[Owasp-board] Business Plan outline - project and consulting work

Josh Sokol josh.sokol at owasp.org
Thu May 1 14:30:53 UTC 2014


I believe that you were being sincere in that regard.  The problem wasn't
in what you said, rather, how you said it.
~josh
On May 1, 2014 9:06 AM, "Jim Manico" <jim.manico at owasp.org> wrote:

> Hang on a sec, I was being sincere. If Dennis has a question about my
> integrity, then I welcome his concern and will endeavor to do better. I was
> not taking a pot shot.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On May 1, 2014, at 9:57 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
> I agree with Eoin and believe that in this case both Jim and Dennis are
> borderline on grounds for suspension.  Jim, as a Board member we are
> expected to hold ourselves to a higher standard.  Dennis, if you believe
> that Jim has been unethical and have evidence to support that, then we have
> a process to handle that and posting ranting to the Board list is not part
> of that process.  You know that as well as anyone and I expect more from
> you.  This bickering and "pot shots" is completely unprofessional and needs
> to stop.
>
> ~josh
> On May 1, 2014 4:48 AM, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>
>> Please refrain from comments such as this. It does not comply with owasp
>> ethics. I believe further examples of this should be grounds of suspension
>> from owasp.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 1 May 2014, at 03:51, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> Dennis,
>>
>> I am certainly am a fuck X, but I do my best to be ethical. If you think
>> I am being unethical in some way, then I am all ears to hear your concerns
>> and complaints in a public forum like this. So what is your issue? How do
>> you see me as unethical?
>>
>> Cheers,
>> Jim "The Fuck X" Manico
>>
>>
>>
>> On 4/30/14, 10:42 PM, Dennis Groves wrote:
>>
>> Why - -o you can tell more lies you unethical fuck?
>>
>>
>> On Wed, Apr 30, 2014 at 4:51 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>>  Since we are officially not going to go with SWAMP, can you please CC
>>> me in when you tell Kevin Green? I want to make sure he understands why
>>> from the board level.
>>>
>>> Thank you,
>>> Jim
>>>
>>>
>>> On 4/29/14, 8:35 PM, Samantha Groves wrote:
>>>
>>>  Hello All,
>>>
>>>
>>>  Sarah has asked me to review the business proposal in more detail, and
>>> I just wanted to share my thoughts on the situation and the proposed SWAMP
>>> integration agreement.
>>>
>>> As you know, Kevin and I have been working on this proposal for some
>>> time. Originally, this discussion started with SWAMP wanting to sponsor a
>>> project summit based on our tools projects, but it slowly evolved into more
>>> of a consulting type of engagement. I then shared my concerns with Sarah,
>>> and asked for her help as the scope of this agreement had changed into one
>>> where OWASP could potentially find itself liable.
>>>
>>> Now, after reading Sarah’s business proposal, I have to say, that I am
>>> in total agreement with what she recommends. I do not believe we should
>>> move forward with this opportunity as it stands, or opening up a
>>> consultancy business for us under the foundation umbrella at this point in
>>> time. Here is why:
>>>
>>> 1). Infrastructure: We do not have the appropriate operational
>>> infrastructure set up to run a consultancy. It is a very different type of
>>> business, and it requires dedicated resources to build and run it.
>>>
>>> 2). Human Resources: We do not have the staff or the funds to hire the
>>> staff we would need to open this new line of business. You will need to
>>> hire your project, operations, and sales staff to start, as Sarah pointed
>>> out.
>>>
>>> Moreover, I HIGHLY recommend we not rely on volunteer efforts to
>>> complete contracted work. As I mentioned, consulting is a very different
>>> type of business with different risks and liabilities, and to rely on
>>> volunteers to complete your contractual obligations is not a very good
>>> business decision. You need dedicated resources that are directly
>>> accountable for delivery as the statements of work and project plans are
>>> rigid. There is very little flexibility, and from my experience, volunteers
>>> need flexibility when working on projects as this work is not their primary
>>> source of income.
>>>
>>> Now, I realize that we have won several grants for our projects that
>>> give them the funding they need to complete project milestones. However, I
>>> would like to clarify and stress that receiving grant funds, and entering
>>> into a business contract, are two very different endeavors. Grants are far
>>> more flexible, and they are a donation for a very particular purpose made
>>> to an organization. This is why having volunteers work on projects with
>>> grant funding is far more reasonable as the timeline, milestones, and
>>> deliverables are flexible. They are more inline with the innovation type of
>>> platform we currently have.
>>>
>>> 3). Legal Liabilities: Now, I am not legal council by any stretch of the
>>> imagination, but I have been trained in basic international business law
>>> and IP. Sarah outlines the legal risks to our business perfectly in section
>>> VII of her proposal. As I mentioned, getting into a contractual agreement
>>> with another organization, whether the products are open-source or not,
>>> still makes us liable for delivery of whatever is specified in the
>>> contract. I have read Jim’s comment about OWASP providing no-warranty as
>>> the product is open source, and that is correct. The products are without
>>> warranty (open-source); however, our legal liability to produce what is
>>> in the contract, is not. They are two separate things.
>>>
>>> These are only three of quite a few other concerns I have about this new
>>> line of business, and entering into an agreement with the SWAMP team at
>>> this point in time. The way I see it, we have two questions:
>>>
>>> 1. Should we enter into the proposed agreement with SWAMP?
>>>
>>> 2. Should we start a new line of business: Consulting?
>>>
>>>
>>>  *Answers*
>>>
>>> 1. I do not believe we should enter into the agreement with SWAMP as the
>>> contract makes us liable for the work produced, as it stands. Now, if Kevin
>>> and team are ok working with the project leaders directly, then I see no
>>> issue with that. However, I highly recommend that the foundation not enter
>>> into a contract with another organization (SWAMP) on a consultancy basis as
>>> we are fully aware we do not have the infrastructure to deliver what is
>>> promised in the Statement of Work. We are taking a big risk, and while I am
>>> very comfortable with risks and recommend them in business, we must make
>>> sure to take calculated risks. This, to me, is not a calculated risk. It is
>>> a reactive one based on an opportunity that we might not be able to make
>>> good on.
>>>
>>> 2. I do not recommend we do this at this time. I think it is an
>>> excellent idea to consider in a year’s time, but we are not in a position
>>> where we can take this on right now. It requires quite a bit of investment,
>>> and as I see it, we are not even in a position to make appropriate business
>>> decisions when it comes to starting lines of business like this. The fact
>>> that we were even entertaining the idea that we should run this consultancy
>>> under the OWASP non-profit umbrella makes it clear to me that we are not
>>> ready to take this on. We cannot run it as a separate program. As Sarah
>>> suggested, we will need to start a new organization, such as a
>>> for-profit subsidiary of our non profit, so we can shift liability to
>>> that entity in case anything goes wrong. This way, if we are sued into
>>> bankruptcy, we still have the mother-ship intact.
>>>
>>>
>>>  These are just my 2 cents after briefly reviewing the situation and
>>> scope. I hope it is helpful.
>>>
>>> Thank you, Sarah and Board.
>>>
>>>
>>>   Samantha
>>>
>>>
>>> On Mon, Apr 28, 2014 at 6:03 PM, Sarah Baso <sarah.baso at owasp.org>wrote:
>>>
>>>> All -
>>>>
>>>>  Here is the (brief) business plan I put together on the project and
>>>> consulting work such as that being requested by DHS Swamp.  Admittedly, I
>>>> stopped with with the details on what rolling out a plan would like this
>>>> would look like after doing some initial research on the legal and tax
>>>> repercussions for us.  Additionally, I don't think this exact model is in
>>>> alignment with the charity work we are trying to accomplish.
>>>>
>>>>  This is not to say we shouldn't look for funding opportunities to
>>>> develop our projects - but i don't think this model is the right one for us.
>>>>
>>>>
>>>> https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing
>>>>
>>>>  I look forward to hearing your thoughts.
>>>>
>>>> Sarah Baso
>>>> --
>>>>  Executive Director
>>>> OWASP Foundation
>>>>
>>>>  sarah.baso at owasp.org
>>>> +1.312.869.2779
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>>  --
>>>
>>> *Samantha Groves, MBA*
>>>
>>> *OWASP Projects Manager*
>>>
>>>
>>>  The OWASP Foundation
>>>
>>> Phoenix, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>>  --
>> Dennis Groves <http://about.me/dennis.groves>, MSc
>> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
>> .
>>  *This email is licensed under a CC BY-ND 3.0
>> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
>> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
>> Please do not send me Microsoft Office/Apple iWork documents.
>> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>>
>>  <http://www.owasp.org/>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140501/21b053fc/attachment-0001.html>


More information about the Owasp-board mailing list