[Owasp-board] Fwd: [Global_chapter_committee] ProposedConferences/Chapters policy changes

Mark Bristow mark.bristow at owasp.org
Wed Mar 21 16:32:12 UTC 2012


Josh,

I'd love to hear your ideas but we should likely take that discussion
offline.

-Mark


On Wed, Mar 21, 2012 at 12:24 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> I should probably add that while I'm happy to share those ideas with the
> group, my view is that this is the core of the reason why the GConfC needs
> to take a more active role in focusing on making the AppSec Conferences
> successful.
>
> ~josh
>
>
> On Wed, Mar 21, 2012 at 11:21 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> This is why my question was should the AppSec conferences provide the
>> funding for the Foundation and not does it or will it.  It's a question
>> about the ideology of the organization aimed to get a direction from the
>> board.  It's not meant to address how things were, but rather how we think
>> they should be.  Could the four AppSec events provide funding for the
>> entire organization?  Absolutely.  I've got tons of ideas on how we could
>> increase profit margins from these events and lower Foundation expenses to
>> make it work.
>>
>> ~josh
>>
>>
>> On Wed, Mar 21, 2012 at 10:13 AM, Mark Bristow <mark.bristow at owasp.org>wrote:
>>
>>> Seba,
>>>
>>> I actually do not believe that statement #1 is accurate.  I think it's
>>> key to the conversation that a true revenue analysis be conducted here not
>>> only in how much money we take in from different categories of events (and
>>> memberships, sponsorships etc) but how much we spend on them as well.
>>>
>>> Regards,
>>> -Mark
>>>
>>>  On Wed, Mar 21, 2012 at 9:34 AM, Seba <seba at owasp.org> wrote:
>>>
>>>> fellow board members, committee chair leaders,
>>>>
>>>> open to discuss this per email or a dedicated conference call.
>>>>
>>>> My opinion on these core questions are:
>>>>
>>>> 1) The global AppSec conferences have been and should in the future be
>>>> the funding resource for the foundation, I don't see chapter events playing
>>>> a role in this
>>>>
>>>> 2) I am in favor of the federated model, where the "power" comes from
>>>> the local chapters
>>>>
>>>> --seba
>>>>
>>>>  ---------- Forwarded message ----------
>>>> From: Josh Sokol <josh.sokol at owasp.org>
>>>> Date: Wed, Mar 21, 2012 at 2:25 PM
>>>> Subject: Re: [Global_chapter_committee] [Owasp-board]
>>>> ProposedConferences/Chapters policy changes
>>>>  To: Seba <seba at owasp.org>
>>>> Cc: OWASP Chapters Committee <global_chapter_committee at lists.owasp.org>,
>>>> OWASP Foundation Board List <owasp-board at lists.owasp.org>, Mark
>>>> Bristow <mark.bristow at owasp.org>
>>>>
>>>>
>>>> Seba,
>>>>
>>>> I agree 100%.  The Conferences Committee does not have the time, the
>>>> energy, or the willpower to support events across the entire organization.
>>>> This is reflected in the plan where we requested a full headcount to
>>>> conferences in order to take it on.  Additional headcount would probably be
>>>> necessary as well for the Chapters Committee to support any sort of a
>>>> budget process.  I believe that the GConfC should focus on making the
>>>> Global AppSec events succesful both from a profit and educational
>>>> perspective and on putting the infrastructure in place (RegOnline, OCMS,
>>>> EasyChair, etc) to support the other conferences and events.  The notion
>>>> that four AppSec events each year cannot support the Foundation is absurd.
>>>> I've looked at the numbers and AppSec USA alone could probably support the
>>>> Foundation if we wanted it to.
>>>>
>>>> The Chapters should be free to innovate and create events for whatever
>>>> purpose they desire as long as it supports OWASP's mission.  As a
>>>> Foundation, we should be creating and supporting a set of guidelines such
>>>> as brand usage, content selection, etc, but should not be looking for ways
>>>> to limit a Chapter's growth potential.
>>>>
>>>> Seba hinted at it, but at the core of this debate is a decision on
>>>> whether the Foundation wants to adhere to a strong centralized model or
>>>> wants to be like a tree and provide a strong set of roots and support in
>>>> order to allow the leaves and branches to flourish.  The majority of the
>>>> plans which I laid out in my discussions with Mark were stricken down with
>>>> the notion that the four AppSec Conferences cannot alone support what the
>>>> Foundation wants to accomplish and the oganization relies on Chapter events
>>>> to pick up the slack.  Instead of forcing this issue back down on the
>>>> committees, I'd like to see the Board give clear guidance on this one
>>>> crucial point that will provide direction for the entire organization for
>>>> years to come.    I would like the Board to evaluate two questions:
>>>>
>>>> 1) Should the AppSec Conferences alone provide enough funding to
>>>> support the Foundation or do we need to rely on profit from Chapter events
>>>> to subsidize this gap?
>>>>
>>>> 2) Should the Foundation adhere to a strong centralized model of
>>>> governance in order to control the Chapters, Projects, etc or does the
>>>> Foundation desire a model providing high-level guidance, support, and
>>>> encouragement without the need to get hands-on with everything?
>>>>
>>>> The sooner the Board can come up with an answer to these two questions,
>>>> the sooner the Committees can come up with a set of policies that fits
>>>> these desires.
>>>>
>>>> ~josh
>>>>
>>>> On Wed, Mar 21, 2012 at 5:18 AM, Seba <seba at owasp.org> wrote:
>>>>
>>>>> Here is my input:
>>>>>
>>>>> I see the conferences committe to support the global conferences:
>>>>> these are our flagships and generate the majority of the income for the
>>>>> central OWASP Foundation.
>>>>> All events (including paying) that are organized by chapters are to be
>>>>> governed by the chapters committee
>>>>> the goal of these events is chapter outreach & growth
>>>>> All income generated by these chapter events should go back to the
>>>>> chapter (minus the costs incurred, e.g. regonline if that is used) and it
>>>>> is up to the local chapter board to use this for their own purpose or to
>>>>> "share back" towards other chapters, projects or the summit.
>>>>> I am a firm believer of local growth and minimal interference from the
>>>>> OWASP Foundation: it scales much bigger and faster.
>>>>> As chapter committee we should focus on (re)starting chapters and help
>>>>> them grow into big chapters with maximum impact in their region.
>>>>> As chapter committee we should facilitate knowledge & best practice
>>>>>  transfer from succesfull chapters towards new or struggling chapters.
>>>>>
>>>>> I don't think we should impose a budget on chapters, although we can
>>>>> point this out as best practice
>>>>> I don't think we can set one single "split", instead we should
>>>>> encourage and provide incentives to chapters to raise their own means and
>>>>> share with the rest of OWASP
>>>>>
>>>>> The impact on a global scale of 10s or even 100s of strong and
>>>>> "wealthy" chapters that are empowered in their own region is way bigger
>>>>> than having one "wealthy" central OWASP foundation and 100s of "poor"
>>>>> sattelites
>>>>>
>>>>> --seba
>>>>>
>>>>>
>>>>> On Wed, Mar 21, 2012 at 10:25 AM, Ivy <ivy at owasp.org.cn> wrote:
>>>>>
>>>>>> Thanks for Josh's document collection and sharing.
>>>>>>
>>>>>> here is to express my points:
>>>>>>
>>>>>> *Annual Budget Process:*
>>>>>>
>>>>>> Agreed most of items listed in "OWASP Event Policy" Document from
>>>>>> Josh. But i don't agree with "  In the event that the chapter does
>>>>>> not submit a budget for the remaining funds or if any unbudgeted funds
>>>>>> remain after December 31, the chapter will be given one month to determine
>>>>>> another OWASP Chapter, Committee, or Project to allocate the unused funds
>>>>>> toward. "
>>>>>>
>>>>>>  i think we should give a chapter another one year to determine the
>>>>>> remaining funds. Maybe we could not budget profit over 3-5 years, but 1-2
>>>>>> years are acceptable.
>>>>>> *Conference and Profit sharing : *
>>>>>> I agreed with Tin's idea and i suggest:
>>>>>>     1. Global AppSec Conferences : profit--100% to OWASP Foundation
>>>>>>     2. Self-supporting Events
>>>>>> --Profit --we may say 80% to local chapter and 20% to Foundation,
>>>>>> administrative overhead or regonline registration can charge for another
>>>>>> fee separately; If there is large amount of profit(we may set an amount or
>>>>>> decide by the chapters next year's budget), the chapter can choose to share
>>>>>> more percentage to Foundation or allocate part of funds to other
>>>>>> chapters/commitees/projects, etc.
>>>>>> -- Loss--100% to local chapter
>>>>>>     3. Events that require Financial Investment by the Foundation
>>>>>> --profit/loss:  how to split can be negotiable.
>>>>>>     4.  Events that require Financial Support by the Foundation
>>>>>> --Normally, new chapters always need financial support from
>>>>>> Foundation.
>>>>>>
>>>>>> ------------------
>>>>>>  Ivy Zhang****
>>>>>>  ------------------ Original ------------------
>>>>>>  *From: * "Josh Sokol"<josh.sokol at owasp.org>;
>>>>>> *Date: * Tue, Mar 20, 2012 09:25 PM
>>>>>> *To: * "Matt Tesauro"<matt.tesauro at owasp.org>; **
>>>>>>  *Cc: * "OWASP Foundation Board List"<owasp-board at lists.owasp.org>;
>>>>>> "OWASP Chapters Committee"<global_chapter_committee at lists.owasp.org>;
>>>>>> "Mark Bristow"<mark.bristow at owasp.org>; **
>>>>>> *Subject: * Re: [Global_chapter_committee] [Owasp-board]
>>>>>> ProposedConferences/Chapters policy changes
>>>>>>
>>>>>>  We have 1 vote "Yes", 3 votes "No", and one vote absent.  The
>>>>>> motion to approve fails.
>>>>>>
>>>>>> Rather than ditch all of this hard work, I'd now like to put this
>>>>>> back on the committee to come up with a plan that satisfies *ALL *of
>>>>>> the Board's Guiding Objectives.  I have shared with you a Google Doc
>>>>>> containing these or you may refer to them as they were sent by Kate in a
>>>>>> previous message.  I have also shared a Google Doc containing the wording
>>>>>> for the policy that you just voted on.  I realize that it's a short
>>>>>> timeframe, but given the timeline that the Board set for this I'd like to
>>>>>> have the Chapter Committee's ideal policy ready for a Committee vote no
>>>>>> later than next *Monday, March 26 *.  Tin has already put forward
>>>>>> something that makes a good base for this so I'd suggest working to improve
>>>>>> upon this to make sure 1) This satisfies all of the Board's objectives and
>>>>>> 2) Everyone approves of this general approach.
>>>>>>
>>>>>> ~josh
>>>>>>
>>>>>> On Mon, Mar 19, 2012 at 9:43 PM, Matt Tesauro <matt.tesauro at owasp.org
>>>>>> > wrote:
>>>>>>
>>>>>>>  > "single point of truth": why?
>>>>>>>
>>>>>>> I was one of the proponents of this guiding principal.  The idea was
>>>>>>> to have a method of knowing what events are going on for OWASP.
>>>>>>>  Fundamentally, and particularly for the full-time employees we have,
>>>>>>> knowing that we put on X local events in Y locations over the course of
>>>>>>> year helps form a clear picture of how active and vibrant our community is.
>>>>>>>  It also will allow us to focus energy on supporting events (be they
>>>>>>> conference or chapter ones) by providing us some numbers on how many occur
>>>>>>> and what they are like.  The current call for marketing & press information
>>>>>>> would be more helpful and focused if we had some easy to gather numbers at
>>>>>>> hand.
>>>>>>>
>>>>>>> This does not have to represent a significant burden to chapters -
>>>>>>> its simply the Foundation saying "Let us know what you're up to so we can
>>>>>>> help you and the community fulfill our mission"  It was *not*intended to be a "Get permission before you do something" principal.  I've
>>>>>>> seen the forms on OCMS and they're not large or painful.  At most 15
>>>>>>> minutes to fill in a web form so that we can get better visibility on OWASP
>>>>>>> events overall was the intent.
>>>>>>>
>>>>>>> The one thing I was trying to avoid by the "single point of truth"
>>>>>>> was a list of events on the conference page (conferences) and a list of
>>>>>>> events on the chapters page (chapter events).  For those who are not inside
>>>>>>> the community, this makes no sense.  Having a "single point of truth"
>>>>>>> allows us to better list, organize (e.g. on the Wiki, geographically, etc),
>>>>>>> and promote OWASP's efforts to bring our message to broader groups.
>>>>>>>
>>>>>>> There will always be contention between centralized and
>>>>>>> de-centralized notions in OWASP.  As long as we stick to our core values
>>>>>>> (e.g. innovation) we can provide the best balance between laissez-faire and
>>>>>>> centralized command.  I see this as, like John Wilander recently pointed
>>>>>>> out, a "tax" on those parties wanting to put on OWASP events.  Its not much
>>>>>>> to pay and it helps drive and inform the overall community so it can
>>>>>>> iteratively get better over time.
>>>>>>>
>>>>>>> --
>>>>>>> -- Matt Tesauro
>>>>>>> OWASP Board Member
>>>>>>> OWASP WTE Project Lead
>>>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>>>> http://AppSecLive.org <http://appseclive.org/> - Community and
>>>>>>> Download site
>>>>>>>
>>>>>>>
>>>>>>>  On Mon, Mar 19, 2012 at 3:29 PM, Seba <seba at owasp.org> wrote:
>>>>>>>
>>>>>>>>  All,
>>>>>>>>
>>>>>>>> As chapters committee member, I am also voting No.
>>>>>>>> There are too many questions / remarks I have with the proposed
>>>>>>>> policy:
>>>>>>>>
>>>>>>>>  Training: not part of the question (leave it up to the education
>>>>>>>> committee)
>>>>>>>>
>>>>>>>> How many chapter have > € 5000 now? Aren't we trying to solve a
>>>>>>>> challenge for the happy few with too many red tape for the upcoming
>>>>>>>> chapters?
>>>>>>>>
>>>>>>>> Why > 10k board approval required?
>>>>>>>>
>>>>>>>> Handbook chapter 4 is guidance, not policy: if we want to make it
>>>>>>>> mandatory we have to add it to the mandatory section
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Don't agree with "Have the responsibility and authority for
>>>>>>>> supporting and managing all chapter meetings": Why?
>>>>>>>>
>>>>>>>> "single point of truth": why?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I don't agree that a chapter who charges a fee for an event = event
>>>>>>>> defacto "managed by the conferences committee"
>>>>>>>>
>>>>>>>> I don't agree with the "single point of truth" for the conference
>>>>>>>> page
>>>>>>>>
>>>>>>>> Why "Global Conferences Committee will take a more active, direct
>>>>>>>> role in the planning the marquee foundation events" : the original issue at
>>>>>>>> hand (lascon) was not about the global appsec events: why this direct role?
>>>>>>>>
>>>>>>>> Why does the conferences committee set the branding rules for all
>>>>>>>> the events?
>>>>>>>>
>>>>>>>> What business & authority does the conference committee have with
>>>>>>>> the chapter budgets?
>>>>>>>>
>>>>>>>> I don't agree with " ■ It is the responsibility of the chapter to
>>>>>>>> plan ahead appropriately to get this budget through the Global Chapters
>>>>>>>> Committee approval process if they intend to use the event to generate
>>>>>>>> chapter revenue" => that would mean each event that e.g. Generates extra
>>>>>>>> chapter sponsoring requires the conferences approval: what are you trying
>>>>>>>> to achieve here?
>>>>>>>>
>>>>>>>> Chapter sponsorship should be explicitly out of this policy: only
>>>>>>>> governed by the chapters committee
>>>>>>>>
>>>>>>>> The split is not clear: 50/50 or policy per type of event (still to
>>>>>>>> be decided?)
>>>>>>>>
>>>>>>>>
>>>>>>>> I don't agree with the top-down management point of view in
>>>>>>>> general: to be scalable our guidance/policies should encourage local
>>>>>>>> responsability and empowerment.
>>>>>>>>
>>>>>>>> --seba
>>>>>>>>
>>>>>>>> On Wed, Mar 14, 2012 at 8:27 PM, Tin Zaw <tin.zaw at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Josh, Mark, and Sarah,
>>>>>>>>>
>>>>>>>>> Thank you for your hard work to come up with the draft.
>>>>>>>>>
>>>>>>>>> I intend to vote No on this as the new policies are not in
>>>>>>>>> agreement
>>>>>>>>> with my philosophy of stronger chapters. In addition, they put much
>>>>>>>>> more burden on the committee members (of both committees).
>>>>>>>>>
>>>>>>>>> I am for stronger, more independent chapters with the board and the
>>>>>>>>> committees providing oversight, not routine management, to prevent
>>>>>>>>> bad
>>>>>>>>> things from happening. The goal for the board and the committees
>>>>>>>>> should not be to approve every decision by chapters.
>>>>>>>>>
>>>>>>>>> There are items in the proposal that I disagree more strongly with,
>>>>>>>>> but at this point, I won't elaborate on it, because my intent on No
>>>>>>>>> vote is based on philosophical standing.
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Mar 13, 2012 at 11:35 AM, Josh Sokol <josh.sokol at owasp.org>
>>>>>>>>> wrote:
>>>>>>>>> > For single-chapter events there would be two "buckets" each with
>>>>>>>>> a target
>>>>>>>>> > amount of the chapter budget.  For multi-chapter events we just
>>>>>>>>> add more
>>>>>>>>> > buckets for the additional chapter budgets.  Once a chapter
>>>>>>>>> bucket is full,
>>>>>>>>> > they stop earning money from the event and the remaining amount
>>>>>>>>> goes to the
>>>>>>>>> > Foundation.  This ensures that the Foundation and the Chapter
>>>>>>>>> earn money
>>>>>>>>> > from the event at an equal rate.  Your example of how the funds
>>>>>>>>> would get
>>>>>>>>> > split is correct.
>>>>>>>>> >
>>>>>>>>> > Budgets are only necessary if a chapter wants to receive money
>>>>>>>>> from an event
>>>>>>>>> > or if they have more than $5,000 in their bank account at the
>>>>>>>>> end of the
>>>>>>>>> > year.  This was requested by the Board in the guiding objective
>>>>>>>>> which states
>>>>>>>>> > "We would like some sort of annual review, requirements, or
>>>>>>>>> rules to address
>>>>>>>>> > the issue of stale chapter funds in excessive amounts" as well
>>>>>>>>> as "We would
>>>>>>>>> > like some periodic recap on funds spent by chapters to help
>>>>>>>>> ensure funds are
>>>>>>>>> > appointed on items aligned with the OWASP Mission".  Yes, this
>>>>>>>>> does add some
>>>>>>>>> > additional operational work for our committee.
>>>>>>>>> >
>>>>>>>>> > ~josh
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > On Tue, Mar 13, 2012 at 1:19 PM, Seba <seba at owasp.org> wrote:
>>>>>>>>> >>
>>>>>>>>> >> can you explain:
>>>>>>>>> >> "Profit will be split 50/50 between the foundation and the
>>>>>>>>> chapter up
>>>>>>>>> >> until the chapter has received an amount equal to the chapter
>>>>>>>>> annual budget
>>>>>>>>> >> amount"
>>>>>>>>> >> My understanding is:
>>>>>>>>> >> if in belgium we have an annual budget of € 10000, and we
>>>>>>>>> organize an
>>>>>>>>> >> event with income resulting in a e.g. € 25000 the split would
>>>>>>>>> be € 15000 to
>>>>>>>>> >> the foundation and €10000 to the chapter?
>>>>>>>>> >>
>>>>>>>>> >> a general remark: it seems we are loading a lot of operational
>>>>>>>>> work on the
>>>>>>>>> >> committee in reviewing local budgets?
>>>>>>>>> >>
>>>>>>>>> >> --seba
>>>>>>>>> >> On Tue, Mar 13, 2012 at 6:11 PM, Josh Sokol <
>>>>>>>>> josh.sokol at owasp.org> wrote:
>>>>>>>>> >>>
>>>>>>>>> >>> Please discuss.  We will be taking this to a committee vote
>>>>>>>>> for approval
>>>>>>>>> >>> at the next Chapter Committee meeting next Monday, March
>>>>>>>>> 19th.  Please be
>>>>>>>>> >>> sure to send me and Sarah your vote before that deadline if
>>>>>>>>> you will be
>>>>>>>>> >>> unable to attend the meeting.  Thank you.
>>>>>>>>> >>>
>>>>>>>>> >>> ~josh
>>>>>>>>> >>>
>>>>>>>>> >>>
>>>>>>>>> >>> On Tue, Mar 13, 2012 at 12:05 PM, Sarah Baso <
>>>>>>>>> sarah.baso at owasp.org>
>>>>>>>>> >>> wrote:
>>>>>>>>> >>>>
>>>>>>>>> >>>> Global Chapters Committee,
>>>>>>>>> >>>>
>>>>>>>>> >>>> (Note: same email send to Conference Committee on separate
>>>>>>>>> thread)
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>> In response to the guiding objectives by the board, the
>>>>>>>>> Conferences and
>>>>>>>>> >>>> Chapter Committee Chairs have worked together to formulate
>>>>>>>>> some policy
>>>>>>>>> >>>> changes that we believe will meet the direction of the board
>>>>>>>>> while allowing
>>>>>>>>> >>>> chapters and the foundation to grow and innovate.  These
>>>>>>>>> points have been
>>>>>>>>> >>>> discussed at length and now we wish to hear your input on the
>>>>>>>>> matter.  We
>>>>>>>>> >>>> have agreed on the outlined plan below and as a result each
>>>>>>>>> of us will not
>>>>>>>>> >>>> make comments here past clarifications to any questions any
>>>>>>>>> of you have to
>>>>>>>>> >>>> the proposed policy.  We would like to cap the debate on this
>>>>>>>>> topic and take
>>>>>>>>> >>>> the following to a committee vote on Monday, March 19th using
>>>>>>>>> a majority
>>>>>>>>> >>>> approval rule for both committees in order to meet the
>>>>>>>>> board's 45 day
>>>>>>>>> >>>> deadline.
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>> The Global Chapters Committee shall:
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Manage all chapter meetings or trainings that do not
>>>>>>>>> charge a fee
>>>>>>>>> >>>> for admission.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Establish an annual budget process for all chapters
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      At the end of each calendar year, a chapter with more
>>>>>>>>> than $5,000
>>>>>>>>> >>>> in it's bank account must submit a budget to be reviewed by
>>>>>>>>> the Global
>>>>>>>>> >>>> Chapters Committee to justify the rollover of any funds
>>>>>>>>> beyond that amount.
>>>>>>>>> >>>> In the event that the chapter does not submit a budget for
>>>>>>>>> the remaining
>>>>>>>>> >>>> funds or if any unbudgeted funds remain after December 31,
>>>>>>>>> the chapter will
>>>>>>>>> >>>> be given one month to determine another OWASP Chapter,
>>>>>>>>> Committee, or Project
>>>>>>>>> >>>> to allocate the unused funds toward.  If no designations are
>>>>>>>>> made before
>>>>>>>>> >>>> February 1, then all unused funds will be transferred to the
>>>>>>>>> OWASP
>>>>>>>>> >>>> Foundation main account.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      Any chapter with more than $10,000 must also obtain
>>>>>>>>> Board
>>>>>>>>> >>>> approval for their annual budget.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Chapters Committee will maintain "official"
>>>>>>>>> budgets on
>>>>>>>>> >>>> the wiki or via google docs where they are accessible to all
>>>>>>>>> OWASP
>>>>>>>>> >>>> participants.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Chapters Committee will update Chapter 4 -
>>>>>>>>> Section 7
>>>>>>>>> >>>> of the Chapter Handbook with the new budget policy.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Establish by June 1st chapter spending guidelines
>>>>>>>>> (These should
>>>>>>>>> >>>> be under Chapter 4 - Section 7.1 of the Chapter Handbook)
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Have the responsibility and authority for supporting
>>>>>>>>> and managing
>>>>>>>>> >>>> all chapter meetings
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Chapter Handbook authored by the Global Chapters
>>>>>>>>> Committee
>>>>>>>>> >>>> shall serve as the single point of truth for all chapter
>>>>>>>>> policies
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Chapters Committee shall set all chapter
>>>>>>>>> policies
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>> The Global Conferences Committee shall:
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Manage all events that charge a fee for admission
>>>>>>>>> (voluntary
>>>>>>>>> >>>> donations exempted) and any free event determined by the
>>>>>>>>> organizer to be a
>>>>>>>>> >>>> conference versus a chapter meeting
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Have the responsibility and authority for supporting
>>>>>>>>> and managing
>>>>>>>>> >>>> all events
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Conferences Committee has the
>>>>>>>>> responsibility for
>>>>>>>>> >>>> procuring and managing centralized assets such as, but not
>>>>>>>>> limited to
>>>>>>>>> >>>> registration tools and financial management tools
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Conferences Committee policy page shall
>>>>>>>>> serve as the
>>>>>>>>> >>>> single point of truth for all event policies
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Conferences Committee shall set all event
>>>>>>>>> policies
>>>>>>>>> >>>> with the exception of the profit sharing policy which
>>>>>>>>> requires the
>>>>>>>>> >>>> concurrence of the majority of the Global Chapters Committee
>>>>>>>>> to be modified.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      The OWASP Event Management System (formerly OCMS) will
>>>>>>>>> serve as
>>>>>>>>> >>>> the single point of truth for OWASP events, AND will provide
>>>>>>>>> functionality
>>>>>>>>> >>>> to track chapter meetings in the next release
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      The Global Conferences Committee will revisit current
>>>>>>>>> event
>>>>>>>>> >>>> definitions and include clear, objective definitions of event
>>>>>>>>> types as well
>>>>>>>>> >>>> as the anticipated support level from the foundation.  These
>>>>>>>>> must be
>>>>>>>>> >>>> approved by June 1st.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      The Global Conferences Committee will take a more
>>>>>>>>> active, direct
>>>>>>>>> >>>> role in the planning the marquee foundation events (currently
>>>>>>>>> defined as
>>>>>>>>> >>>> Global AppSec Events) including having a representative serve
>>>>>>>>> as Chair for
>>>>>>>>> >>>> these events.  (For this, Global Conferences Committee will
>>>>>>>>> require a full
>>>>>>>>> >>>> time support asset to handle the additional event
>>>>>>>>> coordination.  Without
>>>>>>>>> >>>> these additional resources the conferences committee can not
>>>>>>>>> take on this
>>>>>>>>> >>>> added responsibility and will maintain an advisory/oversight
>>>>>>>>> role)
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      Any and all event policies in effect at the time of
>>>>>>>>> event
>>>>>>>>> >>>> approval shall apply to the event without modification unless
>>>>>>>>> a specific
>>>>>>>>> >>>> requirement to do so is set by the Board.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      The Global Conferences Committee will implement a
>>>>>>>>> policy for
>>>>>>>>> >>>> managing all event funds through the foundation
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The OWASP foundation will provide all "seed funds"
>>>>>>>>> needed for
>>>>>>>>> >>>> events up to the approved event budget and beyond with Global
>>>>>>>>> Conferences
>>>>>>>>> >>>> Committee approval
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Conferences Committee shall be responsible
>>>>>>>>> for the
>>>>>>>>> >>>> review, approval and signature of all contracts related to
>>>>>>>>> events
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The Global Conferences Committee may provide an
>>>>>>>>> exception for
>>>>>>>>> >>>> events with extraordinary circumstances
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      Any event using the OWASP brand not using the
>>>>>>>>> Foundation to
>>>>>>>>> >>>> process it's finances will be in violation of OWASP brand
>>>>>>>>> usage rules and
>>>>>>>>> >>>> will be referred to the Board for action
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      The Global Conferences Committee will set the
>>>>>>>>> following branding
>>>>>>>>> >>>> rules except where it is unreasonable to do so
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      All events must use "OWASP" in their title, such as
>>>>>>>>> "OWASP's
>>>>>>>>> >>>> AppSec XYZ"
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      Events may use their own logos so long as they include
>>>>>>>>> the OWASP
>>>>>>>>> >>>> wasp (The Global Conferences Committee will manage logo
>>>>>>>>> approvals), color
>>>>>>>>> >>>> palate is optional
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      The OWASP logo must be present on all
>>>>>>>>> websites/materials, except
>>>>>>>>> >>>> where it is unreasonable to do so
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      A link back to owasp.org must be present on all
>>>>>>>>> >>>> websites/materials except where it is unreasonable to do so
>>>>>>>>> >>>>
>>>>>>>>> >>>> ●      The Global Conferences Committee sets the following
>>>>>>>>> event profit
>>>>>>>>> >>>> sharing model for all events:
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      At the time of approval, the Global Conferences
>>>>>>>>> Committee will
>>>>>>>>> >>>> record the chapter's current annual budget expenditures
>>>>>>>>> (referred to as
>>>>>>>>> >>>> chapter annual budget)
>>>>>>>>> >>>>
>>>>>>>>> >>>>                                           ■Chapters that do
>>>>>>>>> not have
>>>>>>>>> >>>> approved budgets shall have the chapter annual budget value
>>>>>>>>> set to $0
>>>>>>>>> >>>>
>>>>>>>>> >>>>                                           ■It is the
>>>>>>>>> responsibility of
>>>>>>>>> >>>> the chapter to plan ahead appropriately to get this budget
>>>>>>>>> through the
>>>>>>>>> >>>> Global Chapters Committee approval process if they intend to
>>>>>>>>> use the event
>>>>>>>>> >>>> to generate chapter revenue
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      Profits are all monies collected for the event
>>>>>>>>> (regardless of
>>>>>>>>> >>>> source) above the direct expenditures for the event
>>>>>>>>> >>>>
>>>>>>>>> >>>>                                           ■Any membership
>>>>>>>>> registrations
>>>>>>>>> >>>> as result of an event will be handled per Global Membership
>>>>>>>>> Committee policy
>>>>>>>>> >>>> and are not considered in this equation
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      Profit will be split 50/50 between the foundation and
>>>>>>>>> the chapter
>>>>>>>>> >>>> up until the chapter has received an amount equal to the
>>>>>>>>> chapter annual
>>>>>>>>> >>>> budget amount
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      After the chapter has received an amount equal to the
>>>>>>>>> chapter
>>>>>>>>> >>>> annual budget the Foundation shall receive 100% of the
>>>>>>>>> remaining profits.
>>>>>>>>> >>>>
>>>>>>>>> >>>> ○      Any Event Losses shall be the responsibility of the
>>>>>>>>> Foundation
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>> Sarah Baso on behalf of Mark Bristow and Josh Sokol
>>>>>>>>> >>>>
>>>>>>>>> >>>> --
>>>>>>>>> >>>> OWASP Operational Support:
>>>>>>>>> >>>> Conference Logistics & Community Relations
>>>>>>>>> >>>>
>>>>>>>>> >>>> Dir: 312-869-2779
>>>>>>>>> >>>> skype: sarah.baso
>>>>>>>>> >>>>
>>>>>>>>> >>>
>>>>>>>>> >>>
>>>>>>>>> >>> _______________________________________________
>>>>>>>>> >>> Global_chapter_committee mailing list
>>>>>>>>> >>> Global_chapter_committee at lists.owasp.org
>>>>>>>>> >>>
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>>>>>>>> >>>
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > _______________________________________________
>>>>>>>>> > Global_chapter_committee mailing list
>>>>>>>>> > Global_chapter_committee at lists.owasp.org
>>>>>>>>> >
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>>>>>>>> >
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Tin Zaw, CISSP, CSSLP
>>>>>>>>> Chapter Leader and President, OWASP Los Angeles Chapter
>>>>>>>>> Member, OWASP Global Chapter Committee
>>>>>>>>> Google Voice: (213) 973-9295
>>>>>>>>> LinkedIn: http://www.linkedin.com/in/tinzaw
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing list
>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> **
>>>>>>
>>>>>> _______________________________________________
>>>>>> Global_chapter_committee mailing list
>>>>>> Global_chapter_committee at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120321/765ff307/attachment-0001.html>


More information about the Owasp-board mailing list