[Owasp-board] Grant Spending and Funding Policy

Tobias tobias.gondrom at owasp.org
Thu Oct 31 19:55:25 UTC 2013


Josh,

I think there are two cases:
1. OWASP is the main submitter (which may increase the chances of
getting the grant)
2. any company or group of companies can always apply for grants
themselves and donate any resulting IP to OWASP - if it is allowed by
the terms of the grant. In which case OWASP would not interfere and the
submitting party would have to manage all the expense accounting with
the granting body directly on their own.

In my view both scenarios work. But for #2 we need no documentation.
Btw. I had the "fun" of doing some grant projects in the past and the
application, accounting and paperwork was a medium sized pain in
the..... ;-)

Cheers, Tobias



On 31/10/13 19:47, Josh Sokol wrote:
> So, to be clear, as an OWASP project leader, if I apply for grant
> money, it's really the Foundation and not me applying for the grant
> money.  The grant then goes to the Foundation and the Foundation then
> plays mediator between me (and my milestones) and the granting party. 
> As the middle-man, the Foundation is now liable not only for the
> deliverables, but also the grant payments, justifications, etc.
>
> Just to play devils advocate here, this seems like a liability that we
> don't necessarily have to take on.  We can assist project leaders with
> their grants without being the grantee.  The grantor can hold them
> personally liable for deliverables, rather than the Foundation.  Seems
> like we could easily mitigate some risk here by playing more of an
> "advisor" role in this process rather than owning it.  And from the
> project leader's point-of-view we'd be adding value back to them
> without controlling them.  Is it possible to have OWASP Projects
> without having OWASP own the projects?
>
> ~josh
>
>
> On Thu, Oct 31, 2013 at 2:00 PM, Samantha Groves
> <samantha.groves at owasp.org <mailto:samantha.groves at owasp.org>> wrote:
>
>     Hello Josh, 
>
>     Great question. It is important for the foundation to review and
>     approve all grant proposals as the proposal will be submitted on
>     behalf of the foundation. This will make us liable for the
>     deliverable promised in the proposal. As I am the person
>     responsible for project grants, I will need to review and approve
>     the proposals. 
>
>     I can certainly put together a document that outlines the benefits
>     of running an OWASP Project, as well. 
>
>
>     On Thu, Oct 31, 2013 at 11:51 AM, Josh Sokol <josh.sokol at owasp.org
>     <mailto:josh.sokol at owasp.org>> wrote:
>
>         I'm not saying it's a bad idea, but what is the purpose of #1
>         (requiring the project managers approval)?  Is this so that
>         OWASP can capture the money up-front?  So OWASP controls the
>         branding?  The interactions with the grant agency?  As a
>         leader of an open-source project myself, I've questioned the
>         value of moving it under the OWASP umbrella mostly because I
>         want to maintain control over my project.  With requirements
>         like these, I start to question the value-add vs overhead of
>         running an "OWASP Project".  Would it make sense to also
>         either include in this document or create a new one to address
>         all of the positive aspects of becoming an OWASP project?  I
>         think Samantha told me that there's assistance in obtaining
>         grant money.  That seems positive.  What else?  Any place we
>         put restrictions on people we should be also calling out the
>         benefits that come along with those. 
>
>         ~josh
>
>
>         On Wed, Oct 30, 2013 at 4:43 PM, Sarah Baso
>         <sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>> wrote:
>
>             Board members -
>
>             Samantha, along with the feedback from the rest of the
>             staff, put together some operational guidelines for grant
>             spending:
>              https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>
>             These guidelines provide clear expectations of how grant
>             awarded funds are to be managed and spent by all OWASP
>             Projects. In addition to being an important piece in
>             management of funds, the IRS asks about the organization's
>             procedures for monitoring the use of grants (especially
>             outside of the US).
>
>             I have added the link to this document to the Governance
>             page as well https://owasp.org/index.php/Governance.
>
>             Finally, the staff is working on developing instructions
>             that will assist the community on requesting funds from
>             the foundation more broadly since I know this is a current
>             point of confusion (and we want it to be easy and clear to
>             everyone).  So, stay tuned for that piece!
>
>             Regards,
>             Sarah Baso
>
>             -- 
>             Executive Director
>             OWASP Foundation
>
>             sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>             +1.312.869.2779 <tel:%2B1.312.869.2779>
>
>
>
>
>
>             _______________________________________________
>             Owasp-board mailing list
>             Owasp-board at lists.owasp.org
>             <mailto:Owasp-board at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
>     -- 
>
>     *Samantha Groves, MBA*
>
>     /OWASP Projects Manager/
>
>     /
>     /
>
>     The OWASP Foundation
>
>     Phoenix, USA
>
>     Email: samantha.groves at owasp.org <mailto:samantha.groves at owasp.org>
>
>     Skype: samanthahz 
>
>
>     OWASP Global Projects
>     <https://www.owasp.org/index.php/Category:OWASP_Project>
>
>     Book a Meeting with Me <http://goo.gl/mZXdZ>
>
>     OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>
>     New Project Application Form
>     <https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131031/267accfd/attachment.html>


More information about the Owasp-board mailing list