[Owasp-board] Business Plan outline - project and consulting work

Eoin Keary eoin.keary at owasp.org
Thu May 1 09:47:53 UTC 2014


Please refrain from comments such as this. It does not comply with owasp ethics. I believe further examples of this should be grounds of suspension from owasp.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 1 May 2014, at 03:51, Jim Manico <jim.manico at owasp.org> wrote:

> Dennis,
> 
> I am certainly am a fuck X, but I do my best to be ethical. If you think I am being unethical in some way, then I am all ears to hear your concerns and complaints in a public forum like this. So what is your issue? How do you see me as unethical?
> 
> Cheers,
> Jim "The Fuck X" Manico
> 
> 
> 
> On 4/30/14, 10:42 PM, Dennis Groves       wrote:
>> Why - -o you can tell more lies you unethical fuck?
>> 
>> 
>> On Wed, Apr 30, 2014 at 4:51 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>> Since we are officially not going to go with SWAMP, can you please CC me in when you tell Kevin Green? I want to make sure he understands why from the board level.
>>> 
>>> Thank you,
>>> Jim
>>> 
>>> 
>>> On 4/29/14, 8:35 PM, Samantha Groves wrote:
>>>> Hello All,
>>>> 
>>>> 
>>>> Sarah has asked me to review the business proposal in more detail, and I just wanted to share my thoughts on the situation and the proposed SWAMP integration agreement. 
>>>> 
>>>> As you know, Kevin and I have been working on this proposal for some time. Originally, this discussion started with SWAMP wanting to sponsor a project summit based on our tools projects, but it slowly evolved into more of a consulting type of engagement. I then shared my concerns with Sarah, and asked for her help as the scope of this agreement had changed into one where OWASP could potentially find itself liable. 
>>>> 
>>>> Now, after reading Sarah’s business proposal, I have to say, that I am in total agreement with what she recommends. I do not believe we should move forward with this opportunity as it stands,                         or opening up a consultancy business for us under the foundation umbrella at this point in time. Here is why:
>>>> 
>>>> 1). Infrastructure: We do not have the appropriate operational infrastructure set up to run a consultancy. It is a very different type of business, and it requires dedicated resources to build and run it. 
>>>> 
>>>> 2). Human Resources: We do not have the staff or the funds to hire the staff we would need to open this new line of business. You will need to hire your project, operations, and sales staff to start, as Sarah pointed out. 
>>>> 
>>>> Moreover, I HIGHLY recommend we not rely on volunteer efforts to complete contracted work. As I mentioned, consulting is a very different type of business with different risks and liabilities, and to rely on volunteers to complete your contractual obligations is not a very good business decision. You need dedicated resources that are directly accountable for delivery as the statements of work and project plans are rigid. There is very little flexibility, and from my experience, volunteers need flexibility when working on projects as this work is not their primary source of income. 
>>>> 
>>>> Now, I realize that we have won several grants for our projects that give them the funding they need to complete project milestones. However, I would like to clarify and stress that receiving                         grant funds, and entering into a business contract, are two very different endeavors. Grants are far more flexible, and they are a donation for a very particular purpose made to an organization. This is why having volunteers work on projects with grant funding is far more reasonable as the timeline, milestones, and deliverables are flexible. They are more inline with the innovation type of platform we currently have. 
>>>> 
>>>> 3). Legal Liabilities: Now, I am not legal council by any stretch of the imagination, but I have been trained in basic international business law and IP. Sarah outlines the legal risks to our business perfectly in section VII of her proposal. As I mentioned, getting into a contractual agreement with another organization, whether the products are open-source or not,                         still makes us liable for delivery of whatever is specified in the contract. I have read Jim’s comment about OWASP providing no-warranty as the product is open source, and that is correct. The products are without warranty (open-source); however, our legal liability to produce what is in the contract, is not. They are two separate things. 
>>>> 
>>>> These are only three of quite a few other concerns I have about this new line of business, and entering into an agreement with the SWAMP team at this point in time. The way I see it, we have two questions:
>>>> 
>>>> 1. Should we enter into the proposed agreement with SWAMP?
>>>> 
>>>> 2. Should we start a new line of business: Consulting?
>>>> 
>>>> 
>>>> Answers
>>>> 
>>>> 1. I do not believe we should enter into the agreement with SWAMP as the contract makes us liable for the work produced, as it stands. Now, if Kevin and team are ok working with the project leaders directly, then I see no issue with that. However, I highly recommend that the foundation not enter into a contract with another organization (SWAMP) on a consultancy basis as we are fully aware we do not have the infrastructure to deliver what is promised in the Statement of Work. We are taking a big risk, and while I am very comfortable with risks and recommend them in business, we must make sure to take calculated risks. This, to me, is not a calculated risk. It is a reactive one based on an opportunity that we might not be able to make good on. 
>>>> 
>>>> 2. I do not recommend we do this at this time. I think it is an excellent idea to consider in a year’s time, but we are not in a position where we can take this on right now. It requires quite a bit of investment, and as I see it, we are not even in a position to make appropriate business decisions when it comes to starting lines of business like this. The fact that we were even entertaining the idea that we should run this consultancy under the OWASP non-profit umbrella makes it clear to me that we are not ready to take this on. We cannot run it as a separate program. As Sarah suggested, we will need to start a new organization, such as a for-profit subsidiary of our non profit, so we can shift liability to that entity in case anything goes wrong. This way, if we are sued into bankruptcy, we still have the mother-ship intact. 
>>>> 
>>>> 
>>>> These are just my 2 cents after briefly reviewing the situation and scope. I hope it is helpful.
>>>> 
>>>> Thank you, Sarah and Board.
>>>> 
>>>> 
>>>> Samantha
>>>> 
>>>> 
>>>> 
>>>> On Mon, Apr 28, 2014 at 6:03 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>>>> All -
>>>>> 
>>>>> Here is the (brief) business plan I put together on the project and consulting work such as that being requested by DHS Swamp.  Admittedly, I stopped with with the details on what rolling out a plan would like this would look like after doing some initial research on the legal and tax repercussions for us.  Additionally, I don't think this exact model is in alignment with the charity work we are trying to accomplish.
>>>>> 
>>>>> This is not to say we shouldn't look for funding opportunities to develop our projects - but i don't think this model is the right one for us.
>>>>> 
>>>>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>>>> 
>>>>> I look forward to hearing your thoughts.
>>>>> 
>>>>> Sarah Baso
>>>>> -- 
>>>>> Executive Director
>>>>> OWASP Foundation
>>>>> 
>>>>> sarah.baso at owasp.org
>>>>> +1.312.869.2779
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> Samantha Groves, MBA
>>>> OWASP Projects Manager
>>>> 
>>>> The OWASP Foundation
>>>> Phoenix, USA
>>>> Email: samantha.groves at owasp.org
>>>> Skype: samanthahz 
>>>> 
>>>> OWASP Global Projects
>>>> Book a Meeting with Me
>>>> OWASP Contact US Form
>>>> New Project Application Form
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> 
>> -- 
>> Dennis Groves, MSc
>> Email me, or schedule a meeting.
>> This email is licensed under a CC BY-ND 3.0 license.
>> Stand up for your freedom to install free software.
>> Please do not send me Microsoft Office/Apple iWork documents. 
>> Send OpenDocument instead!
>> 
>>  
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140501/10d47df6/attachment-0001.html>


More information about the Owasp-board mailing list