[Owasp-board] [Global_conference_committee] Profit sharing policy discussion

Tom Brennan tomb at owasp.org
Wed May 11 19:48:56 UTC 2011


Mark what supporting documentation do you have on a vote of approval on the then current board? 

Btw, this never happened in Portugal or before that.

https://www.owasp.org/index.php/OWASP_Board_Meetings

Next board meeting is the 8th live at appsec eu Ralph is your delegate onsite i think from GCC. Keys get it added to the agenda, happy to vote on this proposal formally.  My vote is YES with the removal of caps to chapters btw and Tin has the voice of chapters forthcoming globally via survey.  GCC has done a kick ass job however below is not accurate history.

9732020122 to discuss


On May 11, 2011, at 2:21 PM, Mark Bristow <mark.bristow at owasp.org> wrote:

> Josh,
> 
> Lets agree to disagree.  Regardless of how you feel about them, policies set by the GCC are conference policies, this particular policy was taken the extra step and confirmed by the board.  As a result, it stands for OWASP events until such time as the GCC or Board overturns the decision.
> 
> As an aside, I don't like this policy either, I think there should be no profit sharing for any events that the foundation underwrites, however as Chair I'm obligated to defend the decision of my committee and will continue to do so.
> 
> Before you formulate your opinion, I'd suggest you look at the P&L reports for the last few year, OWASP Operational Expensises, the bill for the Summit, OWASP strategic initiative spending  and the P&L reports for Global AppSec, Regional and Local events over the past few years (Not everything with AppSec in the name is a Global AppSec, for example AppSec DC is a Regional event).  Also taking a look at actual expenditures by OWASP chapters would be useful and help frame the context of this decision.
> 
> -Mark
> 
> On Wed, May 11, 2011 at 1:49 PM, Josh Sokol <josh.sokol at ni.com> wrote:
> Mark, 
> 
> You're absolutely right.  It's one policy that we take issue with right now.  That doesn't mean that we should be forced to blindly follow that policy if it doesn't make sense for what we are trying to accomplish here.  It also doesn't mean that in the future the GCC won't come up with another policy that we disagree with.  We want to not only support, but also further OWASP's mission by hosting a quality OWASP conference.  I think that we can all agree that is what we have accomplished to date.  I still haven't heard a good argument for the profit split on non-AppSec conferences.  I agree that AppSec conferences are the bread and butter of OWASP's ability to run the foundation and should be held as somewhat sacred.  I don't necessarily disagree with OWASP taking 100% of the profits from past AppSec conferences though a split does make sense to encourage the organizers to do a good job.  However, if OWASP makes any money off the non-AppSec conference, then that should be viewed as simply gravy on top of chapters and individuals spreading the OWASP message to the masses.  That is what the GCC should be figuring out ways to encourage.  If we had 100 conferences generating $0 in revenue, we would be far more effective in accomplishing our mission than if we had 4 conferences that made $100k.  OWASP is a non-profit organization after all.  Any policy by which the GCC dictates it's cut from these homegrown conferences is simply greedy as the money is already going into the OWASP bank account and will be spent to further OWASP's mission.  And for what it's worth, before the GCC decided how much we were contributing, we had already earmarked 50% of our profits to go to the foundation.  The fact that the GCC feels that this wasn't generous enough for our hard work and feel the need to enact policy to take more makes me a little sick.  Even a 60/40 split like we do with membership seems semi-reasonable.  But why the need to dictate that?  The decision to donate should come from the organizers and not from the GCC's policies.  This policy, both from a percentage and a cap perspective, is simply unacceptable.  The fact that it is dictated to us with no measure of acceptance or recourse makes it that much worse.  This policy does not benefit the foundation via it's core values and mission.  The only thing it benefits is the general fund instead of the chapters.   
> 
> I think the real line here is AppSec Conferences (used to fund the foundation) vs everything else.  Set whatever policy you want on the AppSec conferences as those belong enitrely to the foundation IMHO and the revenues are used primarily to fund the organization.  For everything else, as long as they are true to the OWASP mission (ie. the reasoning behind those other policies from the GCC that we agree with), the only stipulation should be that the profits are deposited back into an OWASP-controlled account with the goal of furthering the OWASP mission.  If it makes sense to cap something, say that each chapter can have a max of $X in their individual bank account at any time with the overflow redirected to an OWASP approved location of their choosing.  No more "rich" chapters, share the wealth, encourage conferences, and support the OWASP mission.  That's what we're all about. 
> 
> Sincerely,
> 
> Josh Sokol (CISSP, CCNA, GWAS)
> Information Security Program Owner
> National Instruments 
> 
> 
> 
> From:        Mark Bristow <mark.bristow at owasp.org> 
> To:        Josh Sokol <josh.sokol at ni.com> 
> Cc:        Kate Hartmann <kate.hartmann at owasp.org>, "james.wickett at owasp.org" <james.wickett at owasp.org> 
> Date:        05/11/2011 12:12 PM 
> Subject:        Re: [Global_conference_committee] Profit sharing policy discussion 
> 
> 
> 
> Josh,
> 
> To me, what you described is, to me, an OWASP conference and therefore subject to foundation oversight.  The GCC tries very, very hard not to get too involved in the actual planning of OWASP events and let the local planning team have significant leeway within the context of some general policies set forth by the foundation.  To date there are only 20 policies and some of them are things like "be vendor neutral".
> 
> I am saying that LASCON is run by the Austin chapter with oversight from the GCC to ensure that the event complies with OWASP ethics, values and priorities.  If you feel you can run the event entirely by yourselves that's fine.  Take AppSec USA this year, we are only lightly involved because the planning team is on the ball.  Some events require more attention from the GCC than others.  I don't believe that at any time we have tried to get too involved with the actual running of the conference (I haven't asked to be on your Program Committee, nor told you what venue to use, heck, we didn't even get involved as to the dates of the event) as you've demonstrated your capabilities with LASCON last year.  
> 
> All we are requiring is that LASCON comply with all of the policies that have been set forth by the Foundation for all OWASP events.  It's clear that you object to one of thoes policies however the GCC debated and discussed many of the very points you have brought up.  You are looking at things as an advocate just LASCON and the Austin chapter, exactly as you should do, as those are your roles in OWASP.  The difference is that the GCC must be concerned with not individual events but all OWASP events as well as larger issues at the foundation level (for example, ensure the foundation as a whole has sufficient revenue to survive) when setting our policies.    I believe the "rub" comes from this differing perspective.
> 
> -Mark
> 
> On Wed, May 11, 2011 at 11:43 AM, Josh Sokol <josh.sokol at ni.com> wrote: 
> I guess so.  I think that LASCON is an OWASP conference in that it supports the OWASP mission and benefits the OWASP foundation and Austin chapter.  We were planning on establishing our own bank account for the conference until the suggestion was made that we simplify by having Kate and Allison handle the income and expenses.  Since the ultimate destination for the money was the foundation and the chapters bank accounts, it seemed like a win-win.  Nobody ever said that this agreement meant that the foundation c/o the GCC would have full control over the conference moving forward.  In my opinion the decision making ability for LASCON has always belonged to James and I as co-chairs and the LASCON board and we executed as such last year.  Yes, OWASP wrote a lot of checks on behalf of LASCON via this agreement, but it also took in way more revenue than the majority of OWASP conferences held last year. 
> 
> The thing that confuses me is why this has to be all black and white to you.  Why can't we say that LASCON is the Austin chapters baby and is controlled as such with oversight from the GCC to make sure we are adhering to the OWASP values and representing the foundation in an acceptable manner?  As long as that holds true, I'm not sure why the GCC really needs it's hands on LASCON at all.  James and I have had many discussions about this and we both agree that we want LASCON to be an OWASP conference with profit going to the local chapter and foundation.  What we don't agree with is that this desire equates to us giving up control over how the conference is run, how the money is spent, and where it ultimately ends up.  You said it yourself; ultimately there really is no such thing as a chapter bank account, it's just a line item used by accountants.  All of the money is spent to support the OWASP mission.  And I don't see what's wrong with having so called "rich" chapters.  The desire to be on that list and be able to do more with OWASP locally was one of the things that enticed us to do LASCON in the first place.  Why not encourage more chapters to follow that model rather than discouraging them from having a conference altogether.  A decent account balance can be used to show which chapters are doing more to support the mission than others.  If that helps to encourage more participation from others, then I think we should be using that to our advantage. 
> 
> 
> Sincerely, 
> 
> Josh Sokol (CISSP, CCNA, GWAS) 
> Information Security Program Owner 
> National Instruments 
> 
> On May 11, 2011, at 10:17 AM, "Mark Bristow" <mark.bristow at owasp.org> wrote:
> 
> So that's the disconnect?  You don't think LASCON is an OWASP function?  If that's the case, that's fine we can treat it not as an OWASP event but as a partnered event if you'd like.  If it's a partner event it goes through entirely different rules and a contract is established between OWASP and the partnering organization (who would that be in this case?).  
> 
> If LASCON is run by the OWASP Austin Chapter, then it definately falls under GCC juristction as delegated to the GCC by the board.  OWASP Chapters are not individual entities they are members of the overall OWASP foundation and thus are subject to it's governance.  But if LASCON is run simply by Josh Sokol and/or the LASCON organization, then it's a partner event and the GCC would have to evaluate OWASP's participation in such an event.
> 
> Also, FYI the board already passed this policy, the GCC did exist at the time (I remember approving LASCON in 2010).  I recall OWASP and the GCC writing a lot of checks to cover LASCON last year so it' shard to say that "When we started LASCON, there was no GCC that I'm aware of and at the very least no involvement in the conference from the GCC"  Because you were working primarily with Kate dosn't mean it wasn't the GCC, we just wern't well staffed at the time.
> 
> On Wed, May 11, 2011 at 11:04 AM, Josh Sokol <josh.sokol at owasp.org> wrote: 
> Mark, 
> 
> Personally, I don't care about DC or any AppSec conference for that matter.  These conferences, regardless of which chapter is supporting, are the property of the OWASP Foundation and should rightly be treated as such with the GCC setting whatever profit splits, caps, or anything else it sees fit.  I have never desired to change that and the Austin chapter has put in a bid to support the Foundation in that effort for the 2012 USA conference out of our desire to support OWASP's core values and mission. 
> 
> What I do not agree with is the notion that the GCC can now make policy for other conferences run by individuals and chapters.  When we started LASCON, there was no GCC that I'm aware of and at the very least no involvement in the conference from the GCC.  The notion that the creation of the GCC suddenly means that all future decision making ability and past decisions were retroactively taken out of the hands of the conference planners is simply crap.  LASCON was founded by the Austin chapter members to support the OWASP mission, but is not the property of OWASP.  It is a fundraiser for both our local chapter and the foundation, but was never intended to be governed by the GCC.  In every communication that I've seen from you on this topic you have made the assumption that we gave up the right to make decisions for ourselves when we decided that the conference would support OWASP.  Other than our agreement that the foundation would handle the income and expenditures to simplify that part of the conference for us, I'd like to know where it was ever agreed that it would be the case that OWASP or the GCC would be able to set policy for our conference.  The fact is that we never agreed to this and likely never would have given up that right had we had any say in the matter.  IMHO, the GCC should have full control over conferences that belong to OWASP and any agreements with any other conferences should be negotiated and agreed to between the GCC and the conference planners.  If you don't start treating these conferences more like a partnership and less like an owner by assumption, I can guarantee that you will lose them and any support they provide for OWASP either via it's mission or financially. 
> 
> I've said my piece apparently "ad nauseum" at this point even though we were never consulted as stakeholders in this policy and when I tried to get involved I was told that the discussion had already been had and all that was left was a vote.  The only reason why I am still pleading my case is because the board ultimately has to approve this policy and I am hopeful that they will recognize that this policy contradicts OWASP's mission.  I appreciate the GCC's desire to bring order where there was chaos, but this policy flies in the face of everyone out there trying to support OWASP and it's values through conferences.  Since the GCC is unwilling to recognize this and overturn it's flawed policy, I can only hope that the board will.
> 
> Sincerely, 
> 
> Josh Sokol (CISSP, CCNA, GWAS) 
> Information Security Program Owner 
> National Instruments 
> 
> On May 10, 2011, at 6:11 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
> 
> I think it is important to remember in this discussion that it is ALL OWASP'S money.  Distinction between the board budget, committee budgets, project budgets, chapter budgets, conferences et all is an internal accounting practice and how the Foundation chooses to organize and prioritize it's activities, there are not separate accounts merely line items tracked by our accountants. 
> 
> The Conferences Committee has visited, and revisited this topic ad-nasuem.  In the end the committee members voted on the policy and that is the policy that shall stand until it is re-visited by the committee or overturned by the board.  As Committee Chair and as a Committee member, it's my responsibility to support that policy until such time.  The intention was for the GCC to look at this subject again after we went through a Global AppSec Cycle to determine if it was effective.  I think it would be prudent to get more information and feedback about the policy before we go changing it. 
> 
> Regarding Josh's comment regarding how the language was drafted, I agree it may stem to incentivize the wrong types of behavior by calling out the additional money one can earn for their chapter.  Financial gain for the chapter should NOT be a primary goal in hosting a conference, it should be done as an effort to further the OWASP mission and the Application Security community.  What I was trying to do was help "incentivize" and "sex up" the statement to drive more people to host events and ultimately spread awareness about OWASP and application security.  Hosting a conference is a TON of work but it is one of our greatest outreach efforts and we need to find ways to encourage events in a controlled and coordinated way. 
> 
> In regards to the comment about events handing 100% of profits to the foundation prior to this policy being implemented, to my knowledge (I can say it definitively with APpSec DC) this was completely true and if you want me to pull the records for all events I will do so.  I believe the first time that any type of profit sharing was tried was AppSec EU 2010 as a pilot program. 
> 
> Comments about the need for chapter budgets are really outside this conversation and is a matter for the chapters committee.
> 
> On Tue, May 10, 2011 at 6:56 PM, Mark Bristow <mark.bristow at owasp.org> wrote: 
> Gentlemen, 
> 
> First off, the initial point of this thread was a report of the GCC of a completed action item it was assigned by the board.  I have re-named this discussion to get it more on topic.  I would really appriciate it if we could, as a general rule, keep to the topics discussed in the subject lines.  Everyone is always welcome to voice their opinion and if it is only tangential to the original topic, a simple rename of the subject will move it into a new thread (I can't wait till we have forums, if that day ever comes). 
> 
> Second,  please everyone keep it civil.  I read this thread mostly from my phone and really didn't notice who said what (and am intentionally doing that while writing this section).  I did see some personal attacks, innuendo, and what I consider to not be appropriate for civil discourse.  Just try to keep it above board. 
> 
> I'll re-read this thread and follow up in a minute, but I needed to take some "moderator" action in this case. 
> 
> -Mark
> 
> On Tue, May 10, 2011 at 6:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote: 
> Lucas,
> 
> Wow.  I don't even know what to say to that as this is the very basis for Mark's communication that generated my original response.  "Earn up to $5000 for your chapter by hosting an OWASP Event!"  Am I missing something here?  "This new policy rewards chapters who volunteer to take on the challenge of hosting an OWASP event"  If you disagree with what I said, then you should be jumping up and down screaming about this message intended for the leaders list.  The communication says nothing about supporting OWASP's mission, doing it for fun, educating the masses.  Only money for chapters.  Houston, I think we have a problem here.
> 
> Frankly, this isn't about a mentality that you want to encourage and to some extent we need to look beyond selfish motivations and analyze the impacts of our decisions on the chapters and the foundation.  Regardless of the motivations, we need to ask ourselves "Does this encourage more conferences, and thus, support the OWASP mission?"  Everything else is really secondary.  This earn money for your chapter exemplifies that.
> 
> Yeah, I've heard Mark say several times that before the policy there was no policy.  For some reason the assumption is that this means that chapters doing their own conferences were just going to hand over 100% of their profits to the OWASP Foundation.  I'll call shenanigans on that one.  I can only speak for our conference, but that was never our intention and I can pretty much guarantee that I wouldn't even be considering LASCON 2011 an OWASP conference if that were the case.  The very fact that the GCC thinks they should be dictating these conditions to conferences without any say from the people actually running the conferences really bugs me.
> 
> Your last statement I agree with completely and was the rationale behind me taking back my objection to the policy.  My only real thought here is that prior to LASCON, our chapter felt like we hadn't contributed anything to OWASP, and therefore, we shouldn't be asking for anything from the organization.  Giving chapters their own funds is just a way to recognize the chapters that are really giving back to the organization.  Do we need our own money?  Absolutely not.  So why have chapter bank accounts at all if we never intend to put any money in them?
> 
> ~josh 
> 
> 
> On Tue, May 10, 2011 at 4:56 PM, Lucas Ferreira <lucas.ferreira at owasp.org> wrote: 
> Josh,
> 
> I don't think that "getting money for my chapter" should be a driver for a conference planner. This is not the kind of mentality I want to encourage.
> 
> Also, before this policy, there was no policy at all. So this new policy now allows chapters to get some money, which did not happen before. Are you saying that getting no money was better than getting some money?
> 
> Another doubt: which activities do you have in your chapter that could not be funded by the "mothership" OWASP money? Why do you need YOUR money?
> 
> Regards,
> 
> Lucas 
> 
> 
> On Tue, May 10, 2011 at 18:30, Josh Sokol <josh.sokol at owasp.org> wrote: 
> Lucas,
> 
> I agree wholeheartedly.  We should not be looking to use conference to make money, we should be looking to use conferences to carry out the OWASP mission.  That said, throwing conferences is one of very few ways for a chapter to raise funds.  The only other that I am aware of is finding a corporate sponsor which is quite difficult.  So if my best option to get money in my chapters bank account to improve my chapter and carry out the OWASP mission is to hold a conference, why would you do things to discourage that?  Keep in mind that even if the money is in a chapters bank account, it still needs to be used to support the OWASP mission.  Are you implying that my drive to raise funds to improve my local chapter means that I'm not passionate about OWASP?  The very fact that I'm throwing an OWASP conference with a dedicated OWASP track says quite the opposite.  Can the same be said for the policy which has the net effect of disincentivizing more chapters from doing what we have?  All for what?  A bigger amount of money into the general OWASP account.  So now tell me who's passionate and who's about the money?
> 
> ~josh 
> 
> 
> On Tue, May 10, 2011 at 4:13 PM, Lucas Ferreira <lucas.ferreira at owasp.org> wrote: 
> Josh,
> 
> if the conference planners' main incentive is getting money, they are not aligned with what I believe should be the reasons for participating in OWASP. We need to find people that can make a great conference because they are passionate about OWASP as a whole, not about money.
> 
> Regards,
> 
> Lucas 
> 
> 
> On Tue, May 10, 2011 at 17:34, Josh Sokol <josh.sokol at owasp.org> wrote: 
> The reasoning behind the caps in the FAQ is fundamentally flawed.  Because the revenue split is percentage based, as profit grows so does the OWASP Foundation's take.  The cap has the effect of creating a bump in profits for the OWASP Foundation once a certain dollar value is reached.  This actually discourages the conference planners from creating additional profit beyond that cap value, and thus, could result in less money for the foundation.  
> 
> If the intent of this policy is to make sure that the OWASP Foundation makes a pre-determined amount of revenue off of each conference, then you should probably use a minimum profit value for the percentage split to kick in.  This would ensure funding for the foundation while providing incentive for the conference planners to do activities which will make more money for both parties.
> 
> Sincerely,
> 
> Josh Sokol
> 
> On Tue, May 10, 2011 at 2:21 PM, Mark Bristow <mark.bristow at owasp.org> wrote: 
> OWASP Board,
> 
> As previously directed, the OWASP GCC has developed some draft language to announce the profit sharing policy for events for your review and consideration.  If the Board approves, I will post this to the leaders list.
> 
> Regards,
> -Mark
> 
> To: Leaders List 
> Subject: OWASP event profit sharing for local chapters! 
> 
> Leaders, 
>   
> Earn up to $5000 for your chapter by hosting an OWASP Event!  Local chapters who would like to host an OWASP Local, Regional or Global AppSec event can now receive a portion of the event profits earmarked for your chapter.  This new policy rewards chapters who volunteer to take on the challenge of hosting an OWASP event with the following schedule:
> Global AppSec Conference - 25% of event profits with a $5,000 USD maximum ($10,000 for multi-chapter events)
> Regional/Theme Events - 30% of event profits with a $4,000 USD maximum
> Local Events - 50% of profits with a $3000 USD maximum
> All you need to do is coordinate your event with the Global Conferences Committee using the OWASP Conference Management System (https://ocms.owasp.org), answer a few basic questions and get your event approved.  If your event makes a profit you can earn some extra money for your local chapter’s budget!  The Conferences Committee is excited about this new program and can’t wait to work with you to host your OWASP event! 
> 
> About the policy:
> In addition to the Membership Committee's 60/40 membership income sharing model, the GCC felt it was appropriate to provide a mechanism for local chapters who volunteer significant time and effort to host OWASP events to reap some financial benefit from that effort for their local chapter budgets.  The committee considered the needs of the OWASP Foundation, local chapter entrepreneurship, and a potential disparity between "have and have not" chapters when debating the decision.  For more information on this policy you can reference the GCC discussion, GCC vote and OWASP Board Vote on the subject.
> 
> Regards,
> The Global Conferences Committee, Mark Bristow, Chair
> 
> 
> 
> ================= FAQ (not for release with announcement) ================================
> Q: But I thought that conference revenue was split 60/40!?!?
> A: The 60/40 split only apples to membership income and is set by the Membership Committee.  Previously, there was no provision to provide profit sharing from events with local chapters.  This new policy provides chapters with additional ways to obtain resources that did not exist before.
> 
> Q: Why are there caps?
> A: OWASP events are a critical component to the revenue that OWASP earns annually to cover it's operational expenses, making up about half of annual revenue.  It is critical to the continuation of the OWASP Foundation that this revenue stream not be significantly interrupted or we could run out of funding for many of the OWASP activities we, and the community, have come to rely on.  Many OWASP events can be quite profitable (Global AppSec events can make in excess of $100,000 USD) and the Committee decided it was important to put overall profit sharing caps in place  to ensure the conference revenue was available throughout foundation for operating costs.  Additionally, Individual chapter budgets are not the only way that chapters can fund activities.  Chapters can reach out, via the Chapters Committee, for support for various activities from the Foundation, (which in turn is heavily funded by Conference revenue).  The caps ensure that we don't encounter a situation where one or two chapters have a disproportionate allocation of OWASP funds leaving the majority of chapters to fight over a relatively small amount of funds via the Chapters committee.
> 
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> 
> 
> 
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> 
> 
> 
> 
> -- 
> Homo sapiens non urinat in ventum. 
> 
> 
> 
> 
> -- 
> Homo sapiens non urinat in ventum. 
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110511/9f6b1f49/attachment-0002.html>


More information about the Owasp-board mailing list