[Owasp-board] Business Plan outline - project and consulting work

Josh Sokol josh.sokol at owasp.org
Thu May 1 13:57:45 UTC 2014


I agree with Eoin and believe that in this case both Jim and Dennis are
borderline on grounds for suspension.  Jim, as a Board member we are
expected to hold ourselves to a higher standard.  Dennis, if you believe
that Jim has been unethical and have evidence to support that, then we have
a process to handle that and posting ranting to the Board list is not part
of that process.  You know that as well as anyone and I expect more from
you.  This bickering and "pot shots" is completely unprofessional and needs
to stop.

~josh
On May 1, 2014 4:48 AM, "Eoin Keary" <eoin.keary at owasp.org> wrote:

> Please refrain from comments such as this. It does not comply with owasp
> ethics. I believe further examples of this should be grounds of suspension
> from owasp.
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 1 May 2014, at 03:51, Jim Manico <jim.manico at owasp.org> wrote:
>
> Dennis,
>
> I am certainly am a fuck X, but I do my best to be ethical. If you think I
> am being unethical in some way, then I am all ears to hear your concerns
> and complaints in a public forum like this. So what is your issue? How do
> you see me as unethical?
>
> Cheers,
> Jim "The Fuck X" Manico
>
>
>
> On 4/30/14, 10:42 PM, Dennis Groves wrote:
>
> Why - -o you can tell more lies you unethical fuck?
>
>
> On Wed, Apr 30, 2014 at 4:51 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  Since we are officially not going to go with SWAMP, can you please CC me
>> in when you tell Kevin Green? I want to make sure he understands why from
>> the board level.
>>
>> Thank you,
>> Jim
>>
>>
>> On 4/29/14, 8:35 PM, Samantha Groves wrote:
>>
>>  Hello All,
>>
>>
>>  Sarah has asked me to review the business proposal in more detail, and
>> I just wanted to share my thoughts on the situation and the proposed SWAMP
>> integration agreement.
>>
>> As you know, Kevin and I have been working on this proposal for some
>> time. Originally, this discussion started with SWAMP wanting to sponsor a
>> project summit based on our tools projects, but it slowly evolved into more
>> of a consulting type of engagement. I then shared my concerns with Sarah,
>> and asked for her help as the scope of this agreement had changed into one
>> where OWASP could potentially find itself liable.
>>
>> Now, after reading Sarah’s business proposal, I have to say, that I am in
>> total agreement with what she recommends. I do not believe we should move
>> forward with this opportunity as it stands, or opening up a consultancy
>> business for us under the foundation umbrella at this point in time. Here
>> is why:
>>
>> 1). Infrastructure: We do not have the appropriate operational
>> infrastructure set up to run a consultancy. It is a very different type of
>> business, and it requires dedicated resources to build and run it.
>>
>> 2). Human Resources: We do not have the staff or the funds to hire the
>> staff we would need to open this new line of business. You will need to
>> hire your project, operations, and sales staff to start, as Sarah pointed
>> out.
>>
>> Moreover, I HIGHLY recommend we not rely on volunteer efforts to complete
>> contracted work. As I mentioned, consulting is a very different type of
>> business with different risks and liabilities, and to rely on volunteers to
>> complete your contractual obligations is not a very good business decision.
>> You need dedicated resources that are directly accountable for delivery as
>> the statements of work and project plans are rigid. There is very little
>> flexibility, and from my experience, volunteers need flexibility when
>> working on projects as this work is not their primary source of income.
>>
>> Now, I realize that we have won several grants for our projects that give
>> them the funding they need to complete project milestones. However, I would
>> like to clarify and stress that receiving grant funds, and entering into a
>> business contract, are two very different endeavors. Grants are far more
>> flexible, and they are a donation for a very particular purpose made to an
>> organization. This is why having volunteers work on projects with grant
>> funding is far more reasonable as the timeline, milestones, and
>> deliverables are flexible. They are more inline with the innovation type of
>> platform we currently have.
>>
>> 3). Legal Liabilities: Now, I am not legal council by any stretch of the
>> imagination, but I have been trained in basic international business law
>> and IP. Sarah outlines the legal risks to our business perfectly in section
>> VII of her proposal. As I mentioned, getting into a contractual agreement
>> with another organization, whether the products are open-source or not,
>> still makes us liable for delivery of whatever is specified in the
>> contract. I have read Jim’s comment about OWASP providing no-warranty as
>> the product is open source, and that is correct. The products are without
>> warranty (open-source); however, our legal liability to produce what is
>> in the contract, is not. They are two separate things.
>>
>> These are only three of quite a few other concerns I have about this new
>> line of business, and entering into an agreement with the SWAMP team at
>> this point in time. The way I see it, we have two questions:
>>
>> 1. Should we enter into the proposed agreement with SWAMP?
>>
>> 2. Should we start a new line of business: Consulting?
>>
>>
>>  *Answers*
>>
>> 1. I do not believe we should enter into the agreement with SWAMP as the
>> contract makes us liable for the work produced, as it stands. Now, if Kevin
>> and team are ok working with the project leaders directly, then I see no
>> issue with that. However, I highly recommend that the foundation not enter
>> into a contract with another organization (SWAMP) on a consultancy basis as
>> we are fully aware we do not have the infrastructure to deliver what is
>> promised in the Statement of Work. We are taking a big risk, and while I am
>> very comfortable with risks and recommend them in business, we must make
>> sure to take calculated risks. This, to me, is not a calculated risk. It is
>> a reactive one based on an opportunity that we might not be able to make
>> good on.
>>
>> 2. I do not recommend we do this at this time. I think it is an excellent
>> idea to consider in a year’s time, but we are not in a position where we
>> can take this on right now. It requires quite a bit of investment, and as I
>> see it, we are not even in a position to make appropriate business
>> decisions when it comes to starting lines of business like this. The fact
>> that we were even entertaining the idea that we should run this consultancy
>> under the OWASP non-profit umbrella makes it clear to me that we are not
>> ready to take this on. We cannot run it as a separate program. As Sarah
>> suggested, we will need to start a new organization, such as a
>> for-profit subsidiary of our non profit, so we can shift liability to
>> that entity in case anything goes wrong. This way, if we are sued into
>> bankruptcy, we still have the mother-ship intact.
>>
>>
>>  These are just my 2 cents after briefly reviewing the situation and
>> scope. I hope it is helpful.
>>
>> Thank you, Sarah and Board.
>>
>>
>>   Samantha
>>
>>
>> On Mon, Apr 28, 2014 at 6:03 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>>> All -
>>>
>>>  Here is the (brief) business plan I put together on the project and
>>> consulting work such as that being requested by DHS Swamp.  Admittedly, I
>>> stopped with with the details on what rolling out a plan would like this
>>> would look like after doing some initial research on the legal and tax
>>> repercussions for us.  Additionally, I don't think this exact model is in
>>> alignment with the charity work we are trying to accomplish.
>>>
>>>  This is not to say we shouldn't look for funding opportunities to
>>> develop our projects - but i don't think this model is the right one for us.
>>>
>>>
>>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>>
>>>  I look forward to hearing your thoughts.
>>>
>>> Sarah Baso
>>> --
>>>  Executive Director
>>> OWASP Foundation
>>>
>>>  sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>>  --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>>  The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
>  --
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
> .
>  *This email is licensed under a CC BY-ND 3.0
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>
>  <http://www.owasp.org/>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140501/924089de/attachment-0001.html>


More information about the Owasp-board mailing list