[Owasp-board] [Global_chapter_committee] Proposed Conferences/Chapters policy changes

Kate Hartmann kate.hartmann at owasp.org
Mon Mar 19 20:56:12 UTC 2012


The two committee chairs were tasked with creating a policy based on guidelines from the Board which I have copied and pasted below.  Mark and Josh had worked to create a document that would address these points.

If they do not work for you, as a committee member, please provide another draft of a policy that meets the objectives while maintaining our core values.

• Guiding Objectives
               • We would like to see chapter empowerment through a profit sharing model that is in line with our core value of Innovation
               • We have concerns over the use of profit caps on gains from specific events
               • We would like some sort of annual review, requirements, or rules to address the issue of stale chapter funds in excessive amounts
               • We would like some periodic recap on funds spent by chapters to help ensure funds are appointed on items aligned with the “OWASP Mission”.
               • We recognize there could be concerns over conflicting large chapter events and our core global conferences. Controls should be added to prevent this conflict (perhaps CFP blackout periods in regions within X months of a global event)
               • We would like a dedicated committee with continual and significant control over the core OWASP global events (i.e. conference committee)
               • Foundation has resources that can be are being provided to local chapter events but we need these costs to be accounted for in the chapter's event planning
               • Controls are needed to prevent chapters from over-committing on financial costs
               • Final policy and structure created by the committees should ensure, as much as is possible, that there is no incentive for chapters to form legal entities in their own countries.  Any such activity has significant implications for the foundation and must be discussed and coordinated  with the Foundation Boa
       • Infrastructure
               • Chapters must use established technology methods (such as regonline) any time money is handled
               • CFPs need to use established OWASP procedures
               • A single “source of truth” is needed for all events so that OWASP employees can best assist all events.  These include events under either  committee’s purview.
       • Branding
               • Naming standard enforced for all events (e.g. OWASP X)
               • Logo standards that includes OWASP on all logos, event sites, collateral, etc

Kate Hartmann
Operations Director
301-275-9403
www.owasp.org 
Skype:  Kate.hartmann1

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tin Zaw
Sent: Wednesday, March 14, 2012 3:27 PM
To: Josh Sokol
Cc: OWASP Foundation Board List; OWASP Chapters Committee
Subject: Re: [Owasp-board] [Global_chapter_committee] Proposed Conferences/Chapters policy changes

Josh, Mark, and Sarah,

Thank you for your hard work to come up with the draft.

I intend to vote No on this as the new policies are not in agreement with my philosophy of stronger chapters. In addition, they put much more burden on the committee members (of both committees).

I am for stronger, more independent chapters with the board and the committees providing oversight, not routine management, to prevent bad things from happening. The goal for the board and the committees should not be to approve every decision by chapters.

There are items in the proposal that I disagree more strongly with, but at this point, I won't elaborate on it, because my intent on No vote is based on philosophical standing.

Thanks.



On Tue, Mar 13, 2012 at 11:35 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> For single-chapter events there would be two "buckets" each with a 
> target amount of the chapter budget.  For multi-chapter events we just 
> add more buckets for the additional chapter budgets.  Once a chapter 
> bucket is full, they stop earning money from the event and the 
> remaining amount goes to the Foundation.  This ensures that the 
> Foundation and the Chapter earn money from the event at an equal rate.  
> Your example of how the funds would get split is correct.
>
> Budgets are only necessary if a chapter wants to receive money from an 
> event or if they have more than $5,000 in their bank account at the 
> end of the year.  This was requested by the Board in the guiding 
> objective which states "We would like some sort of annual review, 
> requirements, or rules to address the issue of stale chapter funds in 
> excessive amounts" as well as "We would like some periodic recap on 
> funds spent by chapters to help ensure funds are appointed on items 
> aligned with the OWASP Mission".  Yes, this does add some additional operational work for our committee.
>
> ~josh
>
>
> On Tue, Mar 13, 2012 at 1:19 PM, Seba <seba at owasp.org> wrote:
>>
>> can you explain:
>> "Profit will be split 50/50 between the foundation and the chapter up 
>> until the chapter has received an amount equal to the chapter annual 
>> budget amount"
>> My understanding is:
>> if in belgium we have an annual budget of € 10000, and we organize an 
>> event with income resulting in a e.g. € 25000 the split would be € 
>> 15000 to the foundation and €10000 to the chapter?
>>
>> a general remark: it seems we are loading a lot of operational work 
>> on the committee in reviewing local budgets?
>>
>> --seba
>> On Tue, Mar 13, 2012 at 6:11 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>> Please discuss.  We will be taking this to a committee vote for 
>>> approval at the next Chapter Committee meeting next Monday, March 
>>> 19th.  Please be sure to send me and Sarah your vote before that 
>>> deadline if you will be unable to attend the meeting.  Thank you.
>>>
>>> ~josh
>>>
>>>
>>> On Tue, Mar 13, 2012 at 12:05 PM, Sarah Baso <sarah.baso at owasp.org>
>>> wrote:
>>>>
>>>> Global Chapters Committee,
>>>>
>>>> (Note: same email send to Conference Committee on separate thread)
>>>>
>>>>
>>>>
>>>> In response to the guiding objectives by the board, the Conferences 
>>>> and Chapter Committee Chairs have worked together to formulate some 
>>>> policy changes that we believe will meet the direction of the board 
>>>> while allowing chapters and the foundation to grow and innovate.  
>>>> These points have been discussed at length and now we wish to hear 
>>>> your input on the matter.  We have agreed on the outlined plan 
>>>> below and as a result each of us will not make comments here past 
>>>> clarifications to any questions any of you have to the proposed 
>>>> policy.  We would like to cap the debate on this topic and take the 
>>>> following to a committee vote on Monday, March 19th using a 
>>>> majority approval rule for both committees in order to meet the board's 45 day deadline.
>>>>
>>>>
>>>>
>>>> The Global Chapters Committee shall:
>>>>
>>>> ●      Manage all chapter meetings or trainings that do not charge 
>>>> a fee for admission.
>>>>
>>>> ●      Establish an annual budget process for all chapters
>>>>
>>>> ○      At the end of each calendar year, a chapter with more than 
>>>> $5,000 in it's bank account must submit a budget to be reviewed by 
>>>> the Global Chapters Committee to justify the rollover of any funds beyond that amount.
>>>> In the event that the chapter does not submit a budget for the 
>>>> remaining funds or if any unbudgeted funds remain after December 
>>>> 31, the chapter will be given one month to determine another OWASP 
>>>> Chapter, Committee, or Project to allocate the unused funds toward.  
>>>> If no designations are made before February 1, then all unused 
>>>> funds will be transferred to the OWASP Foundation main account.
>>>>
>>>> ○      Any chapter with more than $10,000 must also obtain Board 
>>>> approval for their annual budget.
>>>>
>>>> ○      The Global Chapters Committee will maintain "official" 
>>>> budgets on the wiki or via google docs where they are accessible to 
>>>> all OWASP participants.
>>>>
>>>> ○      The Global Chapters Committee will update Chapter 4 - 
>>>> Section 7 of the Chapter Handbook with the new budget policy.
>>>>
>>>> ●      Establish by June 1st chapter spending guidelines (These 
>>>> should be under Chapter 4 - Section 7.1 of the Chapter Handbook)
>>>>
>>>> ●      Have the responsibility and authority for supporting and 
>>>> managing all chapter meetings
>>>>
>>>> ○      The Chapter Handbook authored by the Global Chapters 
>>>> Committee shall serve as the single point of truth for all chapter 
>>>> policies
>>>>
>>>> ○      The Global Chapters Committee shall set all chapter policies
>>>>
>>>>
>>>>
>>>> The Global Conferences Committee shall:
>>>>
>>>> ●      Manage all events that charge a fee for admission (voluntary 
>>>> donations exempted) and any free event determined by the organizer 
>>>> to be a conference versus a chapter meeting
>>>>
>>>> ●      Have the responsibility and authority for supporting and 
>>>> managing all events
>>>>
>>>> ○      The Global Conferences Committee has the responsibility for 
>>>> procuring and managing centralized assets such as, but not limited 
>>>> to registration tools and financial management tools
>>>>
>>>> ○      The Global Conferences Committee policy page shall serve as 
>>>> the single point of truth for all event policies
>>>>
>>>> ○      The Global Conferences Committee shall set all event 
>>>> policies with the exception of the profit sharing policy which 
>>>> requires the concurrence of the majority of the Global Chapters Committee to be modified.
>>>>
>>>> ●      The OWASP Event Management System (formerly OCMS) will serve 
>>>> as the single point of truth for OWASP events, AND will provide 
>>>> functionality to track chapter meetings in the next release
>>>>
>>>> ●      The Global Conferences Committee will revisit current event 
>>>> definitions and include clear, objective definitions of event types 
>>>> as well as the anticipated support level from the foundation.  
>>>> These must be approved by June 1st.
>>>>
>>>> ●      The Global Conferences Committee will take a more active, 
>>>> direct role in the planning the marquee foundation events 
>>>> (currently defined as Global AppSec Events) including having a 
>>>> representative serve as Chair for these events.  (For this, Global 
>>>> Conferences Committee will require a full time support asset to 
>>>> handle the additional event coordination.  Without these additional 
>>>> resources the conferences committee can not take on this added 
>>>> responsibility and will maintain an advisory/oversight role)
>>>>
>>>> ●      Any and all event policies in effect at the time of event 
>>>> approval shall apply to the event without modification unless a 
>>>> specific requirement to do so is set by the Board.
>>>>
>>>> ●      The Global Conferences Committee will implement a policy for 
>>>> managing all event funds through the foundation
>>>>
>>>> ○      The OWASP foundation will provide all "seed funds" needed 
>>>> for events up to the approved event budget and beyond with Global 
>>>> Conferences Committee approval
>>>>
>>>> ○      The Global Conferences Committee shall be responsible for 
>>>> the review, approval and signature of all contracts related to 
>>>> events
>>>>
>>>> ○      The Global Conferences Committee may provide an exception 
>>>> for events with extraordinary circumstances
>>>>
>>>> ○      Any event using the OWASP brand not using the Foundation to 
>>>> process it's finances will be in violation of OWASP brand usage 
>>>> rules and will be referred to the Board for action
>>>>
>>>> ●      The Global Conferences Committee will set the following 
>>>> branding rules except where it is unreasonable to do so
>>>>
>>>> ○      All events must use "OWASP" in their title, such as "OWASP's 
>>>> AppSec XYZ"
>>>>
>>>> ○      Events may use their own logos so long as they include the 
>>>> OWASP wasp (The Global Conferences Committee will manage logo 
>>>> approvals), color palate is optional
>>>>
>>>> ○      The OWASP logo must be present on all websites/materials, 
>>>> except where it is unreasonable to do so
>>>>
>>>> ○      A link back to owasp.org must be present on all 
>>>> websites/materials except where it is unreasonable to do so
>>>>
>>>> ●      The Global Conferences Committee sets the following event 
>>>> profit sharing model for all events:
>>>>
>>>> ○      At the time of approval, the Global Conferences Committee 
>>>> will record the chapter's current annual budget expenditures 
>>>> (referred to as chapter annual budget)
>>>>
>>>>                                           ■Chapters that do not 
>>>> have approved budgets shall have the chapter annual budget value 
>>>> set to $0
>>>>
>>>>                                           ■It is the responsibility 
>>>> of the chapter to plan ahead appropriately to get this budget 
>>>> through the Global Chapters Committee approval process if they 
>>>> intend to use the event to generate chapter revenue
>>>>
>>>> ○      Profits are all monies collected for the event (regardless 
>>>> of
>>>> source) above the direct expenditures for the event
>>>>
>>>>                                           ■Any membership 
>>>> registrations as result of an event will be handled per Global 
>>>> Membership Committee policy and are not considered in this equation
>>>>
>>>> ○      Profit will be split 50/50 between the foundation and the 
>>>> chapter up until the chapter has received an amount equal to the 
>>>> chapter annual budget amount
>>>>
>>>> ○      After the chapter has received an amount equal to the 
>>>> chapter annual budget the Foundation shall receive 100% of the remaining profits.
>>>>
>>>> ○      Any Event Losses shall be the responsibility of the 
>>>> Foundation
>>>>
>>>>
>>>>
>>>> Sarah Baso on behalf of Mark Bristow and Josh Sokol
>>>>
>>>> --
>>>> OWASP Operational Support:
>>>> Conference Logistics & Community Relations
>>>>
>>>> Dir: 312-869-2779
>>>> skype: sarah.baso
>>>>
>>>
>>>
>>> _______________________________________________
>>> Global_chapter_committee mailing list 
>>> Global_chapter_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>>
>>
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>



--
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter Member, OWASP Global Chapter Committee Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw _______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board



More information about the Owasp-board mailing list