[Owasp-board] Business Plan outline - project and consulting work

Jim Manico jim.manico at owasp.org
Thu May 1 02:51:27 UTC 2014


Dennis,

I am certainly am a fuck X, but I do my best to be ethical. If you think 
I am being unethical in some way, then I am all ears to hear your 
concerns and complaints in a public forum like this. So what is your 
issue? How do you see me as unethical?

Cheers,
Jim "The Fuck X" Manico



On 4/30/14, 10:42 PM, Dennis Groves wrote:
> Why - -o you can tell more lies you unethical fuck?
>
>
> On Wed, Apr 30, 2014 at 4:51 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Since we are officially not going to go with SWAMP, can you please
>     CC me in when you tell Kevin Green? I want to make sure he
>     understands why from the board level.
>
>     Thank you,
>     Jim
>
>
>     On 4/29/14, 8:35 PM, Samantha Groves wrote:
>>
>>     Hello All,
>>
>>
>>     Sarah has asked me to review the business proposal in more
>>     detail, and I just wanted to share my thoughts on the situation
>>     and the proposed SWAMP integration agreement.
>>
>>     As you know, Kevin and I have been working on this proposal for
>>     some time. Originally, this discussion started with SWAMP wanting
>>     to sponsor a project summit based on our tools projects, but it
>>     slowly evolved into more of a consulting type of engagement. I
>>     then shared my concerns with Sarah, and asked for her help as the
>>     scope of this agreement had changed into one where OWASP could
>>     potentially find itself liable.
>>
>>     Now, after reading Sarah’s business proposal, I have to say, that
>>     I am in total agreement with what she recommends. I do not
>>     believe we should move forward with this opportunity as it
>>     stands, or opening up a consultancy business for us under the
>>     foundation umbrella at this point in time. Here is why:
>>
>>     1). Infrastructure: We do not have the appropriate operational
>>     infrastructure set up to run a consultancy. It is a very
>>     different type of business, and it requires dedicated resources
>>     to build and run it.
>>
>>     2). Human Resources: We do not have the staff or the funds to
>>     hire the staff we would need to open this new line of business.
>>     You will need to hire your project, operations, and sales staff
>>     to start, as Sarah pointed out.
>>
>>     Moreover, I HIGHLY recommend we not rely on volunteer efforts to
>>     complete contracted work. As I mentioned, consulting is a very
>>     different type of business with different risks and liabilities,
>>     and to rely on volunteers to complete your contractual
>>     obligations is not a very good business decision. You need
>>     dedicated resources that are directly accountable for delivery as
>>     the statements of work and project plans are rigid. There is very
>>     little flexibility, and from my experience, volunteers need
>>     flexibility when working on projects as this work is not their
>>     primary source of income.
>>
>>     Now, I realize that we have won several grants for our projects
>>     that give them the funding they need to complete project
>>     milestones. However, I would like to clarify and stress that
>>     receiving grant funds, and entering into a business contract, are
>>     two very different endeavors. Grants are far more flexible, and
>>     they are a donation for a very particular purpose made to an
>>     organization. This is why having volunteers work on projects with
>>     grant funding is far more reasonable as the timeline, milestones,
>>     and deliverables are flexible. They are more inline with the
>>     innovation type of platform we currently have.
>>
>>     3). Legal Liabilities: Now, I am not legal council by any stretch
>>     of the imagination, but I have been trained in basic
>>     international business law and IP. Sarah outlines the legal risks
>>     to our business perfectly in section VII of her proposal. As I
>>     mentioned, getting into a contractual agreement with another
>>     organization, whether the products are open-source or not, still
>>     makes us liable for delivery of whatever is specified in the
>>     contract. I have read Jim’s comment about OWASP providing
>>     no-warranty as the product is open source, and that is correct.
>>     The products are without warranty (open-source); however, our
>>     legal liability to produce what is in the contract, is not. They
>>     are two separate things.
>>
>>     These are only three of quite a few other concerns I have about
>>     this new line of business, and entering into an agreement with
>>     the SWAMP team at this point in time. The way I see it, we have
>>     two questions:
>>
>>     1. Should we enter into the proposed agreement with SWAMP?
>>
>>     2. Should we start a new line of business: Consulting?
>>
>>
>>     *Answers*
>>
>>     1. I do not believe we should enter into the agreement with SWAMP
>>     as the contract makes us liable for the work produced, as it
>>     stands. Now, if Kevin and team are ok working with the project
>>     leaders directly, then I see no issue with that. However, I
>>     highly recommend that the foundation not enter into a contract
>>     with another organization (SWAMP) on a consultancy basis as we
>>     are fully aware we do not have the infrastructure to deliver what
>>     is promised in the Statement of Work. We are taking a big risk,
>>     and while I am very comfortable with risks and recommend them in
>>     business, we must make sure to take calculated risks. This, to
>>     me, is not a calculated risk. It is a reactive one based on an
>>     opportunity that we might not be able to make good on.
>>
>>     2. I do not recommend we do this at this time. I think it is an
>>     excellent idea to consider in a year’s time, but we are not in a
>>     position where we can take this on right now. It requires quite a
>>     bit of investment, and as I see it, we are not even in a position
>>     to make appropriate business decisions when it comes to starting
>>     lines of business like this. The fact that we were even
>>     entertaining the idea that we should run this consultancy under
>>     the OWASP non-profit umbrella makes it clear to me that we are
>>     not ready to take this on. We cannot run it as a separate
>>     program. As Sarah suggested, we will need to start a new
>>     organization, such as a for-profit subsidiary of our non
>>     profit,so we can shift liability to that entity in case anything
>>     goes wrong. This way, if we are sued into bankruptcy, we still
>>     have the mother-ship intact.
>>
>>
>>     These are just my 2 cents after briefly reviewing the situation
>>     and scope. I hope it is helpful.
>>
>>     Thank you, Sarah and Board.
>>
>>
>>     Samantha
>>
>>
>>
>>     On Mon, Apr 28, 2014 at 6:03 PM, Sarah Baso <sarah.baso at owasp.org
>>     <mailto:sarah.baso at owasp.org>> wrote:
>>
>>         All -
>>
>>         Here is the (brief) business plan I put together on the
>>         project and consulting work such as that being requested by
>>         DHS Swamp.  Admittedly, I stopped with with the details on
>>         what rolling out a plan would like this would look like after
>>         doing some initial research on the legal and tax
>>         repercussions for us.  Additionally, I don't think this exact
>>         model is in alignment with the charity work we are trying to
>>         accomplish.
>>
>>         This is not to say we shouldn't look for funding
>>         opportunities to develop our projects - but i don't think
>>         this model is the right one for us.
>>
>>         https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>
>>         I look forward to hearing your thoughts.
>>
>>         Sarah Baso
>>         -- 
>>         Executive Director
>>         OWASP Foundation
>>
>>         sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>         +1.312.869.2779 <tel:%2B1.312.869.2779>
>>
>>
>>
>>
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>     -- 
>>
>>     *Samantha Groves, MBA*
>>
>>     /OWASP Projects Manager/
>>
>>     /
>>     /
>>
>>     The OWASP Foundation
>>
>>     Phoenix, USA
>>
>>     Email: samantha.groves at owasp.org <mailto:samantha.groves at owasp.org>
>>
>>     Skype: samanthahz
>>
>>
>>     OWASP Global Projects
>>     <https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>>     Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>>     OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>>     New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> -- 
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <mailto:dennis.groves at owasp.org> or schedule a meeting 
> <http://goo.gl/8sPIy>.
> /This email is licensed under a CC BY-ND 3.0 
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license./
> Stand up for your freedom to install free software. 
> <http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>
> <http://www.owasp.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140430/52b5b6f6/attachment-0001.html>


More information about the Owasp-board mailing list