[Owasp-board] [Global_chapter_committee] A New Event Policy for OWASP
jason.li at owasp.org
Fri Feb 24 23:43:31 UTC 2012
One thing I would suggest getting away from is the concept of whether an
event is "controlled by" the Chapter Committee vs the Conferences Committee.
That kind of mentality makes this policy-making very confrontational.
This work isn't about one committee or another - it's about establishing a
unified policy that makes sense for all of OWASP at a macro and micro scale.
In fact, I see no reason why there couldn't be an event that had policies
and support mechanisms from both committees that applied to the event.
On Thu, Feb 23, 2012 at 1:46 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Chapter Committee Members,
> Hopefully by now you have all had a chance to read Michael's e-mail
> regarding the Board's decision on the LASCON request for exemption and the
> desire for a change in policy around events. We should all view the
> discussions which will follow as an excellent way for our committee to
> shape the future of Chapters and their ability to grow and be sustainable
> over the long-term. To summarize, the board has asked us to work with the
> Conference Committee to come up with a policy which address all of the
> following guiding objectives:
> - Chapter empowerment through a profit sharing model that is in line
> with our core value of Innovation
> - No profit caps on gains from specific events
> - Annual review, requirements, or rules to address the issue of stale
> chapter funds in excessive amounts
> - Periodic recap on funds spent by chapters to help ensure funds are
> appointed on items aligned with the "OWASP Mission"
> - Added controls to prevent conflicts between large chapter events and
> core global conferences.
> - A dedicated committee with continual and significant control over
> the core OWASP global events (Conferences Committee)
> - A model which accounts for costs associated with Foundation
> resources provided to local events.
> - Controls to prevent chapters from over-committing on financial costs
> - Final policy and structure should ensure no incentive for chapters
> to form legal entities in their own countries.
> - Chapters must use established technology methods (RegOnline) any
> time money is handled
> - CFPs need to use established OWASP procedures
> - A single "source of truth" for all events. (I assume this means a
> single place to coordinate all events)
> - Naming standards for all events
> - Logo standards that include OWASP on all logos, event sites,
> collateral, etc
> I feel very strongly that these are guidelines that we can work with in
> order to craft this new policy. That said, before we get started on the
> policy itself, I have a few questions for you all.
> 1) What criteria do we use to distinguish between an event controlled by
> the Chapter Committee vs an event controlled by the Conferences Committee.
> It's clear that the label of "Conference" is not enough. I also feel
> strongly that metrics such as "number of attendees" or "where attendees are
> from" make for poor determining factors as they fail to account for chapter
> growth on a local level and OWASP Foundation growth on a regional level.
> Personally, I think this decision belongs in the hands of the event
> planners with approval from the committee they ultimately choose to go
> with. Both committees need to list out what structure they provide around
> event planning so the organizers have expectations set up front.
> 2) What kind of profit sharing model makes sense? The board has
> specifically said they want a model that supports innovation, removes caps,
> and accounts for Foundation costs. Assuming that we can enumerate what
> these Foundation costs are in relation to events, what can we do here to
> reward and even incentivize our chapters for putting on their own events,
> raising money, educating, and hopefully becoming self-sustaining?
> Personally, I believe that any model which focuses on percentage splits
> here is inherently flawed. In my arguments to the Board on behalf of
> LASCON I stated that what needs to happen (at least as it relates to
> Chapter events) is a tiered approach for profit sharing.
> Step 1 - We account for all obvious expenses for the event. In theory,
> all events should be limited to the amount of up-front money they can
> commit specifically to cover things like venue deposits. I think we need
> to come up with an amount for what this would be before committee approval
> is necessary. We should strongly discourage spending additional funds
> beyond those required for "start up" until other funding has been obtained
> to cover the costs.
> Step 2 - We account for all Foundation expenses for the event. We need to
> enumerate what exactly these are and come up with a way to "bill" them by
> event. I would think this includes things like event insurance and
> Foundation staff time, but I've never been successful in getting a good
> dollar value or listing on what all of the Foundational expenses are. In
> any case, I think once the "hard costs" are covered under Step 1, we need
> to cover these Foundational "soft costs".
> Step 3 - We give the participating chapters what they need to become
> self-sustaining. This is where our approach should differ from the
> Conference Committee in that we are focused on "Chapter Events' whereas
> they are focused on "Foundation Events". So, the question becomes....how
> do we know what the chapters need to become self-sustaining? I know that
> several people have brought forth objections to this in the past, but I
> believe the answer here is a chapter budget. It doesn't have to be
> anything overly complex. In fact, our current chapter handbook actually
> already has a sample chapter budget referenced in it that is extremely
> simple. We just need something that lists out a chapter's expenses over
> the course of the year. Yes, sometimes budgets will be imprecise, but
> that's life in the real world. If a chapter can take the time to run an
> event outside of their meetings that makes enough money to get to this
> step, then they certainly have the ability to do a simple budget. These
> budgets also help us address the board's concern over stale funds in
> chapter accounts.
> Step 4 - Any time we have enough money to get to this step, we should
> consider this "gravy". With the chapter already getting what the need in
> order to self-sustain, and the foundation already getting what it needs to
> cover it's costs, the only real caveat placed on these funds is that they
> should be used to benefit the foundation. What that means I don't really
> know. Personally, I'd like to see some of these funds invested back into
> the regional OWASP effort if one exists. Using LASCON as an example, I'd
> like to see some of our excess funds flow to the Dallas and Houston
> chapters that are strapped for cash, and subsequently, the ability to do
> big things like the Austin Chapter. I'm going to make a proposal here, but
> am open to any other suggestions. I'd like to see a 50/50 split on these
> remaining funds between the Foundation to support growth at an
> organizational level and any other chapters or projects that the planners
> feel strongly about supporting. If none, all remaining funds should go to
> the Foundation by default.
> 3) How do we provide for an annual review, requirements, or rules to
> address the issue of stale chapter funds in excessive amounts? Obviously,
> stale funds only applies to chapters with a substantial amount of money in
> their accounts, but the problem is determining what is "excessive".
> Because of this, I don't think we can set some random value here. For
> example, the Austin Chapter requires about $6,650 in funds each year while
> the Houston Chapter is barely doing anything with and has hardly any money
> in their bank account. I think the answer here is that all chapters with
> over a certain amount of money in their account (defined by whatever we
> think is "excessive amounts" of stale funds) need to be audited on an
> annual basis. I already discussed my thoughts with the committee around
> what that number is and how to handle the audit with the use of budgets,
> but am open to other suggestions that address this requirement from the
> I'd like to gather some feedback from the committee (Conference Committee
> feel free to chime in here as well) on these three topics and try to gather
> consensus before we move on to how we are going to address the other
> issues. Thanks!
> ---------- Forwarded message ----------
> From: Michael Coates <michael.coates at owasp.org>
> Date: Wed, Feb 22, 2012 at 7:24 PM
> Subject: [Global_conference_committee] LASCON Exception - Board Vote
> To: Josh Sokol <josh.sokol at ni.com>, Mark Bristow <mark.bristow at owasp.org>
> Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>,
> global_chapter_committee at lists.owasp.org,
> global_conference_committee at lists.owasp.org
> We wanted to thank everyone for the open, honest, and respectful
> discussion of the Lascon exception issue. The board has considered the
> information provided by all parties as well as the principles and mission
> of OWASP. After discussion and deliberation we've reached the following
> The OWASP Board has voted to approve the following:
> Approve LASCON Exception per current chapter & committee rules with the
> recommendation that LASCON considers the objectives provided by the Board
> for the new policy. Further, this is the second and final exception for
> The updated chapter/conference policy must be approved within 45 days or
> LASCON exception is revoked.
> Recommendations for the New Policy
> The OWASP board would like the conferences and chapters committees to work
> together to jointly draft and approve an update to the policies governing
> chapters and conference events. We appreciate all the hard work that the
> committees have put forth to grow our chapters and conferences to its
> current state. We've accomplished some great things and this is another
> situation where we have to review and adjust as a result of our continued
> growth and success as an organization (a good problem to have).
> As global committee members you are in the best place to determine the
> specifics of this policy; however, we would like to set an overall
> direction that will be worked towards and we’ve outlined the following
> objectives that should be considered for the updated chapter and conference
> We encourage the committees to review these guiding objectives and work to
> build a structure that will encourage the growth of OWASP and our mission.
> • Guiding Objectives
> • We would like to see chapter empowerment through a profit
> sharing model that is in line with our core value of Innovation
> • We have concerns over the use of profit caps on gains
> from specific events
> • We would like some sort of annual review, requirements,
> or rules to address the issue of stale chapter funds in excessive amounts
> • We would like some periodic recap on funds spent by
> chapters to help ensure funds are appointed on items aligned with the
> “OWASP Mission”.
> • We recognize there could be concerns over conflicting
> large chapter events and our core global conferences. Controls should be
> added to prevent this conflict (perhaps CFP blackout periods in regions
> within X months of a global event)
> • We would like a dedicated committee with continual and
> significant control over the core OWASP global events (i.e. conference
> • Foundation has resources that can be are being provided
> to local chapter events but we need these costs to be accounted for in the
> chapter's event planning
> • Controls are needed to prevent chapters from
> over-committing on financial costs
> • Final policy and structure created by the committees
> should ensure, as much as is possible, that there is no incentive for
> chapters to form legal entities in their own countries. Any such activity
> has significant implications for the foundation and must be discussed and
> coordinated with the Foundation Board.
> • Infrastructure
> • Chapters must use established technology methods (such as
> regonline) any time money is handled
> • CFPs need to use established OWASP procedures
> • A single “source of truth” is needed for all events so
> that OWASP employees can best assist all events. These include events
> under either committee’s purview.
> • Branding
> • Naming standard enforced for all events (e.g. OWASP X)
> • Logo standards that includes OWASP on all logos, event
> sites, collateral, etc
> Thanks for the significant efforts that have been made thus far and we
> look forward to the updated policy/policies that can take OWASP and our
> growing member and chapter base to the next level.
> Lastly, Kate will update the official vote record to reflect our vote and
> capture the above guiding objectives on the wiki.
> -The OWASP Board
> Michael Coates
> michael.coates at owasp.org
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board