[Owasp-board] Grant Spending and Funding Policy

Dennis Groves dennis.groves at owasp.org
Thu Oct 31 22:47:05 UTC 2013


Josh,

I really like the way you think. At the end of the day - your position as a board member it is about service to the OWASP foundation.  So I think it is good that you are questioning risk to the organization.  So let me address this from two other directions. 

First, OWASP’s brand is world famous at this point. We have references in more than 85 government standards around the world. OWASP is now 13 years old and a growing community in one of the most visible areas of technology. This is why OWASP is able to get grants. Individuals and their projects will never be given grants - they simply do not have a track record, credibility nor the reputation. So this is a *benefit* that OWASP can offer project leaders for bringing their projects under the OWASP umbrella of projects. Indeed, AppSensor was one of two recipients of DHS grant money this year. So I personally, have been through the process. This brings me to my second point.

OWASP doesn’t dictate anything (Do you think they should?). AppSensor had to apply as a project for the grant. The project leaders put in a lot of hard work, with the foundation to complete the grant proposal and have it submitted by the deadline. So both parties definitely work on what we ‘get out of the deal.’  Now, obviously, OWASP is at risk that we complete our project, but then - we are likely also at risk personally as parties to the contract both to OWASP and DHS. But in our case - we are not worried about this since the grant is for completing a project we had well under way and we were going to do this anyhow. The money will only make the end result have a much wider impact than we would have otherwise had…



Cheers,

Dennis 


On Oct 31, 2013, at 12:55 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Tobias,
> 
> There are definitely benefits, no doubt.  And you're right that it likely increases your chances of selection as well.  My concerns are really two-fold: 1) What liabilities do we, as a Foundation, take on by doing this and 2) What is the perception by the project leader agreeing to this.  Personally, I'd like to think of this more like a contract where we spell out what both parties get out of the deal rather than OWASP simply dictating terms to a project leader.  Does that make sense?
> 
> ~josh
> 
> 
> On Thu, Oct 31, 2013 at 2:49 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> Hi Samantha and Josh. 
> btw. the fact that the grant application will be submitted on behalf of the organisation is another advantage of doing this through OWASP. At least with European grants it increases your chance of success. Plus we might have some basic organisation documentation on hand from previous applications. 
> 
> I am not sure whether we need to spell out the advantages on the very same page. A link to like "here are the benefits of submitting via OWASP" on the page might also be sufficient. 
> 
> Cheers. Tobias
> 
> 
> 
> On 31/10/13 19:00, Samantha Groves wrote:
>> Hello Josh, 
>> 
>> Great question. It is important for the foundation to review and approve all grant proposals as the proposal will be submitted on behalf of the foundation. This will make us liable for the deliverable promised in the proposal. As I am the person responsible for project grants, I will need to review and approve the proposals. 
>> 
>> I can certainly put together a document that outlines the benefits of running an OWASP Project, as well. 
>> 
>> 
>> On Thu, Oct 31, 2013 at 11:51 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> I'm not saying it's a bad idea, but what is the purpose of #1 (requiring the project managers approval)?  Is this so that OWASP can capture the money up-front?  So OWASP controls the branding?  The interactions with the grant agency?  As a leader of an open-source project myself, I've questioned the value of moving it under the OWASP umbrella mostly because I want to maintain control over my project.  With requirements like these, I start to question the value-add vs overhead of running an "OWASP Project".  Would it make sense to also either include in this document or create a new one to address all of the positive aspects of becoming an OWASP project?  I think Samantha told me that there's assistance in obtaining grant money.  That                 seems positive.  What else?  Any place we put restrictions on people we should be also calling out the benefits that come along with those.  
>> 
>> ~josh
>> 
>> 
>> On Wed, Oct 30, 2013 at 4:43 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>> Board members -
>> 
>> Samantha, along with the feedback from the rest of the staff, put together some operational guidelines for grant spending:
>>  https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>> 
>> These
>>                               guidelines provide clear expectations of
>>                               how grant awarded funds are to be managed
>>                               and spent by all OWASP Projects. In
>>                               addition to being an important piece in
>>                               management of funds, the IRS asks about
>>                               the organization's procedures for
>>                               monitoring the use of grants (especially
>>                               outside of the US).
>> 
>> 
>>                             
>> I have added
>>                               the link to this document to the
>>                               Governance page as well https://owasp.org/index.php/Governance.
>> 
>> Finally, the staff is working on developing instructions that will assist the community on requesting funds from the foundation more broadly since I know this is a current point of confusion (and we want it to be easy and clear to everyone).  So, stay tuned for that piece!
>> 
>> Regards,
>> Sarah Baso
>> 
>> -- 
>> Executive Director
>> OWASP Foundation
>> 
>> sarah.baso at owasp.org
>> +1.312.869.2779
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> 
>> 
>> -- 
>> Samantha Groves, MBA
>> OWASP Projects Manager
>> 
>> The OWASP Foundation
>> Phoenix, USA
>> Email: samantha.groves at owasp.org
>> Skype: samanthahz 
>> 
>> OWASP Global Projects
>> Book a Meeting with Me
>> OWASP Contact US Form
>> New Project Application Form
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131031/43de5071/attachment.html>


More information about the Owasp-board mailing list