[Owasp-board] Update to Bylaws

Sarah Baso sarah.baso at owasp.org
Wed Mar 26 19:58:27 UTC 2014


+1

> On Mar 26, 2014, at 12:53 PM, GK Southwick <genevieve.southwick at owasp.org> wrote:
> 
> After following this further down the rabbit hole, I'm in agreement with Josh. The bylaws shouldn't state anything about the Community Manager's involvement, but the Chapter Leader's Handbook should certainly have a section on Conflict Resolution that involves the Community Manager. As I mentioned in my introductory email yesterday afternoon: 
> Chapter/member disputes. One of my many hats here at OWASP is mediation. If an issue arises in your Chapter, that you feel needs to be brought to the attention of the Foundation, please bring it to me first. I should, by default, be informed of any issues that require the attention of anyone outside of your immediate chapter, so that I may assist with intervention and determine if it needs to be escalated further up the chain of command. If I am unable to mediate to the satisfaction of all parties involved, I will gladly assist in bringing the matter to the Board of Directors and step out of the process, so that they can make the case determination.
> 
> This does not mean that the Community Manager should be mentioned in the bylaws. As Josh mentioned, if it's gotten so far that the Board needs to be involved, the matter should already have been brought to my attention by the Chapter Leader prior to that. Now that I understand the distinction that Josh is making there, I'm in complete agreement.
> 
> I will handle mediation of Chapter issues, prior to them being brought to the attention of the BoD - in fact, I'll bring them to the BoD myself, if an amicable resolution can't be reached, but my involvement should be addressed in the Chapter Handbook Rules & Regs. Not the Foundation Bylaws.
> 
> -= GK
> 
> Community Manager
> OWASP Foundation
> 
> gksouthwick at owasp.org
> +01.415.742.2342
> 
> 
> 
>> On Wed, Mar 26, 2014 at 1:42 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> Fabio,
>> 
>> I'm not sure we have the same vision as to what the OWASP Community Manager role is.  If they are engaged with the community, as they should be, then they should already be aware of any issues.  If an issue escalates to the point where a leader is revoking someone from participating, then we have clearly moved beyond the issue resolution phase and into the action justification phase.  The Chapter Leader Handbook would be an ideal place to talk about your process for issue resolution, including escalation to the Community Manager, but I disagree that the Community Manager should be fielding appeals for revocation as they would have already been biased by the issue resolution that took place beforehand.  It's like saying "I couldn't help fix the problem so I'm just going to decide to kick you out and I don't really feel like I was wrong therefore I won't raise the issue with the Board."  Does that make sense?  
>> 
>> This Bylaw change was only meant to grant leaders the ability to revoke and provide a path for appeal.  I don't think that we need to put a whole dispute resolution process into the Bylaw item.
>> 
>> ~josh
>> 
>> 
>>> On Wed, Mar 26, 2014 at 11:54 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>> Josh,
>>> 
>>> I don't want to be a pain and really appreciate your efforts in drafting this doc.
>>> 
>>> My only intent is to clarify the Global Board role and establish a clear escalation path through the Community Manager.
>>> 
>>> Here goes an updated wording.. please feel free to modify it at will:
>>> 
>>> SECTION 4.07  Participation. Participation in OWASP activities (conferences, meetings, mailings lists, projects, etc) does not require membership, but is subject to adherence to the OWASP Code of Ethics, and OWASP leaders may revoke the privilege of participation to those who choose not to abide by that code.  Notification of such a revocation must be made to the individual in writing, with the OWASP Community Manager CC’d for inclusion in the Foundation records.  If an individual believes that this revocation is unjustified, then they have the option to appeal the decision by notifying the OWASP Community Manager in writing within 14 days of the original notification. If there is enough evidence that this revocation was unjustified, then the Community Manager could raise the issue with the OWASP Global Board of Directors for review at the next Global Board meeting.
>>> 
>>> By doing so, the Global Board avoids getting involved in matters that could be resolved by the Community Manager.
>>> 
>>> Any questions, just let me know.
>>> 
>>> Regards
>>> Fabio
>>> 
>>> 
>>>> On Tue, Mar 25, 2014 at 2:25 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>> Fabio,
>>>> 
>>>> Yes, the community manager needs to be engaged at the community level to work with our leaders to make sure it doesn't get to this point.  They should not, however, be responsible for appeals if someone feels they have been wrongly excluded.  This puts our representative for community engagement in a position of potential conflict with members of our community.  That said, I volunteered to put together wording of the Bylaws based on what was discussed at the Board meeting which I supported.  If you or Tom would like to propose a different wording in a votable format, then I would be happy to consider that as an alternative.  I do feel that we need to finish this off sooner rather than later though as I have had at least one Chapter leader ask me if it had been finalized yet as this is a priority for them.
>>>> 
>>>> ~josh
>>>> 
>>>>> On Mar 24, 2014 9:00 AM, "Fabio Cerullo" <fcerullo at owasp.org> wrote:
>>>>> Josh,
>>>>> 
>>>>> I like the escalation process suggested by Tom. 
>>>>> 
>>>>> If an issue arises in the community, it has to be handled by the Community Manager first, and then as a last resource by the Board.
>>>>> 
>>>>> One of the CM main responsibilities is: to serve as the single point of contact for OWASP Chapter related questions, issues, and volunteerism.
>>>>> 
>>>>> Maybe we could amend the wording in the bylaws to include this escalation process?
>>>>> 
>>>>> Thanks
>>>>> Fabio
>>>>> 
>>>>> 
>>>>>> On Mon, Mar 24, 2014 at 1:50 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>> Ok I second your motion and your notion, Josh.  Sorry, been listening to Smokey Robinson. It could have been worse, I could have said something like "If you feel like loving me, if you have the notion, I'll second that emotion" but decided against it.
>>>>>> 
>>>>>> Aloha from Mumbai.
>>>>>> Jim
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> On 3/24/14, 7:15 PM, Josh Sokol wrote:
>>>>>>> Bueller?  Bueller?
>>>>>>> 
>>>>>>> Can I please get a second and a vote?  This was sent out 3 weeks ago.
>>>>>>> 
>>>>>>> ~josh
>>>>>>> 
>>>>>>> 
>>>>>>>> On Fri, Mar 21, 2014 at 10:27 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>>>> Sounds good Josh. Sorry for any confusion.
>>>>>>>> 
>>>>>>>> Cheers,
>>>>>>>> Jim
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> On 3/22/14, 12:24 PM, Josh Sokol wrote:
>>>>>>>>> To be clear, what you're talking about is a process and I support that.  What I've proposed (per what you all asked me to put together at the Board meeting) is a policy via thr Bylaws that specifies the path of revocation should that process fail to allow cooler heads to prevail.  They are not mutually exclusive and are both important along the path toward resolution one way or another.
>>>>>>>>> 
>>>>>>>>>> On Mar 21, 2014 7:56 PM, "Jim Manico" <jim.manico at owasp.org> wrote:
>>>>>>>>>> +1
>>>>>>>>>> 
>>>>>>>>>> I like this process.
>>>>>>>>>> 
>>>>>>>>>> 1) When conflict arises, first the chapter leads bring in the community manager to see if the dispute can be resolved.
>>>>>>>>>> 2) If necessary, chapters can start a process to remove someone from the chapter. Community manager over-sees this to make sure it's done with integrity.
>>>>>>>>>> 3) If the individual thinks the process is being done unfairly or they were removed unfairly, they can petition the board to get involved.
>>>>>>>>>> 
>>>>>>>>>> This seems reasonable to be. I want to make sure that competitive interests or corporate interests are not taking over a chapter and decide to remove someone to remove competition. 
>>>>>>>>>> - Jim
>>>>>>>>>> 
>>>>>>>>>>> On 3/22/14, 8:52 AM, GK Southwick wrote:
>>>>>>>>>>> Completely fair and I believe that that was what Tom was suggesting, only that it shouldn't go straight to the BoD, unless there is no other recourse. We now have a Community Manager to handle mitigation, without having to involve the board in every little dispute. 
>>>>>>>>>>> 
>>>>>>>>>>> Don't get me wrong, I know that completely ostracizing someone from the community is not a  "little" dispute, by any means. But I also believe that there's a time and place for escalation and we can start every appeal at a lower level than the BoD.
>>>>>>>>>>> 
>>>>>>>>>>> -= GK
>>>>>>>>>>> 
>>>>>>>>>>> Community Manager
>>>>>>>>>>> OWASP Foundation
>>>>>>>>>>> 
>>>>>>>>>>> gksouthwick at owasp.org
>>>>>>>>>>> +01.415.742.2342
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>>> On Fri, Mar 21, 2014 at 5:39 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>>>>>>>> Since this is about someone getting pushed out of the community in a big way, something against our DNA, I want to make sure they have the ability to appeal to the board after the community review process is complete. Fair?
>>>>>>>>>>>> 
>>>>>>>>>>>> --
>>>>>>>>>>>> Jim Manico
>>>>>>>>>>>> @Manicode
>>>>>>>>>>>> (808) 652-3805
>>>>>>>>>>>> 
>>>>>>>>>>>> On Mar 22, 2014, at 5:58 AM, GK Southwick <genevieve.southwick at owasp.org> wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>>> Absolutely. We don't need to escalate it to BoD review, unless we can't agree to disagree at the community level first.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Best,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> -= GK
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Community Manager
>>>>>>>>>>>>> OWASP Foundation
>>>>>>>>>>>>> 
>>>>>>>>>>>>> gksouthwick at owasp.org
>>>>>>>>>>>>> +01.415.742.2342
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On Fri, Mar 21, 2014 at 2:53 PM, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>>>>>>>> " notifying the OWASP Board of Directors in writing within 14 days of
>>>>>>>>>>>>>> the original notification"
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> notifying the OWASP Community Manager in writing within 14 days of the
>>>>>>>>>>>>>> original notification
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> What that does is allow the staff to look at the issue.  If
>>>>>>>>>>>>>> satisfaction resolution to either party is not made then it can be go
>>>>>>>>>>>>>> on the agenda for a board meeting discussion.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Semper Fi,
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Tom Brennan | OWASP Foundation
>>>>>>>>>>>>>> Vice Chairman
>>>>>>>>>>>>>> Main: +1 973 202 0122
>>>>>>>>>>>>>> Skype: proactiverisk
>>>>>>>>>>>>>> Web: http://www.owasp.org
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> NYC CyberSocial 26 March
>>>>>>>>>>>>>> http://www.meetup.com/OWASP-NYC/events/169653782/
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> NJ CyberSocial 27 March
>>>>>>>>>>>>>> http://www.meetup.com/OWASP-New-Jersey/events/169975572/
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On Fri, Mar 21, 2014 at 3:56 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>>>>>>>>>>>> > Does anyone else have any comments on this?  Tobias asked if "in writing"
>>>>>>>>>>>>>> > includes e-mail, but otherwise that's the only comment I received.  Can I
>>>>>>>>>>>>>> > have a second please so that we can proceed with a vote?
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> > Proposal: Add a new section to the OWASP Bylaws.
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> > SECTION 4.07  Participation. Participation in OWASP activities (conferences,
>>>>>>>>>>>>>> > meetings, mailings lists, projects, etc) does not require membership, but                                                         is
>>>>>>>>>>>>>> > subject to adherence to the OWASP Code of Ethics, and OWASP leaders may
>>>>>>>>>>>>>> > revoke the privilege of participation to those who choose not to abide by
>>>>>>>>>>>>>> > that code.  Notification of such a revocation must be made to the individual
>>>>>>>>>>>>>> > in writing, with the OWASP Board of Directors CC'd for inclusion in the
>>>>>>>>>>>>>> > Foundation records.  If an individual believes that this revocation is
>>>>>>>>>>>>>> > unjustified, then they have the option to appeal the decision by notifying
>>>>>>>>>>>>>> > the OWASP Board of Directors in writing within 14 days of the original
>>>>>>>>>>>>>> > notification.
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> > ~josh
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> > On Tue, Mar 4, 2014 at 3:14 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> Hi Josh,
>>>>>>>>>>>>>> >> sounds good.
>>>>>>>>>>>>>> >> One question to the lawyers among us: does "in writing" include per email?
>>>>>>>>>>>>>> >> Thanks, Tobias
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> On 03/03/14 16:12, Josh Sokol wrote:
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> As requested, I have re-worded the proposed addition to the Bylaws to
>>>>>>>>>>>>>> >> include information about notification and an appeals process.  Also, since
>>>>>>>>>>>>>> >> the most logical place to put this is in the membership section of the
>>>>>>>>>>>>>> >> bylaws, I modified to say that participation does not require membership.
>>>>>>>>>>>>>> >> Please discuss.
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> Proposal: Add a new section to the OWASP Bylaws.
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> SECTION 4.07  Participation. Participation in OWASP activities
>>>>>>>>>>>>>> >> (conferences, meetings, mailings lists, projects, etc) does not require
>>>>>>>>>>>>>> >> membership, but is subject to adherence to the OWASP Code of Ethics, and
>>>>>>>>>>>>>> >> OWASP leaders may revoke the privilege of participation to those who choose
>>>>>>>>>>>>>> >> not to abide by that code.  Notification of such a revocation must be made
>>>>>>>>>>>>>> >> to the individual in writing, with the OWASP Board of Directors CC'd for
>>>>>>>>>>>>>> >> inclusion in the Foundation records.  If an individual believes that this
>>>>>>>>>>>>>> >> revocation is unjustified, then they have the option to appeal the decision
>>>>>>>>>>>>>> >> by notifying the OWASP Board of Directors in writing within 14 days of the
>>>>>>>>>>>>>> >> original notification.
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> Thanks!
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> ~josh
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >> _______________________________________________
>>>>>>>>>>>>>> >> Owasp-board mailing list
>>>>>>>>>>>>>> >> Owasp-board at lists.owasp.org
>>>>>>>>>>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> > _______________________________________________
>>>>>>>>>>>>>> > Owasp-board mailing list
>>>>>>>>>>>>>> > Owasp-board at lists.owasp.org
>>>>>>>>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>>>>> >
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140326/a0f0ff92/attachment-0001.html>


More information about the Owasp-board mailing list