[Owasp-board] [Owasp-leaders] Please provide a status update to the membership

Helen Gao helen.gao at owasp.org
Tue Oct 28 19:01:50 UTC 2014


Hi Bev.

I agree with you and others that the staffs are doing their best, and often
beyond expectation. Glad you brought up honorary membership. A link seems
to be broken.See below from the election page
<https://www.owasp.org/index.php/2014_Board_Elections>.I will report this
to OWASP separately just in case. There is always an honorary membership
program even before I chaired the membership committee around 2011 &2012.

*ALL* qualified individuals *MUST* apply for Honorary Membership in order
to vote by completing the Honorary Membership Form
<http://www.tfaforms.com/330146>
Regards,

Helen Gao

On Thu, Oct 16, 2014 at 12:13 AM, Bev Corwin <bev.corwin at owasp.org> wrote:

> Hello again,
>
> I think that there should be some reasonable response time expectations
> from OWASP staff (and members) regarding issues related to honorary
> membership, governance, events, most things in general, etc. I realize that
> staff are often overwhelmed, and going above and beyond any reasonable
> expectation, most of the time, however, we should have some kind of
> "resilience" volunteer system to back them up when they are not able to
> respond in a "reasonable" amount of time, yet to be determined. A few years
> ago I also completed an OWASP honorary membership form and never received
> any recognition that it was ever received or under consideration. It was
> during a time when I was volunteering quite a bit for OWASP, and as a "dues
> paying" member of several other professional associations, decided to give
> it a try. I gave up and eventually moved OWASP to a higher priority level
> in my "professional associations" hierarchy, therefore giving it standing
> in my "memberships" budget. There are so many excellent OWASP volunteers,
> it would make sense to use them for organizational resiliency in important
> times of governance special needs.
>
> Bev
>
>
> On Wed, Oct 15, 2014 at 10:18 PM, Andrew van der Stock <vanderaj at owasp.org
> > wrote:
>
>> Thanks Kate, I really appreciate your efforts in assisting me with my
>> membership this year.
>>
>> Thanks Josh for organising this.
>>
>> I believe once we know the magnitude of the issue, Bev's idea of an
>> extension to voting for a period after the official close is the best way
>> forward. That will give expired members a chance to renew and participate
>> once the ED knows how many are affected.
>>
>> Can the ED please keep us informed, I will leave this for a period of
>> time to allow the team to figure out how many are affected and to put
>> resolutions in place, but we need to know some answers before voting closes
>> next week.
>>
>> Thanks
>> Andrew
>>
>>
>> Sent from my iPad
>>
>> On 16 Oct 2014, at 1:11 pm, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> Andrew,
>>
>> It is viewable now thanks to super-Kate and her late night efforts to
>> support us!  Unfortunately, I'm honestly not sure why this document was
>> included in the Bylaws.  It is very specific to the 2012 elections, but
>> does illustrate that this is not a process either run or moderated by the
>> Board.  This process is firmly in the hands of our ED and Operations Team
>> in order to maintain objectivity.
>>
>> ~josh
>>
>> On Wed, Oct 15, 2014 at 8:52 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> Andrew,
>>>
>>> Action by the Board to "determine if any candidates are not in good
>>> standing and make a decision as to how to deal with that" could be
>>> misconstrued as the Board tampering with the election and is not part of
>>> the Board role in this process.  The Executive Director and Operations Team
>>> is responsible for our elections process.  This includes every single one
>>> of the bullet points that you mention in your e-mail.  Our staff is
>>> actively seeking to do these things and being technical or non-technical is
>>> irrelevant.  As Eoin pointed out, it is NOT the Board's job to manage the
>>> election process.  This is not in the bylaws (
>>> https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf).
>>> Honestly, I'm not sure about the election policy and procedure referenced
>>> in Section 3.02 as I do not have access to it either.  I have requested
>>> access and will send an inquiry to the operations team to get it publicly
>>> viewable ASAP.  Hopefully that document will help to address some of your
>>> assertions regarding who is responsible for what.
>>>
>>> ~josh
>>>
>>> On Wed, Oct 15, 2014 at 4:09 PM, Andrew van der Stock <
>>> vanderaj at owasp.org> wrote:
>>>
>>>> Eoin
>>>>
>>>> I am not asking the Board to get in there and deal with the technical
>>>> stuff, I *am* asking the Board to
>>>>
>>>> * Determine what will happen if there is a significant number of
>>>> disenfranchised members
>>>> * Determine if any candidates are not in good standing and make a
>>>> decision as to how to deal with that that complies with the by laws
>>>> * Determine if there needs to be a delay or a re-do
>>>> * Determine what will happen if there are challenges to the election
>>>> or its process
>>>> * Communicate with us
>>>>
>>>> None of those things are technical. None of those things stop the
>>>> technical folks fixing the glitch. That should be happening in
>>>> parallel, which it appears to be so. Let's let them do their job.
>>>>
>>>> At the same time, the Board needs to do their job, which is to manage
>>>> the election process as per the by laws and providing advice or
>>>> guidance around the election by laws when asked.
>>>>
>>>> I would ask that the election by laws be put into anonymous read only
>>>> mode as it's in the PDF of the official OWASP by laws, but no one can
>>>> see it right now without being granted permission:
>>>>
>>>>
>>>> https://docs.google.com/a/owasp.org/document/d/1A16CEWCebTC_vadzSsaGFsuvBD94HhkbgHKBZr6shII/edit
>>>>
>>>> thanks
>>>> Andrew
>>>>
>>>> On Thu, Oct 16, 2014 at 3:21 AM, Eoin Keary <eoin.keary at owasp.org>
>>>> wrote:
>>>> > Please Board, do not get involved in this process!!
>>>> > Stay away and let our great staff deal with this.
>>>> >
>>>> >
>>>> > Eoin Keary
>>>> > Owasp Global Board
>>>> > +353 87 977 2988
>>>> >
>>>> >
>>>> > On 15 Oct 2014, at 15:26, Tobias <tobias.gondrom at owasp.org> wrote:
>>>> >
>>>> > +1 for Josh.
>>>> > I can fully support Josh's statements.
>>>> >
>>>> > I know things may look calm on the outside, but let me assure you the
>>>> whole
>>>> > team (incl. the board) takes this as the highest priority and there
>>>> is very
>>>> > high activity on the inside by everyone pulling together to get this
>>>> > analysed and fixed ASAP.
>>>> >
>>>> > As you know the election is still open for another 9 days until Oct-24
>>>> > (https://www.owasp.org/index.php/2014_Board_Elections), so please
>>>> have a
>>>> > little more patience and give our team a chance to fix it. And based
>>>> on the
>>>> > findings we will decide on what to do in addition - hopefully we know
>>>> more
>>>> > in a few hours.
>>>> >
>>>> > Best wishes, Tobias
>>>> >
>>>> >
>>>> > Tobias Gondrom
>>>> > OWASP Global Board Member
>>>> >
>>>> >
>>>> > On 15/10/14 15:10, Josh Sokol wrote:
>>>> >
>>>> > Andrew,
>>>> >
>>>> > I had at least half a dozen emails back and forth yesterday related
>>>> to my
>>>> > issue with not receiving the voting email and Kelly was well engaged
>>>> with me
>>>> > and SimplyVoting.  They tracked my particular issue down to having
>>>> > unsubscribed to a SimplyVoting email during the WASPY awards
>>>> process.  My
>>>> > issue was just one of many reported and being worked on.  Kate, who
>>>> was in
>>>> > training this week, was pulled from it in order to work on these
>>>> issues.
>>>> > This is item #1 on the ops team's plate and they are laser focused on
>>>> making
>>>> > sure this process is being handled professionally and without missing
>>>> votes.
>>>> > Your concerns are very valid and are all being investigated.   If
>>>> there is
>>>> > cause to pause the election process, I assure you that it will be
>>>> done.  I
>>>> > do want to say, however, that this is an operations issue and Board
>>>> > involvement beyond supporting the ops team could constitute tampering
>>>> with
>>>> > the election process.  We need to work diligently, yet judiciously,
>>>> in order
>>>> > to ensure the process is fair for everyone involved.  There were
>>>> several
>>>> > emails on this topic yesterday along with a TON of ops team activity,
>>>> and an
>>>> > update is planned for today.  Keep in mind that its early morning on
>>>> day 2
>>>> > here in the US where the ops team is based.  I'm not saying that
>>>> there isn't
>>>> > a problem, but patience is definitely a virtue when you want to make
>>>> sure
>>>> > that things are handled properly.  Please give the ops team a chance
>>>> to
>>>> > research what happened and communicate it out before assuming that
>>>> the issue
>>>> > is just being ignored.  Thank you.
>>>> >
>>>> > Sincerely,
>>>> >
>>>> > Josh Sokol
>>>> >
>>>> > On Oct 15, 2014 7:16 AM, "Andrew van der Stock" <vanderaj at owasp.org>
>>>> wrote:
>>>> >>
>>>> >> Michael and the Board,
>>>> >>
>>>> >> I write to you formally to request a status update on the global
>>>> OWASP
>>>> >> Board of Directors election process, in particular, I implore the
>>>> >> current Board to take affirmative action to investigate and manage a
>>>> >> resolution to the technical hitches in membership and balloting, and
>>>> >> if necessary delay the election, so that all eligible members can
>>>> >> vote. There is no activity on the Board list to address this issue,
>>>> >> and this, too, needs to be addressed.
>>>> >>
>>>> >> Members need to have trust of the integrity of the balloting
>>>> >> (enfranchisement) and voting processes. There are rules posted
>>>> >> regarding the process and deadlines, and for at least some (and
>>>> >> possibly many) members, these deadlines have been missed by the OWASP
>>>> >> Foundation. There is no current membership list. Members have expired
>>>> >> and not been renewed or processed and have missed out on receiving
>>>> >> their vote to the election. It is entirely possible that some of the
>>>> >> candidates, through no fault of their own, are not in good standing.
>>>> >> We just don't know.
>>>> >>
>>>> >> The only semi-official message in relation to my queries so far is
>>>> >> "please don't be inflammatory". That is simply not good enough. I am
>>>> >> not sledging the ops team - that is not my intent - but I am saying
>>>> >> there is an critical issue and it is not being managed or
>>>> communicated
>>>> >> properly, and that requires Board oversight.
>>>> >>
>>>> >> In Australia, we recently had to send an entire state back to re-vote
>>>> >> their senate because our electoral commission lost 1300 votes, which
>>>> >> was more votes than the winning margin. I don't ever recall any open
>>>> >> source project or Foundation ever having this type of problem before.
>>>> >> I hope that it's a small issue that can be addressed in a timely and
>>>> >> comprehensive fashion.
>>>> >>
>>>> >> Please as a matter of urgency, please work out and communicate with
>>>> >> all the members, (and not just those on the leaders list):
>>>> >>
>>>> >> * What is the Board's position on challenges to the election,
>>>> >> postponing or delaying the vote to get the membership and balloting
>>>> >> right, or doing a re-run?
>>>> >>
>>>> >> * Were renewal notices sent out to expiring and expired members in a
>>>> >> timely fashion to make the September 30 renewal eligibility deadline?
>>>> >>
>>>> >> * If not, will OWASP be e-mailing or making contact with all expired
>>>> >> members to see if they wanted to renew and give them a vote in the
>>>> >> election? If so, when will this occur? Will it occur by the time
>>>> >> voting closes?
>>>> >>
>>>> >> * Are all current Board candidates in good standing? If not, will the
>>>> >> Board reach out to the candidates in question, and offer them back
>>>> >> dated honorary membership to comply with the bylaws? Or will they be
>>>> >> ineligible to stand?
>>>> >>
>>>> >> * Are all membership renewals (paid, lifetime, and honorary)
>>>> submitted
>>>> >> prior to September 30 now processed?
>>>> >>
>>>> >> * If so, is there an up to date membership list that does not date
>>>> >> back to April 8, 2014? Can this be added to the OWASP Board 2014
>>>> >> elections page?
>>>> >>
>>>> >> * As the CRM process wasn't working for some time, what steps are the
>>>> >> Board putting into place to ensure that it is fixed and monitored for
>>>> >> the next election?
>>>> >>
>>>> >>
>>>> >> These questions have to be answered. No answer is simply not an
>>>> >> option. I don't mind if you take these on notice and reply in pieces,
>>>> >> but please communicate frequently, openly and honestly with us.
>>>> >>
>>>> >> I know the vote is open until next week, but I feel that even if
>>>> there
>>>> >> are only a handful of members piping up on the Leaders mailing list
>>>> >> today, the CRM process has been broken for at least two months, which
>>>> >> covers about 15% of members. It may have been broken as far back as
>>>> >> April 8 when the membership list was seemingly last generated, which
>>>> >> covers around 45-50% of the members.
>>>> >>
>>>> >> Simply enrolling those who pipe up in one venue misses those who
>>>> don't
>>>> >> hang out on the Leaders list and disenfranchises those who might have
>>>> >> wanted a say in OWASP's future. If this is actually a small issue, it
>>>> >> should be easy to determine: compare July, August's and September's
>>>> >> membership totals with that from the year before. If the totals are
>>>> >> reduced, then there is a problem of a known magnitude. But without an
>>>> >> accurate and up to date membership list, we cannot determine if there
>>>> >> are disenfranchised members or how many have been potentially
>>>> >> disenfranchised.
>>>> >>
>>>> >> I gave the ops team nearly two month's notice that something wasn't
>>>> >> right, and stayed in fairly constant communication during that time.
>>>> I
>>>> >> even gave a heads up about my fellow candidates, who I sincerely hope
>>>> >> have their membership sorted so OWASP members have a geographically
>>>> >> varied and interesting selection of candidates to choose from.
>>>> >>
>>>> >> I've been here since very nearly the beginning, I don't think I've
>>>> >> ever seen such disarray in our internal processes, especially such
>>>> key
>>>> >> processes that directly elect the Board.
>>>> >>
>>>> >> I implore the Board to take this very seriously. Please communicate
>>>> >> clearly and frequently with us on next steps. If the Board or the
>>>> >> Foundation needs time - more time than there exists until the end of
>>>> >> voting, I am more than willing to give the benefit of the doubt to
>>>> >> ensure that we have an open, transparent membership and voting system
>>>> >> with integrity for a vote to be open to all members, not just those
>>>> >> unaffected by the technical glitches. I can't speak for the other
>>>> >> candidates, but please ask them too. I'd rather this be done right.
>>>> >>
>>>> >> I am reachable on +61 451 057 580 if you want a chat, but I am
>>>> UTC+11,
>>>> >> which makes it tricky during US business hours.
>>>> >>
>>>> >> thanks,
>>>> >> Andrew
>>>> >> _______________________________________________
>>>> >> Owasp-board mailing list
>>>> >> Owasp-board at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Owasp-board mailing list
>>>> > Owasp-board at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Owasp-board mailing list
>>>> > Owasp-board at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Helen Gao, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141028/c408f873/attachment-0001.html>


More information about the Owasp-board mailing list