[Owasp-board] AppSecUSA 2010 Profit Sharing Split

Dave Wichers dave.wichers at owasp.org
Tue Mar 22 02:39:21 UTC 2011


I'd like to see the conference committee try to work this out with them and
then let us know what they come up with. We already approved the current
split. If they come up with something different than that, which they
can/probably will, then I think they should present that for our approval.
And if they can't resolve if between them, then they can present that
instead.

 

This doesn't affect future conferences/or shouldn't. Rather it addresses a
situation where the rules weren't clear before they were established.

 

-Dave

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Monday, March 21, 2011 8:19 PM
To: Mark Bristow
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] AppSecUSA 2010 Profit Sharing Split

 

Mark, issues which affect the bottom line of the foundation need board
involvement I would think.

Behaviour is Improper, no, but not in the Spirit of the organisation either.

 

I am also organising the AppSEC EU conference so I do have some skin in the
game here regardless of my membership of the board.

 

 

On 21 March 2011 23:55, Mark Bristow <mark.bristow at owasp.org> wrote:

<Mark hat on>

Eoin I for the most part personally agree with your sentiments, although I
don't believe that the leaders involved are acting in an "improper" way, as
chapter leaders, they are responsible to do what they think is best for
their chapter.  It's the responsibility of the committees/board to weigh
that on the needs of the organization as a whole, IMO.

 

<GCC Chair/Governance hat on>

I'd like the opportunity for the GCC to come to it's own resolution on this
matter and then present to the board for final review (As described in my
initial email).  In general I feel that the committees should handle this
sort of issue internally as possible and only involve the board if there is
a dispute in the resolution the committee comes to.

 

On Mon, Mar 21, 2011 at 7:42 PM, Eoin <eoin.keary at owasp.org> wrote:

this is crazy......... (im sorry i have t say this)

the funds are all owasp money.

feels like holding owasp to ransom tbh

"we will only hold the event for x $$$ usd for our chapter"...talk about
missing the point of OWASP in the first place.

Not very values driven imho.

 

-ek

 

On 21 March 2011 19:20, Mark Bristow <mark.bristow at owasp.org> wrote:

Richard,

Thanks for the information.  We'll take this under consideration and let you
know when we present our decision to the board for review.

Thanks,
-Mark

 

On Mon, Mar 21, 2011 at 3:08 PM, Richard Greenberg
<richard.greenberg at owasp.org> wrote:

Folks,

As promised, below is the response from the OC and LA Chapters:

The OC and LA Chapters were extremely surprised upon hearing that the
recently adopted policies, particularly the cap, regarding conference splits
with local chapters were being used retroactively to disperse funds from
AppSec SoCal. Clearly, I don't think any members of this committee would
intentionally proceed in this fashion. I am presuming that the understanding
was that there was no other agreement in place. However, this was not the
case.

 

You may or may not have seen the discussion threads I am including below.
They give a pretty definitive indication to the LA and OC Boards that the
agreed upon AppSec split was 25/75. However, there has been quite a bit of
discussion and some compelling thoughts on the finances of the organization
as a whole, and "the needs of the many outweigh the needs of the few" (one
of my favorite movie scenes). With that said, I am proposing some type of
compromise that would honor the pre-conference agreement and understanding,
yet not take too much of the revenue needed by OWASP, the mothership. Rather
than my stating a specific additional percentage, I am asking the GCC to
come up with a compromise figure. I think that this is essential to honor
the spirit and openness of what we are all about, and what we stand for as
an organization.

 

As requested, a working version of AppSec USA 2010 budget is attached. The
real budget (P&L statement) resides with Alison (we left detailed
bookkeeping to Alison once we figured out that we are making a profit).

 

The OC and LA chapters intend to use the proceeds from AppSec USA 2010 to
advance the OWASP mission in OC and LA counties, in accordance with OWASP
chapter guidelines. Activities planned include, but are not limited to,
bringing in the best of class speakers to chapter meetings, providing free
or discounted training opportunities, and covering increased venue costs
when attendance exceeds current facility capacity. We also are firm
believers that our future lies with the upcoming generations, and we intend
to support local student chapters as best as we can. 

 

Keep in mind that larger cities like LA, NY and Dc have higher costs than
most of the country. The arguments that I have heard that there should be no
rich chapters aren't really sound ones. Strong chapters are the best allies
a centralized OWASP could possibly have. Keep in mind that in emergencies,
funds can always be reclaimed from chapters.

 

We appreciate your consideration of our position, and trust that when all
the facts are reviewed, a compromise can indeed be reached that is equitable
and will leave all of us happy to move ahead with our important work.

 

I am available for any questions you may have in this matter: 323-869-8120.

 

Thanks, again, for agreeing to resolve this issue.

 

Below is the historical record of the discussions that took place prior to
the Global SoCal AppSec:

 

From: Kate Hartmann <kate.hartmann at owasp.org>
Date: Mon, Mar 22, 2010 at 12:37 PM
Subject: RE: [AppSec USA 2010] Trainer Split
To: Tin Zaw <tin.zaw at owasp.org>
Cc: Neil Matatall <neil at owasp.org>, Cassio Goldschmidt <cassio at owasp.org>

Yes, you are correct.  Remember, however, that the annual AppSec conferences
are one of the greatest sources of income for the foundation, so the budget
and expenses need to be monitored closely.  The expectation for the US
AppSec revenue would be in the neighborhood of $100K.

 

Kate Hartmann

OWASP Operations Director

9175 Guilford Road

Suite 300

Columbia, MD  21046

 

301-275-9403 

kate.hartmann at owasp.org

Skype:  kate.hartmann1 

 

From: Tin Zaw [mailto:tin.zaw at owasp.org] 
Sent: Monday, March 22, 2010 3:36 PM
To: Kate Hartmann
Cc: Neil Matatall; Cassio Goldschmidt
Subject: Re: [AppSec USA 2010] Trainer Split

 

Thanks Kate. 

 

I assume 40/60 split is of revenue (what we charge to students) for
training. 40% goes to trainer, and 60% goes to conference revenue (or gross
income) right? 

 

What is the split of proceeds (net income/profit) from all 4 days? I believe
it is 25/75 (25% goes to local chapter(s) and 75% goes to OWASP Foundation).
Please confirm.

 

Thanks.

On Mon, Mar 22, 2010 at 11:44 AM, Kate Hartmann <kate.hartmann at owasp.org>
wrote:

The conferences committee recommends a 40/60 split (trainer/owasp)

 

Kate Hartmann

OWASP Operations Director

9175 Guilford Road

Suite 300

Columbia, MD  21046

 

301-275-9403 

kate.hartmann at owasp.org

Skype:  kate.hartmann1 

 

From: pc_appsec_us_2010-bounces at lists.owasp.org
[mailto:pc_appsec_us_2010-bounces at lists.owasp.org] On Behalf Of Neil
Matatall
Sent: Friday, March 19, 2010 12:45 PM
To: pc_appsec_us_2010 at lists.owasp.org
Subject: [AppSec USA 2010] Trainer Split

 

Can someone remind me what the split is for trainers?  75/25 owasp/trainer?


Neil

 

On Fri, Mar 18, 2011 at 10:10 AM, Richard Greenberg
<richard.greenberg at owasp.org> wrote:

On behalf of the OC and LA OWASP Chapters, thank you all for considering our
Chapters' position on this sensitive matter. We will discuss and send you
some guidance to assist you in objectively evaluating this situation and
coming up with an equitable and responsible resolution. 

 

On Fri, Mar 18, 2011 at 9:01 AM, Mark Bristow <mark.bristow at owasp.org>
wrote:

Richard, Neil, Cassio and Tin,

Richard has recently brought to our attention that you all feel that the GCC
profit sharing split was inappropriately applied to AppSecUSA 2010.  It is
the responsibility of the Global Conference Committee to adjudicate these
types of cases and as such I've started an inquiry based on the board
inquiry process.  As Richard, Neil and Cassio were intimately involved with
this event and have a conflict of interest as defined in the GCC Governance
policy
<http://www.owasp.org/index.php/Global_Conferences_Committee_Governance#Conf
lict_of_Interest> , I've recused them from the discussions related to this
inquiry so that they may be free to fully present their case from the
position of AppSec USA 2010 event planners and chapter leaders.  The
remaining GCC members will take this matter into consideration and discuss
it early next week.  We will come to a resolution and provide it to the
board for final approval (as it involves a substantial amount of OWASP
foundation funds).  Once this is complete I will put the inquiry information
and decision rational on the wiki as well as how the committee voted on the
matter and will encourage the board to do the same.

At issue here is the application of the GCC "Profit Sharing Policy
<http://www.owasp.org/index.php/Global_Conferences_Committee#tab=Committee_P
olicies> " in which the local host chapters of Global AppSec events receive
"25% of event profits with a $5,000 USD cap ($10,000 for multi-chapter
events)".  It's our understanding that you are contending that you were
under the impression that the split would be provided at the rate of 25% of
profits to the local with no cap.  According to the foundation's records,
AppSecUSA 2010 made a profit of $96,449.92 and $10,000 has already been
provided to the LA and OC Chapters.  Your position is that the chapters
should be allocated an additional $14,112.48 (25% of $96,449.92 - $10,000
which was already dispatched) for a total of $24,112.48 to be split by your
chapters.

The committee would like to get the following from the AppSec USA planners
in order to render a decision on this issue.

1.	A statement outlining your position of why you feel the policy was
improperly applied
2.	As we understand it you feel that you were told that the 25% w/ no
cap was the policy and was agreed to, we'd like to know more about how this
came to be.
3.	A copy of your internal AppSecUSA budget (as it stands, need not be
a heavy lift) for comparison to the foundation records
4.	If you'd like to also describe how your chapters plan to use the
additional funds, your welcome to do that also, although not strictly a
conference issue, some of the committee have asked for this information if
you'd like to provide it.

We'd appreciate a reply by noon Monday if possible.  However if you need
more time, that's fine, wer're just trying to be expeditious and get this
resolved.  As described and as it represents a reasonably substantial
portion (about 16%) of the OWASP annual operations budget we will also have
to have the board weigh in on this.  However at the summit the board
indicated that they'd like to have the committees debate it out first and
present their conclusions to the board for review.

Regards,
The Global Conferences Committee

-- 
Mark Bristow
(703) 596-5175 <tel:%28703%29%20596-5175> 
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org <https://www.appsecdc.org/> 



-- 
Richard Greenberg, CISSP
Board of Directors, OWASP Los Angeles, www.owaspla.org
<http://www.appsecusa.org/> 
Board of Directors, ISSA Los Angeles, www.issa-la.org
<http://www.appsecusa.org/> 
OWASP Global Conference Committee
LinkedIn:  http://www.linkedin.com/in/richardagreenberg

 




-- 
Mark Bristow
(703) 596-5175 <tel:%28703%29%20596-5175> 
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org





-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary




-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org




-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110321/38258fe7/attachment-0002.html>


More information about the Owasp-board mailing list