[Owasp-board] [Global_conference_committee] Profit sharing policy discussion

Mark Bristow mark.bristow at owasp.org
Wed May 11 19:53:33 UTC 2011


Tom.  It was approved at this meeting:
https://www.owasp.org/index.php/Minutes_March_8,_2011
I'm not responsible for taking meeting minutes, you'd have to take that up
with Kate.

Related section, emphasis mine--------

> Conference Committee
>
> Relationship with First approved
>
> Mark will follow up with Conferences Committee to draft guidelines to be
> used for future relationships. One key discussion is related to profit and
> profit sharing models.
>
> GCC Representative funding will remain under the GCC budget and will not be
> charged to the conferences.
>
> *Conference Committee Proposed Profit sharing plan approved with the
> understanding that the financial resources are still intended for activity
> support*. Chapters need to re invest these funds back into the Foundation.
> Mark will take this initiative back to the committee to work on the wording
> of the announcement.
>


It was also approved at our in person meeting at the Summit (you were there)
however I think Kate took the notes and I did not find them on the portal.

On Wed, May 11, 2011 at 3:48 PM, Tom Brennan <tomb at owasp.org> wrote:

> Mark what supporting documentation do you have on a vote of approval on the
> then current board?
>
> Btw, this never happened in Portugal or before that.
>
> https://www.owasp.org/index.php/OWASP_Board_Meetings
>
> Next board meeting is the 8th live at appsec eu Ralph is your delegate
> onsite i think from GCC. Keys get it added to the agenda, happy to vote on
> this proposal formally.  My vote is YES with the removal of caps to chapters
> btw and Tin has the voice of chapters forthcoming globally via survey.  GCC
> has done a kick ass job however below is not accurate history.
>
> 9732020122 to discuss
>
>
> On May 11, 2011, at 2:21 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
>
> Josh,
>
> Lets agree to disagree.  Regardless of how you feel about them, policies
> set by the GCC are conference policies, this particular policy was taken the
> extra step and confirmed by the board.  As a result, it stands for OWASP
> events until such time as the GCC or Board overturns the decision.
>
> As an aside, I don't like this policy either, I think there should be no
> profit sharing for any events that the foundation underwrites, however as
> Chair I'm obligated to defend the decision of my committee and will continue
> to do so.
>
> Before you formulate your opinion, I'd suggest you look at the P&L reports
> for the last few year, OWASP Operational Expensises, the bill for the
> Summit, OWASP strategic initiative spending  and the P&L reports for Global
> AppSec, Regional and Local events over the past few years (Not everything
> with AppSec in the name is a Global AppSec, for example AppSec DC is a
> Regional event).  Also taking a look at actual expenditures by OWASP
> chapters would be useful and help frame the context of this decision.
>
> -Mark
>
> On Wed, May 11, 2011 at 1:49 PM, Josh Sokol < <josh.sokol at ni.com>
> josh.sokol at ni.com> wrote:
>
>> Mark,
>>
>> You're absolutely right.  It's one policy that we take issue with right
>> now.  That doesn't mean that we should be forced to blindly follow that
>> policy if it doesn't make sense for what we are trying to accomplish here.
>>  It also doesn't mean that in the future the GCC won't come up with another
>> policy that we disagree with.  We want to not only support, but also further
>> OWASP's mission by hosting a quality OWASP conference.  I think that we can
>> all agree that is what we have accomplished to date.  I still haven't heard
>> a good argument for the profit split on non-AppSec conferences.  I agree
>> that AppSec conferences are the bread and butter of OWASP's ability to run
>> the foundation and should be held as somewhat sacred.  I don't necessarily
>> disagree with OWASP taking 100% of the profits from past AppSec conferences
>> though a split does make sense to encourage the organizers to do a good job.
>>  However, if OWASP makes any money off the non-AppSec conference, then that
>> should be viewed as simply gravy on top of chapters and individuals
>> spreading the OWASP message to the masses.  That is what the GCC should be
>> figuring out ways to encourage.  If we had 100 conferences generating $0 in
>> revenue, we would be far more effective in accomplishing our mission than if
>> we had 4 conferences that made $100k.  OWASP is a non-profit organization
>> after all.  Any policy by which the GCC dictates it's cut from these
>> homegrown conferences is simply greedy as the money is already going into
>> the OWASP bank account and will be spent to further OWASP's mission.  And
>> for what it's worth, before the GCC decided how much we were contributing,
>> we had already earmarked 50% of our profits to go to the foundation.  The
>> fact that the GCC feels that this wasn't generous enough for our hard work
>> and feel the need to enact policy to take more makes me a little sick.  Even
>> a 60/40 split like we do with membership seems semi-reasonable.  But why the
>> need to dictate that?  The decision to donate should come from the
>> organizers and not from the GCC's policies.  This policy, both from a
>> percentage and a cap perspective, is simply unacceptable.  The fact that it
>> is dictated to us with no measure of acceptance or recourse makes it that
>> much worse.  This policy does not benefit the foundation via it's core
>> values and mission.  The only thing it benefits is the general fund instead
>> of the chapters.
>>
>> I think the real line here is AppSec Conferences (used to fund the
>> foundation) vs everything else.  Set whatever policy you want on the AppSec
>> conferences as those belong enitrely to the foundation IMHO and the revenues
>> are used primarily to fund the organization.  For everything else, as long
>> as they are true to the OWASP mission (ie. the reasoning behind those other
>> policies from the GCC that we agree with), the only stipulation should be
>> that the profits are deposited back into an OWASP-controlled account with
>> the goal of furthering the OWASP mission.  If it makes sense to cap
>> something, say that each chapter can have a max of $X in their individual
>> bank account at any time with the overflow redirected to an OWASP approved
>> location of their choosing.  No more "rich" chapters, share the wealth,
>> encourage conferences, and support the OWASP mission.  That's what we're all
>> about.
>>
>> Sincerely,
>>
>> Josh Sokol (CISSP, CCNA, GWAS)
>> Information Security Program Owner
>> National Instruments
>>
>>
>>
>> From:        Mark Bristow < <mark.bristow at owasp.org>
>> mark.bristow at owasp.org>
>> To:        Josh Sokol < <josh.sokol at ni.com>josh.sokol at ni.com>
>> Cc:        Kate Hartmann < <kate.hartmann at owasp.org>
>> kate.hartmann at owasp.org>, " <james.wickett at owasp.org>
>> james.wickett at owasp.org" < <james.wickett at owasp.org>
>> james.wickett at owasp.org>
>> Date:        05/11/2011 12:12 PM
>> Subject:        Re: [Global_conference_committee] Profit sharing policy
>> discussion
>> ------------------------------
>>
>>
>>
>> Josh,
>>
>> To me, what you described is, to me, an OWASP conference and therefore
>> subject to foundation oversight.  The GCC tries very, very hard not to get
>> too involved in the actual planning of OWASP events and let the local
>> planning team have significant leeway within the context of some general
>> policies set forth by the foundation.  To date there are only 20 policies
>> and some of them are things like "be vendor neutral".
>>
>> I am saying that LASCON is run by the Austin chapter with oversight from
>> the GCC to ensure that the event complies with OWASP ethics, values and
>> priorities.  If you feel you can run the event entirely by yourselves that's
>> fine.  Take AppSec USA this year, we are only lightly involved because the
>> planning team is on the ball.  Some events require more attention from the
>> GCC than others.  I don't believe that at any time we have tried to get too
>> involved with the actual running of the conference (I haven't asked to be on
>> your Program Committee, nor told you what venue to use, heck, we didn't even
>> get involved as to the dates of the event) as you've demonstrated your
>> capabilities with LASCON last year.
>>
>> All we are requiring is that LASCON comply with all of the policies that
>> have been set forth by the Foundation for all OWASP events.  It's clear that
>> you object to one of thoes policies however the GCC debated and discussed
>> many of the very points you have brought up.  You are looking at things as
>> an advocate just LASCON and the Austin chapter, exactly as you should do, as
>> those are your roles in OWASP.  The difference is that the GCC must be
>> concerned with not individual events but all OWASP events as well as larger
>> issues at the foundation level (for example, ensure the foundation as a
>> whole has sufficient revenue to survive) when setting our policies.    I
>> believe the "rub" comes from this differing perspective.
>>
>> -Mark
>>
>> On Wed, May 11, 2011 at 11:43 AM, Josh Sokol <*josh.sokol at ni.com*<josh.sokol at ni.com>>
>> wrote:
>> I guess so.  I think that LASCON is an OWASP conference in that it
>> supports the OWASP mission and benefits the OWASP foundation and Austin
>> chapter.  We were planning on establishing our own bank account for the
>> conference until the suggestion was made that we simplify by having Kate and
>> Allison handle the income and expenses.  Since the ultimate destination for
>> the money was the foundation and the chapters bank accounts, it seemed like
>> a win-win.  Nobody ever said that this agreement meant that the foundation
>> c/o the GCC would have full control over the conference moving forward.  In
>> my opinion the decision making ability for LASCON has always belonged to
>> James and I as co-chairs and the LASCON board and we executed as such last
>> year.  Yes, OWASP wrote a lot of checks on behalf of LASCON via this
>> agreement, but it also took in way more revenue than the majority of OWASP
>> conferences held last year.
>>
>> The thing that confuses me is why this has to be all black and white to
>> you.  Why can't we say that LASCON is the Austin chapters baby and is
>> controlled as such with oversight from the GCC to make sure we are adhering
>> to the OWASP values and representing the foundation in an acceptable manner?
>>  As long as that holds true, I'm not sure why the GCC really needs it's
>> hands on LASCON at all.  James and I have had many discussions about this
>> and we both agree that we want LASCON to be an OWASP conference with profit
>> going to the local chapter and foundation.  What we don't agree with is that
>> this desire equates to us giving up control over how the conference is run,
>> how the money is spent, and where it ultimately ends up.  You said it
>> yourself; ultimately there really is no such thing as a chapter bank
>> account, it's just a line item used by accountants.  All of the money is
>> spent to support the OWASP mission.  And I don't see what's wrong with
>> having so called "rich" chapters.  The desire to be on that list and be able
>> to do more with OWASP locally was one of the things that enticed us to do
>> LASCON in the first place.  Why not encourage more chapters to follow that
>> model rather than discouraging them from having a conference altogether.  A
>> decent account balance can be used to show which chapters are doing more to
>> support the mission than others.  If that helps to encourage more
>> participation from others, then I think we should be using that to our
>> advantage.
>>
>>
>> Sincerely,
>>
>> Josh Sokol (CISSP, CCNA, GWAS)
>> Information Security Program Owner
>> National Instruments
>>
>> On May 11, 2011, at 10:17 AM, "Mark Bristow" <*mark.bristow at owasp.org*<mark.bristow at owasp.org>>
>> wrote:
>>
>> So that's the disconnect?  You don't think LASCON is an OWASP function?
>> If that's the case, that's fine we can treat it not as an OWASP event but as
>> a partnered event if you'd like.  If it's a partner event it goes through
>> entirely different rules and a contract is established between OWASP and the
>> partnering organization (who would that be in this case?).
>>
>> If LASCON is run by the OWASP Austin Chapter, then it definately falls
>> under GCC juristction as delegated to the GCC by the board.  OWASP Chapters
>> are not individual entities they are members of the overall OWASP foundation
>> and thus are subject to it's governance.  But if LASCON is run simply by
>> Josh Sokol and/or the LASCON organization, then it's a partner event and the
>> GCC would have to evaluate OWASP's participation in such an event.
>>
>> Also, FYI the board already passed this policy, the GCC did exist at the
>> time (I remember approving LASCON in 2010).  I recall OWASP and the GCC
>> writing a lot of checks to cover LASCON last year so it' shard to say that
>> "When we started LASCON, there was no GCC that I'm aware of and at the very
>> least no involvement in the conference from the GCC"  Because you were
>> working primarily with Kate dosn't mean it wasn't the GCC, we just wern't
>> well staffed at the time.
>>
>> On Wed, May 11, 2011 at 11:04 AM, Josh Sokol < <josh.sokol at owasp.org>*
>> josh.sokol at owasp.org* <josh.sokol at owasp.org>> wrote:
>> Mark,
>>
>> Personally, I don't care about DC or any AppSec conference for that
>> matter.  These conferences, regardless of which chapter is supporting, are
>> the property of the OWASP Foundation and should rightly be treated as such
>> with the GCC setting whatever profit splits, caps, or anything else it sees
>> fit.  I have never desired to change that and the Austin chapter has put in
>> a bid to support the Foundation in that effort for the 2012 USA conference
>> out of our desire to support OWASP's core values and mission.
>>
>> What I do not agree with is the notion that the GCC can now make policy
>> for other conferences run by individuals and chapters.  When we started
>> LASCON, there was no GCC that I'm aware of and at the very least no
>> involvement in the conference from the GCC.  The notion that the creation of
>> the GCC suddenly means that all future decision making ability and past
>> decisions were retroactively taken out of the hands of the conference
>> planners is simply crap.  LASCON was founded by the Austin chapter members
>> to support the OWASP mission, but is not the property of OWASP.  It is a
>> fundraiser for both our local chapter and the foundation, but was never
>> intended to be governed by the GCC.  In every communication that I've seen
>> from you on this topic you have made the assumption that we gave up the
>> right to make decisions for ourselves when we decided that the conference
>> would support OWASP.  Other than our agreement that the foundation would
>> handle the income and expenditures to simplify that part of the conference
>> for us, I'd like to know where it was ever agreed that it would be the case
>> that OWASP or the GCC would be able to set policy for our conference.  The
>> fact is that we never agreed to this and likely never would have given up
>> that right had we had any say in the matter.  IMHO, the GCC should have full
>> control over conferences that belong to OWASP and any agreements with any
>> other conferences should be negotiated and agreed to between the GCC and the
>> conference planners.  If you don't start treating these conferences more
>> like a partnership and less like an owner by assumption, I can guarantee
>> that you will lose them and any support they provide for OWASP either via
>> it's mission or financially.
>>
>> I've said my piece apparently "ad nauseum" at this point even though we
>> were never consulted as stakeholders in this policy and when I tried to get
>> involved I was told that the discussion had already been had and all that
>> was left was a vote.  The only reason why I am still pleading my case is
>> because the board ultimately has to approve this policy and I am hopeful
>> that they will recognize that this policy contradicts OWASP's mission.  I
>> appreciate the GCC's desire to bring order where there was chaos, but this
>> policy flies in the face of everyone out there trying to support OWASP and
>> it's values through conferences.  Since the GCC is unwilling to recognize
>> this and overturn it's flawed policy, I can only hope that the board will.
>>
>> Sincerely,
>>
>> Josh Sokol (CISSP, CCNA, GWAS)
>> Information Security Program Owner
>> National Instruments
>>
>> On May 10, 2011, at 6:11 PM, Mark Bristow < <mark.bristow at owasp.org>*
>> mark.bristow at owasp.org* <mark.bristow at owasp.org>> wrote:
>>
>> I think it is important to remember in this discussion that it is *ALL
>> OWASP'S money*.  Distinction between the board budget, committee budgets,
>> project budgets, chapter budgets, conferences et all is an internal
>> accounting practice and how the Foundation chooses to organize and
>> prioritize it's activities, there are not separate accounts merely line
>> items tracked by our accountants.
>>
>> The Conferences Committee has visited, and revisited this topic ad-nasuem.
>>  In the end the committee members voted on the policy and that is the policy
>> that shall stand until it is re-visited by the committee or overturned by
>> the board.  As Committee Chair and as a Committee member, it's
>> my responsibility to support that policy until such time.  The intention was
>> for the GCC to look at this subject again after we went through a Global
>> AppSec Cycle to determine if it was effective.  I think it would be prudent
>> to get more information and feedback about the policy before we go changing
>> it.
>>
>> Regarding Josh's comment regarding how the language was drafted, I agree
>> it may stem to incentivize the wrong types of behavior by calling out the
>> additional money one can earn for their chapter.  Financial gain for the
>> chapter should NOT be a primary goal in hosting a conference, it should be
>> done as an effort to further the OWASP mission and the Application Security
>> community.  What I was trying to do was help "incentivize" and "sex up" the
>> statement to drive more people to host events and ultimately spread
>> awareness about OWASP and application security.  Hosting a conference is a
>> TON of work but it is one of our greatest outreach efforts and we need to
>> find ways to encourage events in a controlled and coordinated way.
>>
>> In regards to the comment about events handing 100% of profits to the
>> foundation prior to this policy being implemented, to my knowledge (I can
>> say it definitively with APpSec DC) this was completely true and if you want
>> me to pull the records for all events I will do so.  I believe the first
>> time that any type of profit sharing was tried was AppSec EU 2010 as a pilot
>> program.
>>
>> Comments about the need for chapter budgets are really outside this
>> conversation and is a matter for the chapters committee.
>>
>> On Tue, May 10, 2011 at 6:56 PM, Mark Bristow < <mark.bristow at owasp.org><mark.bristow at owasp.org>
>> *mark.bristow at owasp.org* <mark.bristow at owasp.org>> wrote:
>> Gentlemen,
>>
>> First off, the initial point of this thread was a report of the GCC of a
>> completed action item it was assigned by the board.  I have re-named
>> this discussion to get it more on topic.  I would really appriciate it if we
>> could, as a general rule, keep to the topics discussed in the subject lines.
>>  Everyone is always welcome to voice their opinion and if it is only
>> tangential to the original topic, a simple rename of the subject will move
>> it into a new thread (I can't wait till we have forums, if that day ever
>> comes).
>>
>> Second,  please everyone keep it civil.  I read this thread mostly from my
>> phone and really didn't notice who said what (and am intentionally doing
>> that while writing this section).  I did see some personal
>> attacks, innuendo, and what I consider to not be appropriate for civil
>> discourse.  Just try to keep it above board.
>>
>> I'll re-read this thread and follow up in a minute, but I needed to take
>> some "moderator" action in this case.
>>
>> -Mark
>>
>> On Tue, May 10, 2011 at 6:40 PM, Josh Sokol < <josh.sokol at owasp.org><josh.sokol at owasp.org>
>> *josh.sokol at owasp.org* <josh.sokol at owasp.org>> wrote:
>> Lucas,
>>
>> Wow.  I don't even know what to say to that as this is the very basis for
>> Mark's communication that generated my original response.  *"Earn up to
>> $5000 for your chapter by hosting an OWASP Event!"*  Am I missing
>> something here?  *"This new policy rewards chapters who volunteer to take
>> on the challenge of hosting an OWASP event"*  If you disagree with what I
>> said, then you should be jumping up and down screaming about this message
>> intended for the leaders list.  The communication says nothing about
>> supporting OWASP's mission, doing it for fun, educating the masses.  Only
>> money for chapters.  Houston, I think we have a problem here.
>>
>> Frankly, this isn't about a mentality that you want to encourage and to
>> some extent we need to look beyond selfish motivations and analyze the
>> impacts of our decisions on the chapters and the foundation.  Regardless of
>> the motivations, we need to ask ourselves "Does this encourage more
>> conferences, and thus, support the OWASP mission?"  Everything else is
>> really secondary.  This earn money for your chapter exemplifies that.
>>
>> Yeah, I've heard Mark say several times that before the policy there was
>> no policy.  For some reason the assumption is that this means that chapters
>> doing their own conferences were just going to hand over 100% of their
>> profits to the OWASP Foundation.  I'll call shenanigans on that one.  I can
>> only speak for our conference, but that was never our intention and I can
>> pretty much guarantee that I wouldn't even be considering LASCON 2011 an
>> OWASP conference if that were the case.  The very fact that the GCC thinks
>> they should be dictating these conditions to conferences without any say
>> from the people actually running the conferences really bugs me.
>>
>> Your last statement I agree with completely and was the rationale behind
>> me taking back my objection to the policy.  My only real thought here is
>> that prior to LASCON, our chapter felt like we hadn't contributed anything
>> to OWASP, and therefore, we shouldn't be asking for anything from the
>> organization.  Giving chapters their own funds is just a way to recognize
>> the chapters that are really giving back to the organization.  Do we need
>> our own money?  Absolutely not.  So why have chapter bank accounts at all if
>> we never intend to put any money in them?
>>
>> ~josh
>>
>>
>> On Tue, May 10, 2011 at 4:56 PM, Lucas Ferreira <<lucas.ferreira at owasp.org><lucas.ferreira at owasp.org>
>> *lucas.ferreira at owasp.org* <lucas.ferreira at owasp.org>> wrote:
>> Josh,
>>
>> I don't think that "getting money for my chapter" should be a driver for a
>> conference planner. This is not the kind of mentality I want to encourage.
>>
>> Also, before this policy, there was no policy at all. So this new policy
>> now allows chapters to get some money, which did not happen before. Are you
>> saying that getting no money was better than getting some money?
>>
>> Another doubt: which activities do you have in your chapter that could not
>> be funded by the "mothership" OWASP money? Why do you need YOUR money?
>>
>> Regards,
>>
>> Lucas
>>
>>
>> On Tue, May 10, 2011 at 18:30, Josh Sokol < <josh.sokol at owasp.org><josh.sokol at owasp.org>
>> *josh.sokol at owasp.org* <josh.sokol at owasp.org>> wrote:
>> Lucas,
>>
>> I agree wholeheartedly.  We should not be looking to use conference to
>> make money, we should be looking to use conferences to carry out the OWASP
>> mission.  That said, throwing conferences is one of very few ways for a
>> chapter to raise funds.  The only other that I am aware of is finding a
>> corporate sponsor which is quite difficult.  So if my best option to get
>> money in my chapters bank account to improve my chapter and carry out the
>> OWASP mission is to hold a conference, why would you do things to discourage
>> that?  Keep in mind that even if the money is in a chapters bank account, it
>> still needs to be used to support the OWASP mission.  Are you implying that
>> my drive to raise funds to improve my local chapter means that I'm not
>> passionate about OWASP?  The very fact that I'm throwing an OWASP conference
>> with a dedicated OWASP track says quite the opposite.  Can the same be said
>> for the policy which has the net effect of disincentivizing more chapters
>> from doing what we have?  All for what?  A bigger amount of money into the
>> general OWASP account.  So now tell me who's passionate and who's about the
>> money?
>>
>> ~josh
>>
>>
>> On Tue, May 10, 2011 at 4:13 PM, Lucas Ferreira <<lucas.ferreira at owasp.org><lucas.ferreira at owasp.org>
>> *lucas.ferreira at owasp.org* <lucas.ferreira at owasp.org>> wrote:
>> Josh,
>>
>> if the conference planners' main incentive is getting money, they are not
>> aligned with what I believe should be the reasons for participating in
>> OWASP. We need to find people that can make a great conference because they
>> are passionate about OWASP as a whole, not about money.
>>
>> Regards,
>>
>> Lucas
>>
>>
>> On Tue, May 10, 2011 at 17:34, Josh Sokol < <josh.sokol at owasp.org><josh.sokol at owasp.org>
>> *josh.sokol at owasp.org* <josh.sokol at owasp.org>> wrote:
>> The reasoning behind the caps in the FAQ is fundamentally flawed.  Because
>> the revenue split is percentage based, as profit grows so does the OWASP
>> Foundation's take.  The cap has the effect of creating a bump in profits for
>> the OWASP Foundation once a certain dollar value is reached.  This actually
>> discourages the conference planners from creating additional profit beyond
>> that cap value, and thus, could result in less money for the foundation.
>>
>> If the intent of this policy is to make sure that the OWASP Foundation
>> makes a pre-determined amount of revenue off of each conference, then you
>> should probably use a minimum profit value for the percentage split to kick
>> in.  This would ensure funding for the foundation while providing incentive
>> for the conference planners to do activities which will make more money for
>> both parties.
>>
>> Sincerely,
>>
>> Josh Sokol
>>
>> On Tue, May 10, 2011 at 2:21 PM, Mark Bristow < <mark.bristow at owasp.org><mark.bristow at owasp.org>
>> *mark.bristow at owasp.org* <mark.bristow at owasp.org>> wrote:
>> OWASP Board,
>>
>> As previously directed, the OWASP GCC has developed some draft language to
>> announce the profit sharing policy for events for your review and
>> consideration.  If the Board approves, I will post this to the leaders list.
>>
>> Regards,
>> -Mark
>>
>> To: Leaders List
>> Subject: OWASP event profit sharing for local chapters!
>>
>> Leaders,
>>
>> Earn up to $5000 for your chapter by hosting an OWASP Event!  Local
>> chapters who would like to host an OWASP Local, Regional or Global AppSec
>> event can now receive a portion of the event profits earmarked for your
>> chapter.  This new policy rewards chapters who volunteer to take on the
>> challenge of hosting an OWASP event with the following schedule:
>>
>>    - Global AppSec Conference - 25% of event profits with a $5,000 USD
>>    maximum ($10,000 for multi-chapter events)
>>    - Regional/Theme Events - 30% of event profits with a $4,000 USD
>>    maximum
>>    - Local Events - 50% of profits with a $3000 USD maximum
>>
>> All you need to do is coordinate your event with the Global Conferences
>> Committee using the OWASP Conference Management System (<https://ocms.owasp.org/><https://ocms.owasp.org/>
>> *https://ocms.owasp.org* <https://ocms.owasp.org/>), answer a few basic
>> questions and get your event approved.  If your event makes a profit you can
>> earn some extra money for your local chapter’s budget!  The Conferences
>> Committee is excited about this new program and can’t wait to work with you
>> to host your OWASP event!
>>
>> About the policy:
>> In addition to the Membership Committee's 60/40 membership income sharing
>> model, the GCC felt it was appropriate to provide a mechanism for local
>> chapters who volunteer significant time and effort to host OWASP events to
>> reap some financial benefit from that effort for their local chapter
>> budgets.  The committee considered the needs of the OWASP Foundation, local
>> chapter entrepreneurship, and a potential disparity between "have and have
>> not" chapters when debating the decision.  For more information on this
>> policy you can reference the *GCC discussion*<https://lists.owasp.org/pipermail/global_conference_committee/2010-December/000568.html>,
>> *GCC vote*<https://docs.google.com/a/owasp.org/document/d/1eVX6lDyAtsUBrDKp6C7pcPTk8ObCv-QgnFAGq_zj510/edit?hl=en#>and
>> *OWASP Board Vote*<https://www.owasp.org/index.php/Minutes_March_8,_2011>on the subject.
>>
>> Regards,
>> The Global Conferences Committee, Mark Bristow, Chair
>>
>>
>>
>> ================= FAQ (not for release with announcement)
>> ================================
>> Q: But I thought that conference revenue was split 60/40!?!?
>> A: The 60/40 split only apples to membership income and is set by the
>> Membership Committee.  Previously, there was *no provision* to provide
>> profit sharing from events with local chapters.  This new policy provides
>> chapters with additional ways to obtain resources that did not exist before.
>>
>> Q: Why are there caps?
>> A: OWASP events are a critical component to the revenue that OWASP earns
>> annually to cover it's operational expenses, making up about half of annual
>> revenue.  It is critical to the continuation of the OWASP Foundation that
>> this revenue stream not be significantly interrupted or we could run out of
>> funding for many of the OWASP activities we, and the community, have come to
>> rely on.  Many OWASP events can be quite profitable (Global AppSec events
>> can make in excess of $100,000 USD) and the Committee decided it was
>> important to put overall profit sharing caps in place  to ensure the
>> conference revenue was available throughout foundation for operating costs.
>> Additionally, Individual chapter budgets are not the only way that chapters
>> can fund activities.  Chapters can reach out, via the Chapters Committee,
>> for support for various activities from the Foundation, (which in turn is
>> heavily funded by Conference revenue).  The caps ensure that we don't
>> encounter a situation where one or two chapters have a disproportionate
>> allocation of OWASP funds leaving the majority of chapters to fight over a
>> relatively small amount of funds via the Chapters committee.
>>
>> _______________________________________________
>> Global_conference_committee mailing list*
>> * <Global_conference_committee at lists.owasp.org><Global_conference_committee at lists.owasp.org>
>> *Global_conference_committee at lists.owasp.org*<Global_conference_committee at lists.owasp.org>
>> *
>> * <https://lists.owasp.org/mailman/listinfo/global_conference_committee><https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> *https://lists.owasp.org/mailman/listinfo/global_conference_committee*<https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>>
>>
>>
>> _______________________________________________
>> Global_conference_committee mailing list*
>> * <Global_conference_committee at lists.owasp.org><Global_conference_committee at lists.owasp.org>
>> *Global_conference_committee at lists.owasp.org*<Global_conference_committee at lists.owasp.org>
>> *
>> * <https://lists.owasp.org/mailman/listinfo/global_conference_committee><https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>> *https://lists.owasp.org/mailman/listinfo/global_conference_committee*<https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>>
>>
>>
>>
>> --
>> Homo sapiens non urinat in ventum.
>>
>>
>>
>>
>> --
>> Homo sapiens non urinat in ventum.
>>
>>
>>
>>
>> --
>> Mark Bristow*
>> **(703) 596-5175* <%28703%29%20596-5175>*
>> * <mark.bristow at owasp.org> <mark.bristow at owasp.org>*
>> mark.bristow at owasp.org* <mark.bristow at owasp.org>
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF>
>> *http://is.gd/5MTvF* <http://is.gd/5MTvF>
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu>*
>> http://is.gd/5MTwu* <http://is.gd/5MTwu>
>> AppSec DC Organizer - <https://www.appsecdc.org/><https://www.appsecdc.org/>
>> *https://www.appsecdc.org* <https://www.appsecdc.org/>
>>
>>
>>
>>
>> --
>> Mark Bristow*
>> **(703) 596-5175* <%28703%29%20596-5175>*
>> * <mark.bristow at owasp.org> <mark.bristow at owasp.org>*
>> mark.bristow at owasp.org* <mark.bristow at owasp.org>
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF>
>> *http://is.gd/5MTvF* <http://is.gd/5MTvF>
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu>*
>> http://is.gd/5MTwu* <http://is.gd/5MTwu>
>> AppSec DC Organizer - <https://www.appsecdc.org/><https://www.appsecdc.org/>
>> *https://www.appsecdc.org* <https://www.appsecdc.org/>
>>
>>
>> _______________________________________________
>> Global_conference_committee mailing list*
>> * <Global_conference_committee at lists.owasp.org>*
>> Global_conference_committee at lists.owasp.org*<Global_conference_committee at lists.owasp.org>
>> *
>> * <https://lists.owasp.org/mailman/listinfo/global_conference_committee>*
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee*<https://lists.owasp.org/mailman/listinfo/global_conference_committee>
>>
>>
>>
>>
>> --
>> Mark Bristow*
>> **(703) 596-5175* <%28703%29%20596-5175>*
>> * <mark.bristow at owasp.org>*mark.bristow at owasp.org*<mark.bristow at owasp.org>
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>*
>> http://is.gd/5MTvF* <http://is.gd/5MTvF>
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>*http://is.gd/5MTwu*<http://is.gd/5MTwu>
>> AppSec DC Organizer - <https://www.appsecdc.org/>*
>> https://www.appsecdc.org* <https://www.appsecdc.org/>
>>
>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175*
>> **mark.bristow at owasp.org* <mark.bristow at owasp.org>
>>
>> OWASP Global Conferences Committee Chair - *http://is.gd/5MTvF*<http://is.gd/5MTvF>
>> OWASP DC Chapter Co-Chair - *http://is.gd/5MTwu* <http://is.gd/5MTwu>
>> AppSec DC Organizer - *https://www.appsecdc.org*<https://www.appsecdc.org/>
>>
>>
>
>
> --
> Mark Bristow
> (703) 596-5175
> <mark.bristow at owasp.org>mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
> http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
> AppSec DC Organizer - <https://www.appsecdc.org>https://www.appsecdc.org
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110511/8b3211f5/attachment-0002.html>


More information about the Owasp-board mailing list