[Owasp-board] Business Plan outline - project and consulting work

Josh Sokol josh.sokol at owasp.org
Tue Apr 29 21:02:22 UTC 2014


My understanding is that a large part of the reason why the Board is paying
you like they are and gave you the pay raise that they did is because of
your legal expertise.  In short, my understanding is that your legal
background is a large part of the reason why you were selected for the ED
position and in a sense we are, in fact, paying you to guide the
organization based on your legal expertise.  I don't think anyone expects
you to practice law in an area that you're not licensed to do so, but
saying that we aren't paying you to give legal advice is a bit of a stretch.

~josh


On Tue, Apr 29, 2014 at 11:55 AM, Sarah Baso <sarah.baso at owasp.org> wrote:

> That's fine - you aren't paying me to be your attorney or give you legal
> advice and clearly the board and org hasn't been concerned with the legal
> or tax ramifications of actions in the past.
>
> You can go ahead and put this out to the community, but it isn't something
> I stand behind as a wise business decision at this point.
>
> Sarah
>
>
> On Tue, Apr 29, 2014 at 9:53 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  Sarah,
>>
>> We are being paid to provide no-warranty open source software. Open
>> source licenses cover all of these concerns, except for the business
>> competition concern. If this was a "private" project, then I agree we have
>> a legal problem. Since this is an open source project for the greater
>> community, legal problems about competition are less of a problem, I think.
>>
>> Then again, it depends on the specific deliverable. As long as they are
>> all open source related and generic, it's cool, I think.
>>
>> - Jim
>>
>> PS: Here is the section Sarah was referring to from
>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?pli=1
>>
>>
>>
>> * 1. Legal 1. Liability for services rendered 1. Volunteer Accountability
>> and Liability - The Volunteer Protection Act (enacted in 1997) provides
>> general liability protection for volunteers when they are acting within the
>> scope of their volunteer role/responsibilities for a nonprofit entity.  If
>> we move to a model where we are paying for work in any capacity, we will
>> need to ensure that our current insurance scales to cover them and us. 2.
>> Warranties  of the software - When delivering software and especially
>> integrating into another company’s infrastructure, we will likely need to
>> make warranties about the product and disclaimers about operating within
>> the laws of the country. 3. Ensuring deliverables - What happens if we
>> break something in the company’s infrastructure?  Do we have a
>> system/personnel in place to fix? 2. Non profit status & tax repercussions
>> - the IRS 1. Commerciality Doctrine - In order to maintain tax exempt
>> status a 501(c)(3) must operate primarily for the exempt purpose for which
>> it was established.  Courts have taken this one step further and said if a
>> public charity is acting in a commercial manner, this can jeopardize their
>> status as well.   2. Unrelated Business income tax (UBIT)- even if the
>> activity of the charity is not a substantial part of it’s business and is
>> not acting in too commercial of a nature, courts are tightening down on ANY
>> income generated commercial activity being categorized as UBIT and
>> therefore the nonprofit generating the income is subject to paying income
>> tax on that income.  (We currently would pay UBIT on advertising and
>> merchandise income). 3. Courts have recently had decisions clearly stating
>> that consulting services is commercial activity and looks at the following
>> items: 1. Is the org selling goods or services to the public - if so, there
>> is a presumption that it is operating in a commercial manner 2. Is the
>> providing the service/good operating at or below cost? 3. Does the
>> organization have employees/contractors providing the work or is it being
>> provided by volunteers? 4. What are the hours of operation? 5. What other
>> forms of income (such as charitable contributions) does the organization
>> receive? *
>>
>>
>> On 4/29/14, 12:49 PM, Sarah Baso wrote:
>>
>> Did you read the brief with my legal concerns?
>>
>>
>> On Tue, Apr 29, 2014 at 9:46 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>>  >  I think we need to have some boundaries on this before we go to
>>> town on asking the community for help (undoubtedly we WILL find people
>>> willing to help).
>>>
>>>  What boundaries? Why can't we find a (paid) technical leader to drive
>>> this and then just do it? What part of our bylaws prevents this? I am not
>>> trying to put extra work on you Sarah, I'm suggesting that the board hire
>>> someone technical to lead this project and help drive the deliverables.
>>>
>>> - Jim
>>>
>>>
>>> On 4/29/14, 12:06 PM, Sarah Baso wrote:
>>>
>>> Jim and Tom -
>>> I haven't gathered feedback from Samantha (or the rest of the staff) yet
>>> as I just finished my draft and wanted to get it over to you asap.
>>>
>>>  We can certainly send out to the community - but the issue still is
>>> going to remain on characterization of the funding and how it will effect
>>> our non profit status and infrastructure.
>>>
>>>  I think we need to have some boundaries on this before we go to town
>>> on asking the community for help (undoubtedly we WILL find people willing
>>> to help).
>>>
>>> Sarah
>>>
>>>
>>> On Mon, Apr 28, 2014 at 6:47 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>
>>>>  > Q2. Do you have any reservations about a OWASP call for comment
>>>> from the community for additional ideas, suggestions or proposals on this
>>>> initiative?
>>>>
>>>>  +1 Yea the more smart eyeballs on this the better. The board is
>>>> comprised of elected show ponies who won popularity contests, the leaders
>>>> list has a greater net intelligence. Can we push this out to leaders and
>>>> see if anyone has the desire (and proper resume) to help lead this?
>>>>
>>>> My take is, this is serious open source funding. We could hire someone
>>>> to lead this project (hire tech resources, get deliverables done). It will
>>>> help seriously boost a few OWASP projects. I realize this is DHS and that
>>>> might be a sour to some of our community. But so long as everything we do
>>>> is open source, I'm pretty flexible about who funds it. My 2 center
>>>>
>>>> Regards,
>>>> - Jim
>>>>
>>>>
>>>>
>>>>
>>>>  Thank you for putting this together.
>>>>
>>>> Tom Brennan
>>>> 9732020122
>>>>
>>>> On Apr 28, 2014, at 9:03 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>>>
>>>>   All -
>>>>
>>>>  Here is the (brief) business plan I put together on the project and
>>>> consulting work such as that being requested by DHS Swamp.  Admittedly, I
>>>> stopped with with the details on what rolling out a plan would like this
>>>> would look like after doing some initial research on the legal and tax
>>>> repercussions for us.  Additionally, I don't think this exact model is in
>>>> alignment with the charity work we are trying to accomplish.
>>>>
>>>>  This is not to say we shouldn't look for funding opportunities to
>>>> develop our projects - but i don't think this model is the right one for us.
>>>>
>>>>
>>>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>>>
>>>>  I look forward to hearing your thoughts.
>>>>
>>>> Sarah Baso
>>>> --
>>>>  Executive Director
>>>> OWASP Foundation
>>>>
>>>>  sarah.baso at owasp.org
>>>> +1.312.869.2779
>>>>
>>>>
>>>>
>>>>
>>>>     _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>>> not accept liability for any errors or omissions in the contents of this
>>>> message, which arise as a result of e-mail transmission. No employee
>>>> or agent is authorized to conclude any binding agreement on behalf of
>>>> proactiveRISK with another party by email.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>>
>>>
>>>
>>>  --
>>>  Executive Director
>>> OWASP Foundation
>>>
>>>  sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>  --
>>  Executive Director
>> OWASP Foundation
>>
>>  sarah.baso at owasp.org
>> +1.312.869.2779
>>
>>
>>
>>
>>
>>
>
>
> --
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140429/ff14af18/attachment-0001.html>


More information about the Owasp-board mailing list