[Owasp-board] [Global_chapter_committee] Proposed Conferences/Chapters policy changes

Josh Sokol josh.sokol at owasp.org
Tue Mar 20 13:25:40 UTC 2012


We have 1 vote "Yes", 3 votes "No", and one vote absent.  The motion to
approve fails.

Rather than ditch all of this hard work, I'd now like to put this back on
the committee to come up with a plan that satisfies *ALL* of the Board's
Guiding Objectives.  I have shared with you a Google Doc containing these
or you may refer to them as they were sent by Kate in a previous message.
I have also shared a Google Doc containing the wording for the policy that
you just voted on.  I realize that it's a short timeframe, but given the
timeline that the Board set for this I'd like to have the Chapter
Committee's ideal policy ready for a Committee vote no later than next *Monday,
March 26*.  Tin has already put forward something that makes a good base
for this so I'd suggest working to improve upon this to make sure 1) This
satisfies all of the Board's objectives and 2) Everyone approves of this
general approach.

~josh

On Mon, Mar 19, 2012 at 9:43 PM, Matt Tesauro <matt.tesauro at owasp.org>wrote:

> > "single point of truth": why?
>
> I was one of the proponents of this guiding principal.  The idea was to
> have a method of knowing what events are going on for OWASP.
>  Fundamentally, and particularly for the full-time employees we have,
> knowing that we put on X local events in Y locations over the course of
> year helps form a clear picture of how active and vibrant our community is.
>  It also will allow us to focus energy on supporting events (be they
> conference or chapter ones) by providing us some numbers on how many occur
> and what they are like.  The current call for marketing & press information
> would be more helpful and focused if we had some easy to gather numbers at
> hand.
>
> This does not have to represent a significant burden to chapters - its
> simply the Foundation saying "Let us know what you're up to so we can help
> you and the community fulfill our mission"  It was *not* intended to be a
> "Get permission before you do something" principal.  I've seen the forms on
> OCMS and they're not large or painful.  At most 15 minutes to fill in a web
> form so that we can get better visibility on OWASP events overall was the
> intent.
>
> The one thing I was trying to avoid by the "single point of truth" was a
> list of events on the conference page (conferences) and a list of events on
> the chapters page (chapter events).  For those who are not inside the
> community, this makes no sense.  Having a "single point of truth" allows us
> to better list, organize (e.g. on the Wiki, geographically, etc), and
> promote OWASP's efforts to bring our message to broader groups.
>
> There will always be contention between centralized and de-centralized
> notions in OWASP.  As long as we stick to our core values (e.g. innovation)
> we can provide the best balance between laissez-faire and centralized
> command.  I see this as, like John Wilander recently pointed out, a "tax"
> on those parties wanting to put on OWASP events.  Its not much to pay and
> it helps drive and inform the overall community so it can iteratively get
> better over time.
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
> On Mon, Mar 19, 2012 at 3:29 PM, Seba <seba at owasp.org> wrote:
>
>> All,
>>
>> As chapters committee member, I am also voting No.
>> There are too many questions / remarks I have with the proposed policy:
>>
>> Training: not part of the question (leave it up to the education
>> committee)
>>
>> How many chapter have > € 5000 now? Aren't we trying to solve a challenge
>> for the happy few with too many red tape for the upcoming chapters?
>>
>> Why > 10k board approval required?
>>
>> Handbook chapter 4 is guidance, not policy: if we want to make it
>> mandatory we have to add it to the mandatory section
>>
>>
>>
>> Don't agree with "Have the responsibility and authority for supporting
>> and managing all chapter meetings": Why?
>>
>> "single point of truth": why?
>>
>>
>>
>> I don't agree that a chapter who charges a fee for an event = event
>> defacto "managed by the conferences committee"
>>
>> I don't agree with the "single point of truth" for the conference page
>>
>> Why "Global Conferences Committee will take a more active, direct role in
>> the planning the marquee foundation events" : the original issue at hand
>> (lascon) was not about the global appsec events: why this direct role?
>>
>> Why does the conferences committee set the branding rules for all the
>> events?
>>
>> What business & authority does the conference committee have with the
>> chapter budgets?
>>
>> I don't agree with "■It is the responsibility of the chapter to plan
>> ahead appropriately to get this budget through the Global Chapters
>> Committee approval process if they intend to use the event to generate
>> chapter revenue" => that would mean each event that e.g. Generates extra
>> chapter sponsoring requires the conferences approval: what are you trying
>> to achieve here?
>>
>> Chapter sponsorship should be explicitly out of this policy: only
>> governed by the chapters committee
>>
>> The split is not clear: 50/50 or policy per type of event (still to be
>> decided?)
>>
>>
>> I don't agree with the top-down management point of view in general: to
>> be scalable our guidance/policies should encourage local responsability and
>> empowerment.
>>
>> --seba
>>
>> On Wed, Mar 14, 2012 at 8:27 PM, Tin Zaw <tin.zaw at owasp.org> wrote:
>>
>>> Josh, Mark, and Sarah,
>>>
>>> Thank you for your hard work to come up with the draft.
>>>
>>> I intend to vote No on this as the new policies are not in agreement
>>> with my philosophy of stronger chapters. In addition, they put much
>>> more burden on the committee members (of both committees).
>>>
>>> I am for stronger, more independent chapters with the board and the
>>> committees providing oversight, not routine management, to prevent bad
>>> things from happening. The goal for the board and the committees
>>> should not be to approve every decision by chapters.
>>>
>>> There are items in the proposal that I disagree more strongly with,
>>> but at this point, I won't elaborate on it, because my intent on No
>>> vote is based on philosophical standing.
>>>
>>> Thanks.
>>>
>>>
>>>
>>> On Tue, Mar 13, 2012 at 11:35 AM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>> > For single-chapter events there would be two "buckets" each with a
>>> target
>>> > amount of the chapter budget.  For multi-chapter events we just add
>>> more
>>> > buckets for the additional chapter budgets.  Once a chapter bucket is
>>> full,
>>> > they stop earning money from the event and the remaining amount goes
>>> to the
>>> > Foundation.  This ensures that the Foundation and the Chapter earn
>>> money
>>> > from the event at an equal rate.  Your example of how the funds would
>>> get
>>> > split is correct.
>>> >
>>> > Budgets are only necessary if a chapter wants to receive money from an
>>> event
>>> > or if they have more than $5,000 in their bank account at the end of
>>> the
>>> > year.  This was requested by the Board in the guiding objective which
>>> states
>>> > "We would like some sort of annual review, requirements, or rules to
>>> address
>>> > the issue of stale chapter funds in excessive amounts" as well as "We
>>> would
>>> > like some periodic recap on funds spent by chapters to help ensure
>>> funds are
>>> > appointed on items aligned with the OWASP Mission".  Yes, this does
>>> add some
>>> > additional operational work for our committee.
>>> >
>>> > ~josh
>>> >
>>> >
>>> > On Tue, Mar 13, 2012 at 1:19 PM, Seba <seba at owasp.org> wrote:
>>> >>
>>> >> can you explain:
>>> >> "Profit will be split 50/50 between the foundation and the chapter up
>>> >> until the chapter has received an amount equal to the chapter annual
>>> budget
>>> >> amount"
>>> >> My understanding is:
>>> >> if in belgium we have an annual budget of € 10000, and we organize an
>>> >> event with income resulting in a e.g. € 25000 the split would be €
>>> 15000 to
>>> >> the foundation and €10000 to the chapter?
>>> >>
>>> >> a general remark: it seems we are loading a lot of operational work
>>> on the
>>> >> committee in reviewing local budgets?
>>> >>
>>> >> --seba
>>> >> On Tue, Mar 13, 2012 at 6:11 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>> >>>
>>> >>> Please discuss.  We will be taking this to a committee vote for
>>> approval
>>> >>> at the next Chapter Committee meeting next Monday, March 19th.
>>> Please be
>>> >>> sure to send me and Sarah your vote before that deadline if you will
>>> be
>>> >>> unable to attend the meeting.  Thank you.
>>> >>>
>>> >>> ~josh
>>> >>>
>>> >>>
>>> >>> On Tue, Mar 13, 2012 at 12:05 PM, Sarah Baso <sarah.baso at owasp.org>
>>> >>> wrote:
>>> >>>>
>>> >>>> Global Chapters Committee,
>>> >>>>
>>> >>>> (Note: same email send to Conference Committee on separate thread)
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> In response to the guiding objectives by the board, the Conferences
>>> and
>>> >>>> Chapter Committee Chairs have worked together to formulate some
>>> policy
>>> >>>> changes that we believe will meet the direction of the board while
>>> allowing
>>> >>>> chapters and the foundation to grow and innovate.  These points
>>> have been
>>> >>>> discussed at length and now we wish to hear your input on the
>>> matter.  We
>>> >>>> have agreed on the outlined plan below and as a result each of us
>>> will not
>>> >>>> make comments here past clarifications to any questions any of you
>>> have to
>>> >>>> the proposed policy.  We would like to cap the debate on this topic
>>> and take
>>> >>>> the following to a committee vote on Monday, March 19th using a
>>> majority
>>> >>>> approval rule for both committees in order to meet the board's 45
>>> day
>>> >>>> deadline.
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> The Global Chapters Committee shall:
>>> >>>>
>>> >>>> ●      Manage all chapter meetings or trainings that do not charge
>>> a fee
>>> >>>> for admission.
>>> >>>>
>>> >>>> ●      Establish an annual budget process for all chapters
>>> >>>>
>>> >>>> ○      At the end of each calendar year, a chapter with more than
>>> $5,000
>>> >>>> in it's bank account must submit a budget to be reviewed by the
>>> Global
>>> >>>> Chapters Committee to justify the rollover of any funds beyond that
>>> amount.
>>> >>>> In the event that the chapter does not submit a budget for the
>>> remaining
>>> >>>> funds or if any unbudgeted funds remain after December 31, the
>>> chapter will
>>> >>>> be given one month to determine another OWASP Chapter, Committee,
>>> or Project
>>> >>>> to allocate the unused funds toward.  If no designations are made
>>> before
>>> >>>> February 1, then all unused funds will be transferred to the OWASP
>>> >>>> Foundation main account.
>>> >>>>
>>> >>>> ○      Any chapter with more than $10,000 must also obtain Board
>>> >>>> approval for their annual budget.
>>> >>>>
>>> >>>> ○      The Global Chapters Committee will maintain "official"
>>> budgets on
>>> >>>> the wiki or via google docs where they are accessible to all OWASP
>>> >>>> participants.
>>> >>>>
>>> >>>> ○      The Global Chapters Committee will update Chapter 4 -
>>> Section 7
>>> >>>> of the Chapter Handbook with the new budget policy.
>>> >>>>
>>> >>>> ●      Establish by June 1st chapter spending guidelines (These
>>> should
>>> >>>> be under Chapter 4 - Section 7.1 of the Chapter Handbook)
>>> >>>>
>>> >>>> ●      Have the responsibility and authority for supporting and
>>> managing
>>> >>>> all chapter meetings
>>> >>>>
>>> >>>> ○      The Chapter Handbook authored by the Global Chapters
>>> Committee
>>> >>>> shall serve as the single point of truth for all chapter policies
>>> >>>>
>>> >>>> ○      The Global Chapters Committee shall set all chapter policies
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> The Global Conferences Committee shall:
>>> >>>>
>>> >>>> ●      Manage all events that charge a fee for admission (voluntary
>>> >>>> donations exempted) and any free event determined by the organizer
>>> to be a
>>> >>>> conference versus a chapter meeting
>>> >>>>
>>> >>>> ●      Have the responsibility and authority for supporting and
>>> managing
>>> >>>> all events
>>> >>>>
>>> >>>> ○      The Global Conferences Committee has the responsibility for
>>> >>>> procuring and managing centralized assets such as, but not limited
>>> to
>>> >>>> registration tools and financial management tools
>>> >>>>
>>> >>>> ○      The Global Conferences Committee policy page shall serve as
>>> the
>>> >>>> single point of truth for all event policies
>>> >>>>
>>> >>>> ○      The Global Conferences Committee shall set all event policies
>>> >>>> with the exception of the profit sharing policy which requires the
>>> >>>> concurrence of the majority of the Global Chapters Committee to be
>>> modified.
>>> >>>>
>>> >>>> ●      The OWASP Event Management System (formerly OCMS) will serve
>>> as
>>> >>>> the single point of truth for OWASP events, AND will provide
>>> functionality
>>> >>>> to track chapter meetings in the next release
>>> >>>>
>>> >>>> ●      The Global Conferences Committee will revisit current event
>>> >>>> definitions and include clear, objective definitions of event types
>>> as well
>>> >>>> as the anticipated support level from the foundation.  These must be
>>> >>>> approved by June 1st.
>>> >>>>
>>> >>>> ●      The Global Conferences Committee will take a more active,
>>> direct
>>> >>>> role in the planning the marquee foundation events (currently
>>> defined as
>>> >>>> Global AppSec Events) including having a representative serve as
>>> Chair for
>>> >>>> these events.  (For this, Global Conferences Committee will require
>>> a full
>>> >>>> time support asset to handle the additional event coordination.
>>> Without
>>> >>>> these additional resources the conferences committee can not take
>>> on this
>>> >>>> added responsibility and will maintain an advisory/oversight role)
>>> >>>>
>>> >>>> ●      Any and all event policies in effect at the time of event
>>> >>>> approval shall apply to the event without modification unless a
>>> specific
>>> >>>> requirement to do so is set by the Board.
>>> >>>>
>>> >>>> ●      The Global Conferences Committee will implement a policy for
>>> >>>> managing all event funds through the foundation
>>> >>>>
>>> >>>> ○      The OWASP foundation will provide all "seed funds" needed for
>>> >>>> events up to the approved event budget and beyond with Global
>>> Conferences
>>> >>>> Committee approval
>>> >>>>
>>> >>>> ○      The Global Conferences Committee shall be responsible for the
>>> >>>> review, approval and signature of all contracts related to events
>>> >>>>
>>> >>>> ○      The Global Conferences Committee may provide an exception for
>>> >>>> events with extraordinary circumstances
>>> >>>>
>>> >>>> ○      Any event using the OWASP brand not using the Foundation to
>>> >>>> process it's finances will be in violation of OWASP brand usage
>>> rules and
>>> >>>> will be referred to the Board for action
>>> >>>>
>>> >>>> ●      The Global Conferences Committee will set the following
>>> branding
>>> >>>> rules except where it is unreasonable to do so
>>> >>>>
>>> >>>> ○      All events must use "OWASP" in their title, such as "OWASP's
>>> >>>> AppSec XYZ"
>>> >>>>
>>> >>>> ○      Events may use their own logos so long as they include the
>>> OWASP
>>> >>>> wasp (The Global Conferences Committee will manage logo approvals),
>>> color
>>> >>>> palate is optional
>>> >>>>
>>> >>>> ○      The OWASP logo must be present on all websites/materials,
>>> except
>>> >>>> where it is unreasonable to do so
>>> >>>>
>>> >>>> ○      A link back to owasp.org must be present on all
>>> >>>> websites/materials except where it is unreasonable to do so
>>> >>>>
>>> >>>> ●      The Global Conferences Committee sets the following event
>>> profit
>>> >>>> sharing model for all events:
>>> >>>>
>>> >>>> ○      At the time of approval, the Global Conferences Committee
>>> will
>>> >>>> record the chapter's current annual budget expenditures (referred
>>> to as
>>> >>>> chapter annual budget)
>>> >>>>
>>> >>>>                                           ■Chapters that do not have
>>> >>>> approved budgets shall have the chapter annual budget value set to
>>> $0
>>> >>>>
>>> >>>>                                           ■It is the responsibility
>>> of
>>> >>>> the chapter to plan ahead appropriately to get this budget through
>>> the
>>> >>>> Global Chapters Committee approval process if they intend to use
>>> the event
>>> >>>> to generate chapter revenue
>>> >>>>
>>> >>>> ○      Profits are all monies collected for the event (regardless of
>>> >>>> source) above the direct expenditures for the event
>>> >>>>
>>> >>>>                                           ■Any membership
>>> registrations
>>> >>>> as result of an event will be handled per Global Membership
>>> Committee policy
>>> >>>> and are not considered in this equation
>>> >>>>
>>> >>>> ○      Profit will be split 50/50 between the foundation and the
>>> chapter
>>> >>>> up until the chapter has received an amount equal to the chapter
>>> annual
>>> >>>> budget amount
>>> >>>>
>>> >>>> ○      After the chapter has received an amount equal to the chapter
>>> >>>> annual budget the Foundation shall receive 100% of the remaining
>>> profits.
>>> >>>>
>>> >>>> ○      Any Event Losses shall be the responsibility of the
>>> Foundation
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> Sarah Baso on behalf of Mark Bristow and Josh Sokol
>>> >>>>
>>> >>>> --
>>> >>>> OWASP Operational Support:
>>> >>>> Conference Logistics & Community Relations
>>> >>>>
>>> >>>> Dir: 312-869-2779
>>> >>>> skype: sarah.baso
>>> >>>>
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> Global_chapter_committee mailing list
>>> >>> Global_chapter_committee at lists.owasp.org
>>> >>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>> >>>
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > Global_chapter_committee mailing list
>>> > Global_chapter_committee at lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>> >
>>>
>>>
>>>
>>> --
>>> Tin Zaw, CISSP, CSSLP
>>> Chapter Leader and President, OWASP Los Angeles Chapter
>>> Member, OWASP Global Chapter Committee
>>> Google Voice: (213) 973-9295
>>> LinkedIn: http://www.linkedin.com/in/tinzaw
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120320/a1c99ab5/attachment-0001.html>


More information about the Owasp-board mailing list