[Owasp-board] [Owasp-leaders] [Request for Feedback] New Profit Sharing Model Proposal

Tom Brennan tomb at owasp.org
Mon Dec 3 12:39:32 UTC 2012


Very interesting post, like it a lot and just in time for 2013 budgeting.

The next meeting of the volunteers to discuss budgets it 10-Dec at 1-866-469-3239 x218-019-82 12est

GCC should look at this and provide feedback after survey and consensus of the owasp-leaders running chapters.


On Dec 3, 2012, at 6:20 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Hi Michael, 
> 
> Thanks for your answer, but I feel that the key issue is not being addressed. In my view OWASP has a 'Spending the available funds' problem and not a 'need to refine the profit splitting' problem 
> 
> I have answered in detail on this blog post: http://diniscruz.blogspot.co.uk/2012/12/owasp-revenue-splits-and-non-profits.html
> 
> The reason I asked those questions (which you didn't fully replied to), is that if we look at the number of available funds and the amounts that are actually being spent, we will see that the current model is not working (i.e. the current OWASP leaders are not felling empowered enough to spend the available funds (in fact they feel they need to 'keep' those funds in their 'virtual bank accounts', for when they 'need it' the future).
> 
> As Seth Godin says in his Non-profits have a charter to be innovators , organisations like OWASP should be failing a LOT, because they should be trying a LOT. And we currently have funds to TRY, but we don't
> 
> My proposed solution (as I described in my blog post) is to dramatically simplify the current model into something like this:
> OWASP chapters and projects get 100% of the funds they generate, and have 6 months to spend it
> After 6 months that money goes to a global Projects and Chapters pot/bucket/account, which ALL chapters and Projects can access (and spend from)
> No OWASP leader can be paid using these funds
> There is an 'approval by default' on spending requests (with maybe a 'request for more details' mode (see  GSD project for an example))
> with this, the focus would be on spending the money, not into 'who has access to it'
> 
> What we have today is a 'political and power' discussion! (i.e. who gets the money and how control it)
> 
> At the end of the day, it doesn't MATTER who has the money (since WE ALL ARE OWASP), what matters is how it is spent.
> 
> I don't care if $100,000 USD of OWASP funds is spend by somebody from a chapter in the middle of nowhere, with very small chapter mettings, and ZERO funds generated locally.
> 
> What I care is, did that 100k add value to OWASP and its community! 
> 
> THAT is the only question that matters
> 
> Dinis Cruz
> 
> On 22 November 2012 15:18, Michael Coates <michael.coates at owasp.org> wrote:
>> Dinis,
>> 
>> The policy is being changed for a few reasons.  The goal is to simplify the policy and provide better clarity on funding objectives. Previously we (board and committees) received feedback that the policy had many edge cases and was difficult to navigate.  It was often unclear what was technically one type of an event an under policy X vs another type of event under policy Y.   The new policy is straightforward and also strikes a better balance between declaring foundation funding needs to keep the overall OWASP machine moving and also chapter desires to raise funds and foster chapter/regional growth.
>> 
>> Regarding chapter spending, here is a snapshot of amounts currently allocated to chapters:
>> https://docs.google.com/a/owasp.org/spreadsheet/pub?hl=en_US&hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&output=html
>> 
>> We have some chapters that are not currently using much of their funds and other chapters that have brought in more money and invested that back into the local region through events.  
>> 
>> 
>> At an overall level, our goal with this policy is to empower local chapters and regional events to be creative and successful. A large percentage of profits from those events go directly back into the chapter.  A small percentage helps support the overall OWASP foundation (which in turns provides global services to everyone).  The larger global events are primary income sources for the annual foundation budget and this new model better clarifies the foundation needs and chapter benefits for those global events.
>> 
>> 
>> Thanks for the questions and feedback.
>> 
>> 
>> --
>> Michael Coates | OWASP | @_mwc
>> michael-coates.blogspot.com
>> 
>> 
>> 
>> On Tue, Nov 20, 2012 at 8:11 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>> Hi Michael,
>>> 
>>> Is there a place where I can see/read the current objectives and rational behind the profit sharing?
>>> 
>>> Basically:
>>>  - why it is done?
>>>  - what are the objectives that we are trying to achieve?
>>>  - based on the past 12 months (and what happened with the use of those funds), have those objectives been meet?
>>>  - what is working and what is not working? (with the current profit sharing model)
>>>  - what is the % of the funds allocated that have been spent in the last 12 months?
>>>  - where have those $$$ been used for?
>>> 
>>> Also, can you point me to an analysis (or list) of all the expenses made by the chapters that received a $$$ share? (and their balances)
>>> 
>>> Thx
>>> 
>>> Dinis Cruz
>>> 
>>> On 20 Nov 2012, at 15:52, Michael Coates <michael.coates at owasp.org> wrote:
>>> 
>>>> Leaders,
>>>> 
>>>> 
>>>> The profit sharing model used in past years has been in need of a revamp to better serve our growing organizational needs.  The proposed policy was drafted with input from board members and committee members.  It has been discussed initially at the board and has also been socialized with committees for their feedback.  
>>>> 
>>>> We'd like to also gather feedback from the OWASP leaders list.  Please review the below material and provide any feedback via this thread.  We're accepting feedback today through Saturday, Nov 24th. This item is on the board meeting agenda* for a vote on Monday, Nov 26th.
>>>> 
>>>> * https://www.owasp.org/index.php/OWASP_Board_Meetings
>>>> 
>>>> 
>>>> Thanks,
>>>> Michael 
>>>> 
>>>> --
>>>> Michael Coates | OWASP | @_mwc
>>>> 
>>>> 
>>>> 
>>>> michael-coates.blogspot.com
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> New Profit Sharing Proposal
>>>> 
>>>> https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit
>>>> 
>>>> 
>>>> (Thanks to Sarah Baso for pulling together the below comparison information and notes).
>>>> 
>>>> First for reference, here is the current policy in place:
>>>> 
>>>> Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event.
>>>> Global AppSec Conference - 25% of event profits with a $5,000 USD cap ($10,000 for multi-chapter events)
>>>> Regional/Theme Events - 30% of event profits with a $4,000 USD cap
>>>> Local Events - 50% of profits with a $3000 USD cap
>>>> 
>>>> 
>>>> Budgeting Implications
>>>> Under the new plan, there is a opportunity for the local chapter to earn much more than that listed below if they surpass the profit target, but just using the profit target as a guideline... here are the numbers....
>>>> (note these are examples numbers used for 2013 and don't reflect profits or loss from 2012)
>>>> 
>>>> <image.png>
>>>> 
>>>> 
>>>> Comments from Conferences Committee Call & Mailing List Thread
>>>> From July 18, 2012 Conference Committee Call:
>>>> 
>>>> Request for Comment: proposed policy for profit sharing and financial oversight of future OWASP events:  https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit 
>>>> 
>>>> The Board intends to finalize this policy at their next meeting (scheduled for August 13, 2012), and have requested that you submit any comments, questions, or concerns for their consideration by that time.
>>>> 
>>>> “Any amount above the profit target will be allocated 60/40 to the local chapter.” Need to clarify that 60 is to Foundation and  40 is to local chapter.
>>>> Should we have different policies for different areas of the world to reflect the different culture/mindset in different areas (US, Europe, etc.)
>>>> No perspective on how we continuously evolve and better the Global AppSec Conference in that region next year.  For instance, how can we use the profits from AppSec EU research this year to benefit AppSec EU (and the European region) next year.
>>>> Current policy is focused 2 things: on local chapter and foundation as a whole.  However there are other considerations such as regional development/outreach.
>>>> Are we adjusting the policy to only accommodate needs in the US, but not the rest of the world?
>>>> This policy also doesn’t take into account any corporate supporters/membership dues that come in during a conference.
>>>> What are chapters doing with their conference proceeds? What is their motivation for keeping a “stock pile” in their chapter accounts?
>>>> Ralph - “The current proposed model is great!”
>>>> 
>>>> Email Request to Conference Committee mailing list
>>>> Response from Josh Sokol
>>>> 1. The point about when the profit target is determined is unclear.  Does
>>>> this mean for the US event that we are determining the target after the
>>>> event has taken place or is this for the next year's event?  Why are we
>>>> using the US event to determine the timing for other events.  IMHO, we
>>>> should be able to set the profit target for the following year's event
>>>> within 60 days of the completion of the current year's event.
>>>> 
>>>> 2. I am fine with the percentage splits here, but do not agree with the
>>>> $5,000 value at which they happen.  This is more than enough for a smaller
>>>> chapter holding an event, but for a larger chapter, such as my Austin
>>>> chapter, our event would have to profit $18,750 in order for us to raise
>>>> our annual budget of roughly $10,000.  In other words, this $5,000 number
>>>> does not allow us to scale profit splits well as chapter sizes grow.  My
>>>> suggestion would be to make $5,000 the base number here UNLESS a chapter
>>>> running an event has submitted a budget showing annual expenses greater
>>>> than that amount, in which case they are allowed up to that amount at the
>>>> 10/90 split.  A subtle change, but one which I believe is necessary in
>>>> order for this policy to scale appropriately.
>>>> 
>>>> 3. I agree that the Chapters committee should be responsible for monitoring
>>>> chapter accounts, budgets, and expenses as necessary.
>>>> 
>>>> 4. I agree that the Chapters committee will need to establish new
>>>> guidelines similar to those of the Conferences committee for local and
>>>> regional events held by the chapters.
>>>> Response from Mark Bristow
>>>> I agree with josh on #1.  The profit targets should be set in outyear
>>>> budget planning with it locked in at the beginning of each OWASP FY.  The
>>>> mechanics of this as proposed are a bit odd.  My only point is that the
>>>> targets should be set BEFORE the CFP goes out so applicants have clear
>>>> expectations set.
>>>> 
>>>> Otherwise I'm personally fine with this as written.  I'm not in favor of
>>>> Josh's proposed changes in #2.  As written this provides an avenue for
>>>> chapters to raise significant funds from events while ensuring that the
>>>> foundation also recovers it's capital investments/costs in a "chapters
>>>> first" model.  IMO this is a good balance of the priorities.
>>>> 
>>>> Response from Dave Wichers
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> The target is done in advance, not after the event. We use the U.S. event as
>>>> the date after which we figure out next year's targets because it is the
>>>> biggest single revenue source for OWASP, so it affects the entire next
>>>> year's budget in a significant way.
>>>> 
>>>>  
>>>> 
>>>> However, I could see that we could come with an estimate for each event
>>>> right after the previous event, and then potentially adjust it right after
>>>> OWASP AppSec USA, with the goal that it NOT be adjusted if possible. That
>>>> way conference planning generally know almost a year in advance the revenue
>>>> target primarily based on the revenue generated the previous year.
>>>> 
>>>>  
>>>> 
>>>> Regarding the $5K threshold, I think some potential for adjustment above $5K
>>>> is reasonable to consider for the larger chapters. I might not agree to have
>>>> the 10/90 go up to their entire target budget, because chapters raise
>>>> revenue in other ways  too, like encouraging memberships, etc. And if they
>>>> go way over their target, then the chapter could be significantly overfunded
>>>> because they get 40% of the overage too. And we should also consider the
>>>> amount of $ the chapter already has in their account as well. I.e., if you
>>>> plan to spend $10K but have $5K already there, then maybe $5K is a more
>>>> appropriate target. 
>>>> 
>>>>  
>>>> 
>>>> The good news, from your reply is that you seem to be OK with the entire
>>>> policy except for this one specific point, which I think is BIG progress.
>>>> Hopefully others feel similar so we are approaching closure on this.
>>>> 
>>>>  
>>>> 
>>>> Thanks for reviewing this.
>>>> 
>>>> Again from Josh Sokol
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Sure there are other ways to raise revenue, but that's not really the
>>>> point.  The point is that a chapter should be able to raise the operational
>>>> funds it needs via whichever method it desires.  Membership revenue is
>>>> limited and will in all likelihood not make up that gap.  And not every
>>>> chapter is fortunate to be able to land a big company to sponsor them.
>>>> Also, chapters having a little bit more money than they need is not
>>>> necessarily a bad thing and is a reward for running a successful event.
>>>> Having some extra funds available also breeds innovation.  As an example,
>>>> it's having extra funds that got the Austin Chapter to start doing these
>>>> monthly webinars as part of our meetings and that translates directly to a
>>>> wider reach for the OWASP organization.  Perhaps the compromise here is to
>>>> take the chapters annual budget minus the money currently in the chapters
>>>> account?
>>>> From Tin Zaw
>>>> First of all, thank you for all who worked on this draft proposal. I
>>>> think we are getting somewhere with this.
>>>> 
>>>> Secondly, thank you Sarah for kindly attaching the document for those
>>>> of us who cannot access Google Docs (at work).
>>>> 
>>>> 1. I understand Dave's explanation. I would suggest we make it clear
>>>> that such number is communicated well in above so that event planners
>>>> (the host chapter) know what they need to deliver, preferably before
>>>> submitting a proposal.
>>>> 
>>>> 2. I am OK with $5000 limit before 60/40 split kicks in, assuming that
>>>> $5000 is the profit that goes to the chapter under 10/90. I would like
>>>> to see it states explicitly that $5000 is the profit portion for the
>>>> chapter, not overall profit or income.
>>>> 
>>>> The rest, I agree.
>>>> 
>>>> Great job guys!
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121203/3a420054/attachment-0001.html>


More information about the Owasp-board mailing list