[Owasp-board] Business Plan outline - project and consulting work

Jim Manico jim.manico at owasp.org
Tue Apr 29 16:53:30 UTC 2014


Sarah,

We are being paid to provide no-warranty open source software. Open 
source licenses cover all of these concerns, except for the business 
competition concern. If this was a "private" project, then I agree we 
have a legal problem. Since this is an open source project for the 
greater community, legal problems about competition are less of a 
problem, I think.

Then again, it depends on the specific deliverable. As long as they are 
all open source related and generic, it's cool, I think.

- Jim

PS: Here is the section Sarah was referring to from 
https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?pli=1

*

 1.

    Legal

     1.

        Liability for services rendered

         1.

            Volunteer Accountability and Liability - The Volunteer
            Protection Act (enacted in 1997) provides general liability
            protection for volunteers when they are acting within the
            scope of their volunteer role/responsibilities for a
            nonprofit entity.  If we move to a model where we are paying
            for work in any capacity, we will need to ensure that our
            current insurance scales to cover them and us.

         2.

            Warranties  of the software - When delivering software and
            especially integrating into another company's
            infrastructure, we will likely need to make warranties about
            the product and disclaimers about operating within the laws
            of the country.

         3.

            Ensuring deliverables - What happens if we break something
            in the company's infrastructure?  Do we have a
            system/personnel in place to fix?

     2.

        Non profit status & tax repercussions - the IRS

         1.

            Commerciality Doctrine - In order to maintain tax exempt
            status a 501(c)(3) must operate primarily for the exempt
            purpose for which it was established.  Courts have taken
            this one step further and said if a public charity is acting
            in a commercial manner, this can jeopardize their status as
            well.

         2.

            Unrelated Business income tax (UBIT)- even if the activity
            of the charity is not a substantial part of it's business
            and is not acting in too commercial of a nature, courts are
            tightening down on ANY income generated commercial activity
            being categorized as UBIT and therefore the nonprofit
            generating the income is subject to paying income tax on
            that income.  (We currently would pay UBIT on advertising
            and merchandise income).

         3.

            Courts have recently had decisions clearly stating that
            consulting services is commercial activity and looks at the
            following items:

             1.

                Is the org selling goods or services to the public - if
                so, there is a presumption that it is operating in a
                commercial manner

             2.

                Is the providing the service/good operating at or below
                cost?

             3.

                Does the organization have employees/contractors
                providing the work or is it being provided by volunteers?

             4.

                What are the hours of operation?

             5. What other forms of income (such as charitable
                contributions) does the organization receive?

*

On 4/29/14, 12:49 PM, Sarah Baso wrote:
> Did you read the brief with my legal concerns?
>
>
> On Tue, Apr 29, 2014 at 9:46 AM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     >  I think we need to have some boundaries on this before we go to
>     town on asking the community for help (undoubtedly we WILL find
>     people willing to help).
>
>     What boundaries? Why can't we find a (paid) technical leader to
>     drive this and then just do it? What part of our bylaws prevents
>     this? I am not trying to put extra work on you Sarah, I'm
>     suggesting that the board hire someone technical to lead this
>     project and help drive the deliverables.
>
>     - Jim
>
>
>     On 4/29/14, 12:06 PM, Sarah Baso wrote:
>>     Jim and Tom -
>>     I haven't gathered feedback from Samantha (or the rest of the
>>     staff) yet as I just finished my draft and wanted to get it over
>>     to you asap.
>>
>>     We can certainly send out to the community - but the issue still
>>     is going to remain on characterization of the funding and how it
>>     will effect our non profit status and infrastructure.
>>
>>     I think we need to have some boundaries on this before we go to
>>     town on asking the community for help (undoubtedly we WILL find
>>     people willing to help).
>>
>>     Sarah
>>
>>
>>     On Mon, Apr 28, 2014 at 6:47 PM, Jim Manico <jim.manico at owasp.org
>>     <mailto:jim.manico at owasp.org>> wrote:
>>
>>         > Q2. Do you have any reservations about a OWASP call for
>>         comment from the community for additional ideas, suggestions
>>         or proposals on this initiative?
>>
>>         +1 Yea the more smart eyeballs on this the better. The board
>>         is comprised of elected show ponies who won popularity
>>         contests, the leaders list has a greater net intelligence.
>>         Can we push this out to leaders and see if anyone has the
>>         desire (and proper resume) to help lead this?
>>
>>         My take is, this is serious open source funding. We could
>>         hire someone to lead this project (hire tech resources, get
>>         deliverables done). It will help seriously boost a few OWASP
>>         projects. I realize this is DHS and that might be a sour to
>>         some of our community. But so long as everything we do is
>>         open source, I'm pretty flexible about who funds it. My 2 center
>>
>>         Regards,
>>         - Jim
>>
>>
>>
>>>
>>>         Thank you for putting this together.
>>>
>>>         Tom Brennan
>>>         9732020122 <tel:9732020122>
>>>
>>>         On Apr 28, 2014, at 9:03 PM, Sarah Baso
>>>         <sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>> wrote:
>>>
>>>>         All -
>>>>
>>>>         Here is the (brief) business plan I put together on the
>>>>         project and consulting work such as that being requested by
>>>>         DHS Swamp.  Admittedly, I stopped with with the details on
>>>>         what rolling out a plan would like this would look like
>>>>         after doing some initial research on the legal and tax
>>>>         repercussions for us.  Additionally, I don't think this
>>>>         exact model is in alignment with the charity work we are
>>>>         trying to accomplish.
>>>>
>>>>         This is not to say we shouldn't look for funding
>>>>         opportunities to develop our projects - but i don't think
>>>>         this model is the right one for us.
>>>>
>>>>         https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>>>
>>>>         I look forward to hearing your thoughts.
>>>>
>>>>         Sarah Baso
>>>>         -- 
>>>>         Executive Director
>>>>         OWASP Foundation
>>>>
>>>>         sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>         +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>         Owasp-board mailing list
>>>>         Owasp-board at lists.owasp.org
>>>>         <mailto:Owasp-board at lists.owasp.org>
>>>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>         WARNING: E-mail transmission cannot be guaranteed to be
>>>         secure or error-free as information could be intercepted,
>>>         corrupted, lost, destroyed, arrive late or incomplete, or
>>>         contain viruses. The sender therefore does not accept
>>>         liability for any errors or omissions in the contents of
>>>         this message, which arise as a result of e-mail
>>>         transmission. No employee or agent is authorized to conclude
>>>         any binding agreement on behalf of proactiveRISK with
>>>         another party by email.
>>>
>>>
>>>
>>>         _______________________________________________
>>>         Owasp-board mailing list
>>>         Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>     -- 
>>     Executive Director
>>     OWASP Foundation
>>
>>     sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>     +1.312.869.2779 <tel:%2B1.312.869.2779>
>>
>>
>>
>>
>
>
>
>
> -- 
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> +1.312.869.2779
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140429/0ccad547/attachment-0001.html>


More information about the Owasp-board mailing list