[Owasp-board] Business Plan outline - project and consulting work

Dennis Groves dennis.groves at owasp.org
Thu May 1 02:42:58 UTC 2014


Why - -o you can tell more lies you unethical fuck?


On Wed, Apr 30, 2014 at 4:51 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  Since we are officially not going to go with SWAMP, can you please CC me
> in when you tell Kevin Green? I want to make sure he understands why from
> the board level.
>
> Thank you,
> Jim
>
>
> On 4/29/14, 8:35 PM, Samantha Groves wrote:
>
>  Hello All,
>
>
>  Sarah has asked me to review the business proposal in more detail, and I
> just wanted to share my thoughts on the situation and the proposed SWAMP
> integration agreement.
>
> As you know, Kevin and I have been working on this proposal for some time.
> Originally, this discussion started with SWAMP wanting to sponsor a project
> summit based on our tools projects, but it slowly evolved into more of a
> consulting type of engagement. I then shared my concerns with Sarah, and
> asked for her help as the scope of this agreement had changed into one
> where OWASP could potentially find itself liable.
>
> Now, after reading Sarah’s business proposal, I have to say, that I am in
> total agreement with what she recommends. I do not believe we should move
> forward with this opportunity as it stands, or opening up a consultancy
> business for us under the foundation umbrella at this point in time. Here
> is why:
>
> 1). Infrastructure: We do not have the appropriate operational
> infrastructure set up to run a consultancy. It is a very different type of
> business, and it requires dedicated resources to build and run it.
>
> 2). Human Resources: We do not have the staff or the funds to hire the
> staff we would need to open this new line of business. You will need to
> hire your project, operations, and sales staff to start, as Sarah pointed
> out.
>
> Moreover, I HIGHLY recommend we not rely on volunteer efforts to complete
> contracted work. As I mentioned, consulting is a very different type of
> business with different risks and liabilities, and to rely on volunteers to
> complete your contractual obligations is not a very good business decision.
> You need dedicated resources that are directly accountable for delivery as
> the statements of work and project plans are rigid. There is very little
> flexibility, and from my experience, volunteers need flexibility when
> working on projects as this work is not their primary source of income.
>
> Now, I realize that we have won several grants for our projects that give
> them the funding they need to complete project milestones. However, I would
> like to clarify and stress that receiving grant funds, and entering into a
> business contract, are two very different endeavors. Grants are far more
> flexible, and they are a donation for a very particular purpose made to an
> organization. This is why having volunteers work on projects with grant
> funding is far more reasonable as the timeline, milestones, and
> deliverables are flexible. They are more inline with the innovation type of
> platform we currently have.
>
> 3). Legal Liabilities: Now, I am not legal council by any stretch of the
> imagination, but I have been trained in basic international business law
> and IP. Sarah outlines the legal risks to our business perfectly in section
> VII of her proposal. As I mentioned, getting into a contractual agreement
> with another organization, whether the products are open-source or not,
> still makes us liable for delivery of whatever is specified in the
> contract. I have read Jim’s comment about OWASP providing no-warranty as
> the product is open source, and that is correct. The products are without
> warranty (open-source); however, our legal liability to produce what is
> in the contract, is not. They are two separate things.
>
> These are only three of quite a few other concerns I have about this new
> line of business, and entering into an agreement with the SWAMP team at
> this point in time. The way I see it, we have two questions:
>
> 1. Should we enter into the proposed agreement with SWAMP?
>
> 2. Should we start a new line of business: Consulting?
>
>
>  *Answers*
>
> 1. I do not believe we should enter into the agreement with SWAMP as the
> contract makes us liable for the work produced, as it stands. Now, if Kevin
> and team are ok working with the project leaders directly, then I see no
> issue with that. However, I highly recommend that the foundation not enter
> into a contract with another organization (SWAMP) on a consultancy basis as
> we are fully aware we do not have the infrastructure to deliver what is
> promised in the Statement of Work. We are taking a big risk, and while I am
> very comfortable with risks and recommend them in business, we must make
> sure to take calculated risks. This, to me, is not a calculated risk. It is
> a reactive one based on an opportunity that we might not be able to make
> good on.
>
> 2. I do not recommend we do this at this time. I think it is an excellent
> idea to consider in a year’s time, but we are not in a position where we
> can take this on right now. It requires quite a bit of investment, and as I
> see it, we are not even in a position to make appropriate business
> decisions when it comes to starting lines of business like this. The fact
> that we were even entertaining the idea that we should run this consultancy
> under the OWASP non-profit umbrella makes it clear to me that we are not
> ready to take this on. We cannot run it as a separate program. As Sarah
> suggested, we will need to start a new organization, such as a for-profit
> subsidiary of our non profit, so we can shift liability to that entity in
> case anything goes wrong. This way, if we are sued into bankruptcy, we
> still have the mother-ship intact.
>
>
>  These are just my 2 cents after briefly reviewing the situation and
> scope. I hope it is helpful.
>
> Thank you, Sarah and Board.
>
>
>   Samantha
>
>
> On Mon, Apr 28, 2014 at 6:03 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>
>> All -
>>
>>  Here is the (brief) business plan I put together on the project and
>> consulting work such as that being requested by DHS Swamp.  Admittedly, I
>> stopped with with the details on what rolling out a plan would like this
>> would look like after doing some initial research on the legal and tax
>> repercussions for us.  Additionally, I don't think this exact model is in
>> alignment with the charity work we are trying to accomplish.
>>
>>  This is not to say we shouldn't look for funding opportunities to
>> develop our projects - but i don't think this model is the right one for us.
>>
>>
>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>
>>  I look forward to hearing your thoughts.
>>
>> Sarah Baso
>> --
>>  Executive Director
>> OWASP Foundation
>>
>>  sarah.baso at owasp.org
>> +1.312.869.2779
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
>  --
>
> *Samantha Groves, MBA*
>
> *OWASP Projects Manager*
>
>
>  The OWASP Foundation
>
> Phoenix, USA
>
> Email: samantha.groves at owasp.org
>
> Skype: samanthahz
>
>
>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>
> Book a Meeting with Me <http://goo.gl/mZXdZ>
>
> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>
> New Project Application Form <http://www.tfaforms.com/263506>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dennis Groves <http://about.me/dennis.groves>, MSc
Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
.
*This email is licensed under a CC BY-ND 3.0
<http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
Stand up for your freedom to install free
software.<http://www.fsf.org/campaigns/secure-boot/statement>
Please do not send me Microsoft Office/Apple iWork documents.
Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!

<http://www.owasp.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140430/1958081d/attachment-0001.html>


More information about the Owasp-board mailing list