[Owasp-board] [Global_chapter_committee] A New Event Policy for OWASP

Jason Li jason.li at owasp.org
Fri Feb 24 23:43:31 UTC 2012


One thing I would suggest getting away from is the concept of whether an
event is "controlled by" the Chapter Committee vs the Conferences Committee.

That kind of mentality makes this policy-making very confrontational.

This work isn't about one committee or another - it's about establishing a
unified policy that makes sense for all of OWASP at a macro and micro scale.

In fact, I see no reason why there couldn't be an event that had policies
and support mechanisms from both committees that applied to the event.

-Jason

On Thu, Feb 23, 2012 at 1:46 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Chapter Committee Members,
>
> Hopefully by now you have all had a chance to read Michael's e-mail
> regarding the Board's decision on the LASCON request for exemption and the
> desire for a change in policy around events.  We should all view the
> discussions which will follow as an excellent way for our committee to
> shape the future of Chapters and their ability to grow and be sustainable
> over the long-term.  To summarize, the board has asked us to work with the
> Conference Committee to come up with a policy which address all of the
> following guiding objectives:
>
>
>    - Chapter empowerment through a profit sharing model that is in line
>    with our core value of Innovation
>    - No profit caps on gains from specific events
>    - Annual review, requirements, or rules to address the issue of stale
>    chapter funds in excessive amounts
>    - Periodic recap on funds spent by chapters to help ensure funds are
>    appointed on items aligned with the "OWASP Mission"
>    - Added controls to prevent conflicts between large chapter events and
>    core global conferences.
>    - A dedicated committee with continual and significant control over
>    the core OWASP global events (Conferences Committee)
>    - A model which accounts for costs associated with Foundation
>    resources provided to local events.
>    - Controls to prevent chapters from over-committing on financial costs
>    - Final policy and structure should ensure no incentive for chapters
>    to form legal entities in their own countries.
>    - Chapters must use established technology methods (RegOnline) any
>    time money is handled
>    - CFPs need to use established OWASP procedures
>    - A single "source of truth" for all events.  (I assume this means a
>    single place to coordinate all events)
>    - Naming standards for all events
>    - Logo standards that include OWASP on all logos, event sites,
>    collateral, etc
>
> I feel very strongly that these are guidelines that we can work with in
> order to craft this new policy.  That said, before we get started on the
> policy itself, I have a few questions for you all.
>
> 1) What criteria do we use to distinguish between an event controlled by
> the Chapter Committee vs an event controlled by the Conferences Committee.
> It's clear that the label of "Conference" is not enough.  I also feel
> strongly that metrics such as "number of attendees" or "where attendees are
> from" make for poor determining factors as they fail to account for chapter
> growth on a local level and OWASP Foundation growth on a regional level.
> Personally, I think this decision belongs in the hands of the event
> planners with approval from the committee they ultimately choose to go
> with.  Both committees need to list out what structure they provide around
> event planning so the organizers have expectations set up front.
>
> 2) What kind of profit sharing model makes sense?  The board has
> specifically said they want a model that supports innovation, removes caps,
> and accounts for Foundation costs.  Assuming that we can enumerate what
> these Foundation costs are in relation to events, what can we do here to
> reward and even incentivize our chapters for putting on their own events,
> raising money, educating, and hopefully becoming self-sustaining?
> Personally, I believe that any model which focuses on percentage splits
> here is inherently flawed.  In my arguments to the Board on behalf of
> LASCON I stated that what needs to happen (at least as it relates to
> Chapter events) is a tiered approach for profit sharing.
>
> Step 1 - We account for all obvious expenses for the event.  In theory,
> all events should be limited to the amount of up-front money they can
> commit specifically to cover things like venue deposits.  I think we need
> to come up with an amount for what this would be before committee approval
> is necessary.  We should strongly discourage spending additional funds
> beyond those required for "start up" until other funding has been obtained
> to cover the costs.
>
> Step 2 - We account for all Foundation expenses for the event.  We need to
> enumerate what exactly these are and come up with a way to "bill" them by
> event.  I would think this includes things like event insurance and
> Foundation staff time, but I've never been successful in getting a good
> dollar value or listing on what all of the Foundational expenses are.  In
> any case, I think once the "hard costs" are covered under Step 1, we need
> to cover these Foundational "soft costs".
>
> Step 3 - We give the participating chapters what they need to become
> self-sustaining.  This is where our approach should differ from the
> Conference Committee in that we are focused on "Chapter Events' whereas
> they are focused on "Foundation Events".  So, the question becomes....how
> do we know what the chapters need to become self-sustaining?  I know that
> several people have brought forth objections to this in the past, but I
> believe the answer here is a chapter budget.  It doesn't have to be
> anything overly complex.  In fact, our current chapter handbook actually
> already has a sample chapter budget referenced in it that is extremely
> simple.  We just need something that lists out a chapter's expenses over
> the course of the year.  Yes, sometimes budgets will be imprecise, but
> that's life in the real world.  If a chapter can take the time to run an
> event outside of their meetings that makes enough money to get to this
> step, then they certainly have the ability to do a simple budget.  These
> budgets also help us address the board's concern over stale funds in
> chapter accounts.
>
> Step 4 - Any time we have enough money to get to this step, we should
> consider this "gravy".  With the chapter already getting what the need in
> order to self-sustain, and the foundation already getting what it needs to
> cover it's costs, the only real caveat placed on these funds is that they
> should be used to benefit the foundation.  What that means I don't really
> know.  Personally, I'd like to see some of these funds invested back into
> the regional OWASP effort if one exists.  Using LASCON as an example, I'd
> like to see some of our excess funds flow to the Dallas and Houston
> chapters that are strapped for cash, and subsequently, the ability to do
> big things like the Austin Chapter.  I'm going to make a proposal here, but
> am open to any other suggestions.  I'd like to see a 50/50 split on these
> remaining funds between the Foundation to support growth at an
> organizational level and any other chapters or projects that the planners
> feel strongly about supporting.  If none, all remaining funds should go to
> the Foundation by default.
>
> 3) How do we provide for an annual review, requirements, or rules to
> address the issue of stale chapter funds in excessive amounts?  Obviously,
> stale funds only applies to chapters with a substantial amount of money in
> their accounts, but the problem is determining what is "excessive".
> Because of this, I don't think we can set some random value here.  For
> example, the Austin Chapter requires about $6,650 in funds each year while
> the Houston Chapter is barely doing anything with and has hardly any money
> in their bank account.  I think the answer here is that all chapters with
> over a certain amount of money in their account (defined by whatever we
> think is "excessive amounts" of stale funds) need to be audited on an
> annual basis.  I already discussed my thoughts with the committee around
> what that number is and how to handle the audit with the use of budgets,
> but am open to other suggestions that address this requirement from the
> board.
>
> I'd like to gather some feedback from the committee (Conference Committee
> feel free to chime in here as well) on these three topics and try to gather
> consensus before we move on to how we are going to address the other
> issues.  Thanks!
>
> ~josh
>
> ---------- Forwarded message ----------
> From: Michael Coates <michael.coates at owasp.org>
> Date: Wed, Feb 22, 2012 at 7:24 PM
> Subject: [Global_conference_committee] LASCON Exception - Board Vote
> To: Josh Sokol <josh.sokol at ni.com>, Mark Bristow <mark.bristow at owasp.org>
> Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>,
> global_chapter_committee at lists.owasp.org,
> global_conference_committee at lists.owasp.org
>
>
> We wanted to thank everyone for the open, honest, and respectful
> discussion of the Lascon exception issue.  The board has considered the
> information provided by all parties as well as the principles and mission
> of OWASP.  After discussion and deliberation we've reached the following
> decision:
>
>
> The OWASP Board has voted to approve the following:
> =
> Approve LASCON Exception per current chapter & committee rules with the
> recommendation that LASCON considers the objectives provided by the Board
> for the new policy. Further, this is the second and final exception for
> LASCON.
>
> The updated chapter/conference policy must be approved within 45 days or
> LASCON exception is revoked.
> =
>
>
> Recommendations for the New Policy
>
> The OWASP board would like the conferences and chapters committees to work
> together to jointly draft and approve an update to the policies governing
> chapters and conference events. We appreciate all the hard work that the
> committees have put forth to grow our chapters and conferences to its
> current state.  We've accomplished some great things and this is another
> situation where we have to review and adjust as a result of our continued
> growth and success as an organization (a good problem to have).
>
> As global committee members you are in the best place to determine the
> specifics of this policy; however, we would like to set an overall
> direction that will be worked towards and we’ve outlined the following
> objectives that should be considered for the updated chapter and conference
> policies.
>
>
> We encourage the committees to review these guiding objectives and work to
> build a structure that will encourage the growth of OWASP and our mission.
>
>        • Guiding Objectives
>                • We would like to see chapter empowerment through a profit
> sharing model that is in line with our core value of Innovation
>                • We have concerns over the use of profit caps on gains
> from specific events
>                • We would like some sort of annual review, requirements,
> or rules to address the issue of stale chapter funds in excessive amounts
>                • We would like some periodic recap on funds spent by
> chapters to help ensure funds are appointed on items aligned with the
> “OWASP Mission”.
>                • We recognize there could be concerns over conflicting
> large chapter events and our core global conferences. Controls should be
> added to prevent this conflict (perhaps CFP blackout periods in regions
> within X months of a global event)
>                • We would like a dedicated committee with continual and
> significant control over the core OWASP global events (i.e. conference
> committee)
>                • Foundation has resources that can be are being provided
> to local chapter events but we need these costs to be accounted for in the
> chapter's event planning
>                • Controls are needed to prevent chapters from
> over-committing on financial costs
>                • Final policy and structure created by the committees
> should ensure, as much as is possible, that there is no incentive for
> chapters to form legal entities in their own countries.  Any such activity
> has significant implications for the foundation and must be discussed and
> coordinated  with the Foundation Board.
>        • Infrastructure
>                • Chapters must use established technology methods (such as
> regonline) any time money is handled
>                • CFPs need to use established OWASP procedures
>                • A single “source of truth” is needed for all events so
> that OWASP employees can best assist all events.  These include events
> under either  committee’s purview.
>        • Branding
>                • Naming standard enforced for all events (e.g. OWASP X)
>                • Logo standards that includes OWASP on all logos, event
> sites, collateral, etc
>
>
> Thanks for the significant efforts that have been made thus far and we
> look forward to the updated policy/policies that can take OWASP and our
> growing member and chapter base to the next level.
>
>
> Lastly, Kate will update the official vote record to reflect our vote and
> capture the above guiding objectives on the wiki.
>
>
>
>
>
> -The OWASP Board
>
> Michael Coates
> michael.coates at owasp.org
>
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120224/106eb22e/attachment-0001.html>


More information about the Owasp-board mailing list