[Owasp-board] Grant Spending and Funding Policy

Josh Sokol josh.sokol at owasp.org
Thu Oct 31 19:47:24 UTC 2013


So, to be clear, as an OWASP project leader, if I apply for grant money,
it's really the Foundation and not me applying for the grant money.  The
grant then goes to the Foundation and the Foundation then plays mediator
between me (and my milestones) and the granting party.  As the middle-man,
the Foundation is now liable not only for the deliverables, but also the
grant payments, justifications, etc.

Just to play devils advocate here, this seems like a liability that we
don't necessarily have to take on.  We can assist project leaders with
their grants without being the grantee.  The grantor can hold them
personally liable for deliverables, rather than the Foundation.  Seems like
we could easily mitigate some risk here by playing more of an "advisor"
role in this process rather than owning it.  And from the project leader's
point-of-view we'd be adding value back to them without controlling them.
Is it possible to have OWASP Projects without having OWASP own the projects?

~josh


On Thu, Oct 31, 2013 at 2:00 PM, Samantha Groves
<samantha.groves at owasp.org>wrote:

> Hello Josh,
>
> Great question. It is important for the foundation to review and approve
> all grant proposals as the proposal will be submitted on behalf of the
> foundation. This will make us liable for the deliverable promised in the
> proposal. As I am the person responsible for project grants, I will need to
> review and approve the proposals.
>
> I can certainly put together a document that outlines the benefits of
> running an OWASP Project, as well.
>
>
> On Thu, Oct 31, 2013 at 11:51 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> I'm not saying it's a bad idea, but what is the purpose of #1 (requiring
>> the project managers approval)?  Is this so that OWASP can capture the
>> money up-front?  So OWASP controls the branding?  The interactions with the
>> grant agency?  As a leader of an open-source project myself, I've
>> questioned the value of moving it under the OWASP umbrella mostly because I
>> want to maintain control over my project.  With requirements like these, I
>> start to question the value-add vs overhead of running an "OWASP Project".
>> Would it make sense to also either include in this document or create a new
>> one to address all of the positive aspects of becoming an OWASP project?  I
>> think Samantha told me that there's assistance in obtaining grant money.
>> That seems positive.  What else?  Any place we put restrictions on people
>> we should be also calling out the benefits that come along with those.
>>
>> ~josh
>>
>>
>> On Wed, Oct 30, 2013 at 4:43 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>>> Board members -
>>>
>>> Samantha, along with the feedback from the rest of the staff, put
>>> together some operational guidelines for grant spending:
>>>
>>> https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>>>
>>> These guidelines provide clear expectations of how grant awarded funds
>>> are to be managed and spent by all OWASP Projects. In addition to being an
>>> important piece in management of funds, the IRS asks about the
>>> organization's procedures for monitoring the use of grants (especially
>>> outside of the US).
>>>
>>> I have added the link to this document to the Governance page as well
>>> https://owasp.org/index.php/Governance.
>>>
>>> Finally, the staff is working on developing instructions that will
>>> assist the community on requesting funds from the foundation more broadly
>>> since I know this is a current point of confusion (and we want it to be
>>> easy and clear to everyone).  So, stay tuned for that piece!
>>>
>>> Regards,
>>> Sarah Baso
>>>
>>> --
>>> Executive Director
>>> OWASP Foundation
>>>
>>> sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
>
> *Samantha Groves, MBA*****
>
> *OWASP Projects Manager*
>
> *
> *
>
> The OWASP Foundation
>
> Phoenix, USA
>
> Email: samantha.groves at owasp.org
>
> Skype: samanthahz
>
>
> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>
> Book a Meeting with Me <http://goo.gl/mZXdZ>
>
> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>
> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131031/813f1f4a/attachment.html>


More information about the Owasp-board mailing list