind me what the split is for trainers?  75/25
>>> owasp/trainer?
>>>
>>>
>>> Neil
>>>
>>>
>>>
>>> On Fri, Mar 18, 2011 at 10:10 AM, Richard Greenberg <
>>> richard.greenberg at owasp.org> wrote:
>>>
>>> On behalf of the OC and LA OWASP Chapters, thank you all for considering
>>> our Chapters' position on this sensitive matter. We will discuss and send
>>> you some guidance to assist you in objectively evaluating this situation and
>>> coming up with an equitable and responsible resolution.
>>>
>>>
>>>
>>> On Fri, Mar 18, 2011 at 9:01 AM, Mark Bristow <mark.bristow at owasp.org>
>>> wrote:
>>>
>>> Richard, Neil, Cassio and Tin,
>>>
>>> Richard has recently brought to our attention that you all feel that the
>>> GCC profit sharing split was inappropriately applied to AppSecUSA 2010.  It
>>> is the responsibility of the Global Conference Committee to adjudicate these
>>> types of cases and as such I've started an inquiry based on the board
>>> inquiry process.  As Richard, Neil and Cassio were intimately involved with
>>> this event and have a conflict of interest as defined in the GCC
>>> Governance policy<http://www.owasp.org/index.php/Global_Conferences_Committee_Governance#Conflict_of_Interest>,
>>> I've recused them from the discussions related to this inquiry so that they
>>> may be free to fully present their case from the position of AppSec USA 2010
>>> event planners and chapter leaders.  The remaining GCC members will take
>>> this matter into consideration and discuss it early next week.  We will come
>>> to a resolution and provide it to the board for final approval (as it
>>> involves a substantial amount of OWASP foundation funds).  Once this is
>>> complete I will put the inquiry information and decision rational on the
>>> wiki as well as how the committee voted on the matter and will encourage the
>>> board to do the same.
>>>
>>> At issue here is the application of the GCC "Profit Sharing Policy<http://www.owasp.org/index.php/Global_Conferences_Committee#tab=Committee_Policies>"
>>> in which the local host chapters of Global AppSec events receive "25% of
>>> event profits with a $5,000 USD cap ($10,000 for multi-chapter events)".
>>> It's our understanding that you are contending that you were under the
>>> impression that the split would be provided at the rate of 25% of profits to
>>> the local with no cap.  According to the foundation's records, AppSecUSA
>>> 2010 made a profit of $96,449.92 and $10,000 has already been provided to
>>> the LA and OC Chapters.  Your position is that the chapters should be
>>> allocated an additional $14,112.48 (25% of $96,449.92 - $10,000 which was
>>> already dispatched) for a total of $24,112.48 to be split by your chapters.
>>>
>>> The committee would like to get the following from the AppSec USA
>>> planners in order to render a decision on this issue.
>>>
>>>    1. A statement outlining your position of why you feel the policy was
>>>    improperly applied
>>>    2. As we understand it you feel that you were told that the 25% w/ no
>>>    cap was the policy and was agreed to, we'd like to know more about how this
>>>    came to be.
>>>    3. A copy of your internal AppSecUSA budget (as it stands, need not
>>>    be a heavy lift) for comparison to the foundation records
>>>    4. If you'd like to also describe how your chapters plan to use the
>>>    additional funds, your welcome to do that also, although not strictly a
>>>    conference issue, some of the committee have asked for this information if
>>>    you'd like to provide it.
>>>
>>> We'd appreciate a reply by noon Monday if possible.  However if you need
>>> more time, that's fine, wer're just trying to be expeditious and get this
>>> resolved.  As described and as it represents a reasonably substantial
>>> portion (about 16%) of the OWASP annual operations budget we will also have
>>> to have the board weigh in on this.  However at the summit the board
>>> indicated that they'd like to have the committees debate it out first and
>>> present their conclusions to the board for review.
>>>
>>> Regards,
>>> The Global Conferences Committee
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175 <%28703%29%20596-5175>
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>>
>>> --
>>> Richard Greenberg, CISSP
>>> Board of Directors, OWASP Los Angeles, www.owaspla.org<http://www.appsecusa.org/>
>>> Board of Directors, ISSA Los Angeles, www.issa-la.org<http://www.appsecusa.org/>
>>> OWASP Global Conference Committee
>>> LinkedIn:  http://www.linkedin.com/in/richardagreenberg
>>>
>>>
>>>
>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
>>
>>
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>



-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110321/c227334f/attachment-0002.html>


More information about the Owasp-board mailing list