[Owasp-board] Business Plan outline - project and consulting work

Jim Manico jim.manico at owasp.org
Tue Apr 29 18:28:47 UTC 2014


Easy killer, I was just asking. I am cool with following your advice and
taking a more measured approach.

--
Jim Manico
@Manicode
(808) 652-3805

On Apr 29, 2014, at 12:55 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

That's fine - you aren't paying me to be your attorney or give you legal
advice and clearly the board and org hasn't been concerned with the legal
or tax ramifications of actions in the past.

You can go ahead and put this out to the community, but it isn't something
I stand behind as a wise business decision at this point.

Sarah


On Tue, Apr 29, 2014 at 9:53 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  Sarah,
>
> We are being paid to provide no-warranty open source software. Open source
> licenses cover all of these concerns, except for the business competition
> concern. If this was a "private" project, then I agree we have a legal
> problem. Since this is an open source project for the greater community,
> legal problems about competition are less of a problem, I think.
>
> Then again, it depends on the specific deliverable. As long as they are
> all open source related and generic, it's cool, I think.
>
> - Jim
>
> PS: Here is the section Sarah was referring to from
> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?pli=1
>
>
>
> * 1. Legal 1. Liability for services rendered 1. Volunteer Accountability
> and Liability - The Volunteer Protection Act (enacted in 1997) provides
> general liability protection for volunteers when they are acting within the
> scope of their volunteer role/responsibilities for a nonprofit entity.  If
> we move to a model where we are paying for work in any capacity, we will
> need to ensure that our current insurance scales to cover them and us. 2.
> Warranties  of the software - When delivering software and especially
> integrating into another company’s infrastructure, we will likely need to
> make warranties about the product and disclaimers about operating within
> the laws of the country. 3. Ensuring deliverables - What happens if we
> break something in the company’s infrastructure?  Do we have a
> system/personnel in place to fix? 2. Non profit status & tax repercussions
> - the IRS 1. Commerciality Doctrine - In order to maintain tax exempt
> status a 501(c)(3) must operate primarily for the exempt purpose for which
> it was established.  Courts have taken this one step further and said if a
> public charity is acting in a commercial manner, this can jeopardize their
> status as well.   2. Unrelated Business income tax (UBIT)- even if the
> activity of the charity is not a substantial part of it’s business and is
> not acting in too commercial of a nature, courts are tightening down on ANY
> income generated commercial activity being categorized as UBIT and
> therefore the nonprofit generating the income is subject to paying income
> tax on that income.  (We currently would pay UBIT on advertising and
> merchandise income). 3. Courts have recently had decisions clearly stating
> that consulting services is commercial activity and looks at the following
> items: 1. Is the org selling goods or services to the public - if so, there
> is a presumption that it is operating in a commercial manner 2. Is the
> providing the service/good operating at or below cost? 3. Does the
> organization have employees/contractors providing the work or is it being
> provided by volunteers? 4. What are the hours of operation? 5. What other
> forms of income (such as charitable contributions) does the organization
> receive? *
>
>
> On 4/29/14, 12:49 PM, Sarah Baso wrote:
>
> Did you read the brief with my legal concerns?
>
>
> On Tue, Apr 29, 2014 at 9:46 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  >  I think we need to have some boundaries on this before we go to town
>> on asking the community for help (undoubtedly we WILL find people willing
>> to help).
>>
>>  What boundaries? Why can't we find a (paid) technical leader to drive
>> this and then just do it? What part of our bylaws prevents this? I am not
>> trying to put extra work on you Sarah, I'm suggesting that the board hire
>> someone technical to lead this project and help drive the deliverables.
>>
>> - Jim
>>
>>
>> On 4/29/14, 12:06 PM, Sarah Baso wrote:
>>
>> Jim and Tom -
>> I haven't gathered feedback from Samantha (or the rest of the staff) yet
>> as I just finished my draft and wanted to get it over to you asap.
>>
>>  We can certainly send out to the community - but the issue still is
>> going to remain on characterization of the funding and how it will effect
>> our non profit status and infrastructure.
>>
>>  I think we need to have some boundaries on this before we go to town on
>> asking the community for help (undoubtedly we WILL find people willing to
>> help).
>>
>> Sarah
>>
>>
>> On Mon, Apr 28, 2014 at 6:47 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>>  > Q2. Do you have any reservations about a OWASP call for comment from
>>> the community for additional ideas, suggestions or proposals on this
>>> initiative?
>>>
>>>  +1 Yea the more smart eyeballs on this the better. The board is
>>> comprised of elected show ponies who won popularity contests, the leaders
>>> list has a greater net intelligence. Can we push this out to leaders and
>>> see if anyone has the desire (and proper resume) to help lead this?
>>>
>>> My take is, this is serious open source funding. We could hire someone
>>> to lead this project (hire tech resources, get deliverables done). It will
>>> help seriously boost a few OWASP projects. I realize this is DHS and that
>>> might be a sour to some of our community. But so long as everything we do
>>> is open source, I'm pretty flexible about who funds it. My 2 center
>>>
>>> Regards,
>>> - Jim
>>>
>>>
>>>
>>>
>>>  Thank you for putting this together.
>>>
>>> Tom Brennan
>>> 9732020122
>>>
>>> On Apr 28, 2014, at 9:03 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>>
>>>   All -
>>>
>>>  Here is the (brief) business plan I put together on the project and
>>> consulting work such as that being requested by DHS Swamp.  Admittedly, I
>>> stopped with with the details on what rolling out a plan would like this
>>> would look like after doing some initial research on the legal and tax
>>> repercussions for us.  Additionally, I don't think this exact model is in
>>> alignment with the charity work we are trying to accomplish.
>>>
>>>  This is not to say we shouldn't look for funding opportunities to
>>> develop our projects - but i don't think this model is the right one for us.
>>>
>>>
>>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>>
>>>  I look forward to hearing your thoughts.
>>>
>>> Sarah Baso
>>> --
>>>  Executive Director
>>> OWASP Foundation
>>>
>>>  sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>> not accept liability for any errors or omissions in the contents of this
>>> message, which arise as a result of e-mail transmission. No employee or
>>> agent is authorized to conclude any binding agreement on behalf of
>>> proactiveRISK with another party by email.
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>
>>
>>  --
>>  Executive Director
>> OWASP Foundation
>>
>>  sarah.baso at owasp.org
>> +1.312.869.2779
>>
>>
>>
>>
>>
>>
>
>
>  --
>  Executive Director
> OWASP Foundation
>
>  sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140429/4edd767b/attachment-0001.html>


More information about the Owasp-board mailing list