[Owasp-board] Proposed change to Section 3.03 of the bylaws

Tobias tobias.gondrom at owasp.org
Tue Apr 28 20:44:06 UTC 2015


Hi guys,

I have no strong objections against 75%. I would prefer 66%, considering 
that removal from the board is a pretty heavy handed step and people 
these days are in various timezones and it may sometimes mean that you 
have to get up at 4am as Andrew did in January to attend a board 
meeting, which I feel was pretty tough.

If the majority of the board is in favor of 75%, I will support that as 
well.

I definitely like the new overall language, too.

Thanks a lot for preparing.

Tobias

On 28/04/15 19:52, Josh Sokol wrote:
> I like the new wording.  Thank you very much for putting that together 
> Bil.  I would be happy to vote in favor of this change to our Bylaws.  
> I guess I would favor the 75% because, in the case of quarterly 
> meetings, this means that a person would be required to attend 3 out 
> of the 4 meetings.  2 out of the 4 has them failing at their Board 
> member duties IMHO.  In the case of monthly meetings, that still 
> affords them to miss 3 meetings which is still a lot in my opinion.  
> The difference between 75% and 66% in the case of monthly meetings is 
> 4 missed meetings instead of 5.  66% again is one meeting shy of 
> half.  Why even be on the Board if you're going to attend half of the 
> meetings?  And, Tobias, it shouldn't matter whether this is an issue 
> with the current Board.  Bylaws set expectations for current and 
> future Board alike, unless they are changed.
>
> ~josh
>
> On Tue, Apr 28, 2015 at 1:03 PM, Bil Corry <bil.corry at owasp.org 
> <mailto:bil.corry at owasp.org>> wrote:
>
>     Hi Tobias,
>
>     I'll leave it to the board to decide if 66% is an acceptable
>     attendance record, instead of the more stringent 75%.  Perhaps it
>     can be discussed at the board meeting, then voted upon.  I don't
>     have a personal opinion one way or another – on the one hand, you
>     want dedicated board members, but on the other hand, they're all
>     volunteers and some may not try to be on the board if there isn't
>     enough flexibility.  From what I recall, Josh was one such
>     potential candidate that wasn't sure he could meet the in-person
>     meeting requirement.
>
>     - Bil
>
>     *From:*Tobias [mailto:tobias.gondrom at owasp.org
>     <mailto:tobias.gondrom at owasp.org>]
>     *Sent:* Monday, April 27, 2015 11:29 PM
>     *To:* bil.corry at owasp.org <mailto:bil.corry at owasp.org>;
>     josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>
>     *Cc:* owasp-board at lists.owasp.org <mailto:owasp-board at lists.owasp.org>
>
>
>     *Subject:* Re: [Owasp-board] Proposed change to Section 3.03 of
>     the bylaws
>
>     Hi Bill, hi all,
>
>     thanks a lot for drafting this. We definitely need to update the
>     bylaws to reflect the new monthly meeting schedule.
>
>     But while I can see that it may seem tempting to enforce hard
>     rules of attendance for board members, I don't feel that we really
>     need it.
>
>     IMHO, lack of attendance has not been a major issue the last 2
>     years and I hope it will not be an issue in the future. So to some
>     degree it feels like over-engineering.
>     Just for last year, here is our records of attendance, which I
>     would say is a pretty well functioning board:
>     https://docs.google.com/spreadsheets/d/1wpaOCBP-qrnde0sLiglDMJOUCtse6oB-zf3ONCkWgZk/edit#gid=6
>
>     Outright removal would indeed be irresponsible, because a board
>     member might have had very good reasons (incl. illness or working
>     on activities for our own OWASP organisation) for not attending.
>
>     I can sense that you might want to cause a vote of confidence.
>     But I am not sure we really need to define such a process step,
>     but depending on my fellow board members, I would ok with that.
>
>     As for attendance ratios: personally, I feel that expulsion of an
>     elected board member from the board through a non-confidence vote
>     is still a pretty heavy step, therefore 8/12 = 66% (instead of
>     75%) should be sufficient as minimum requirement before such a
>     vote can be cast.
>
>     Overall, I hope we can continue to positively motivate people to
>     attend the board meeting, instead of threatening with a stick.
>
>     Your thoughts?
>
>     Best regards, Tobias
>
>
>
>     On 27/04/15 13:30, Bil Corry wrote:
>
>         Below is the updated proposed text.  I suggest reading through
>         it first, then come back here for my discussion about the
>         choices I made.
>
>         It's get a little tricky with the 75% since it's based on the
>         calendar year, so for example, assuming 12 monthly meetings
>         for the year, you could miss Jan, Feb, and March, but attend
>         all of the rest and still meet the attendance requirement
>         (attended 9/12 = 75%).  However, if you miss Jan, Feb, Mar,
>         and Apr, then obviously there is no way to attend 75% for the
>         entire year, the best you could hope for is (8/12 = 66%) which
>         means the vote of confidence is triggered at the point the
>         fourth meeting is missed.
>
>         The reason for having a vote of confidence instead of outright
>         removal is to allow some sanity to the policy – this allows
>         the board to take into account the factors that led to the
>         missed meetings (rescheduled meetings, personal situations, etc).
>
>         The reason cancelled meetings are still counted is so that we
>         don't end up in a situation where someone misses 4 meetings
>         (8/12 = 66% attendance), they're voted off the board, then
>         later two meetings are cancelled, and now their attendance is
>         8/10 = 80%.  Instead, those two cancelled meetings are counted
>         as attended by all board members, which keeps the attendance
>         for the voted off board member at 8/12 = 66%.  Hope that makes
>         sense.
>
>         - Bil
>
>         *PROPOSED*
>
>         *SECTION 3.03 Regular Meetings.* The Board of Directors shall
>         have regular meetings as needed.  A link to the board meeting
>         agenda’s and the historical minutes is here:
>         https://www.owasp.org/index.php/OWASP_Board_Meetings. Meetings
>         shall be at such dates, times, and places as the Board shall
>         determine in December of the preceding year and as amended by
>         the Board. In no event will there be less than one meeting per
>         quarter.  These meetings will be open to public attendance,
>         however, certain portions of the meeting may be closed to
>         board members  and their delegates when required for legal
>         reasons, or to shield liability, or to handle personnel
>         issues, or similar.  Attendance in person or virtually by
>         board members is required at no less than 75% of the total
>         meetings each year and shall be highly encouraged to meet in
>         person at least once annually at a date to be announced and
>         agreed upon.  Attendance is tabulated after every scheduled
>         meeting for the purpose of determining if the 75% attendance
>         requirement has been met, and the tabulation is based upon the
>         entire calendar year.  Cancelled meetings are considered
>         attended for the purposes of the tabulation.  Failure by a
>         board member to meet the 75% attendance requirement after any
>         tabulation will cause a mandatory vote of confidence by the
>         remaining board members, whose votes will be publicly
>         recorded.  An overall vote of "no confidence" is recorded if
>         half or more of the board members vote for it, which causes
>         the board member in question to be instantly removed from
>         their seat on the board. Vacancies on the board are handled as
>         per Section 3.10.
>
>         2 OWASP Board of Directors will hold quarterly board meetings
>         lasting 4­6 hours each. The schedule of meetings will be set
>         by the board in December before the year. It is likely the the
>         board meetings will take place on Saturdays or on a dedicated
>         day before a large OWASP conference. This change is a result
>         of the success of the longer format board meeting and also a
>         result of the Executive Director role that has enabled full
>         time involvement and focus on OWASP operations. Board members
>         must attend (in person or virtually) 3 of the 4 meetings to
>         fulfill the attendance requirements. This will take effect in
>         January, 2014. Changes passed August 19, 2013.
>
>         3 “and shall be highly encouraged to meet in person at least
>         once annually at a date to be announced and agreed upon”
>         amendment to document passed June 10, 2013.
>
>         *From:*Josh Sokol [mailto:josh.sokol at owasp.org]
>         *Sent:* Monday, April 20, 2015 11:18 PM
>         *To:* Bil Corry
>         *Cc:* Tobias; OWASP Foundation Board List
>         *Subject:* Re: [Owasp-board] Proposed change to Section 3.03
>         of the bylaws
>
>         I like the changes here for the most part, but a couple of
>         thoughts:
>
>         1) I think we need to find a way to remove the language about
>         meetings lasting 4-6 hours.  This was fine when the meetings
>         were quarterly, but when we switched to monthly the only
>         lasted about an hour.  So, if we can eliminate the meeting
>         duration from the text, I think that would be ideal.
>
>         2) Something that I've always wondered is what happens when a
>         Board member does not attend 75% of the meetings?  It says
>         that it's mandatory to attend, but what are the ramifications?
>         Forfeiture of their Board position and appointment of a new
>         Director for the duration of their seat?  It may not have ever
>         been a problem, but I witnessed it happen in our local ISSA
>         chapter and it was incredibly frustrating to have a President
>         in absencia and our VP basically had to step up and take on
>         his responsibilities and we were short a Board member the
>         whole time. If we are making changes, I'd like to see
>         something here to correct that as well.
>
>         ~josh
>
>         On Mon, Apr 20, 2015 at 3:16 AM, Bil Corry
>         <bil.corry at owasp.org <mailto:bil.corry at owasp.org>> wrote:
>
>         Below is new proposed text.  I made the following changes (you
>         can read the original here
>         <https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf>):
>
>         1.Removed the footnotes.  They were capturing the changes, but
>         there's a section at the end of the bylaws that already does
>         that.  Footnote 1 on page 4 should also be removed (and added
>         to the section at the end of the bylaws).
>
>         2.Removed all references to quarterly meetings and the number
>         of total meetings. Instead, it now stipulates the minimum
>         number of meetings required, but the board can determine how
>         many meetings total are needed for the upcoming year and can
>         now modify it as needed.
>
>         3.Changed the board member attendance requirement to a
>         percentage instead of a fixed number.
>
>         4.Clarified that while the meetings are open to the public,
>         certain portions of the meeting may be closed to just the
>         board members and their delegates.
>
>         - Bil
>
>         *PROPOSED*
>
>         *SECTION 3.03 Regular Meetings.* The Board of Directors shall
>         have regular meetings lasting 4 to ­6 hours as needed.  A link
>         to the board meeting agenda’s and the historical minutes is
>         here: https://www.owasp.org/index.php/OWASP_Board_Meetings.
>         Meetings shall be at such dates, times, and places as the
>         Board shall determine in December of the preceding year and as
>         amended by the Board. In no event will there be less than one
>         meeting per quarter.  These meetings will be open to public
>         attendance, however, certain portions of the meeting may be
>         closed to board members  and their delegates when required for
>         legal reasons, or to shield liability, or to handle personnel
>         issues, or similar.  Attendance in person or virtually by
>         board members is required at no less than 75% of the total
>         meetings each year and shall be highly encouraged to meet in
>         person at least once annually at a date to be announced and
>         agreed upon.
>
>         2 OWASP Board of Directors will hold quarterly board meetings
>         lasting 4­6 hours each. The schedule of meetings will be set
>         by the board in December before the year. It is likely the the
>         board meetings will take place on Saturdays or on a dedicated
>         day before a large OWASP conference. This change is a result
>         of the success of the longer format board meeting and also a
>         result of the Executive Director role that has enabled full
>         time involvement and focus on OWASP operations. Board members
>         must attend (in person or virtually) 3 of the 4 meetings to
>         fulfill the attendance requirements. This will take effect in
>         January, 2014. Changes passed August 19, 2013.
>
>         3 “and shall be highly encouraged to meet in person at least
>         once annually at a date to be announced and agreed upon”
>         amendment to document passed June 10, 2013.
>
>         *From:*owasp-board-bounces at lists.owasp.org
>         <mailto:owasp-board-bounces at lists.owasp.org>
>         [mailto:owasp-board-bounces at lists.owasp.org
>         <mailto:owasp-board-bounces at lists.owasp.org>] *On Behalf Of
>         *Josh Sokol
>         *Sent:* Saturday, April 04, 2015 7:55 AM
>         *To:* Tobias
>         *Cc:* OWASP Foundation Board List
>         *Subject:* Re: [Owasp-board] Proposed change to Section 3.03
>         of the bylaws
>
>         Can we adjust wih Bil's suggestion and re-propose?
>
>         ~josh
>
>         On Apr 4, 2015 12:48 AM, "Tobias" <tobias.gondrom at owasp.org
>         <mailto:tobias.gondrom at owasp.org>> wrote:
>
>         I second the proposed change.
>
>         Any discussion?
>
>         Best regards, Tobias
>
>
>
>         On 26/03/15 03:25, Jim Manico wrote:
>
>             *I propose we change section 3.03 of the bylaws to reflect
>             our return to monthly meetings:*
>
>             SECTION 3.03 Regular Meetings. The Board of Directors
>             shall have regular meetings quarterly lasting 4­6 hours as
>             needed.2 A link to the board meeting agenda’s and the
>             historical minutes is here:
>             https://www.owasp.org/index.php/OWASP_Board_Meetings
>             Meetings shall be at such dates, times, and places as the
>             Board shall determine in December of the preceding year.
>             These meetings will be open to public attendance.
>             Attendance in person or virtually by board members is
>             required at *no less than 3 of the 4 quarterly meetings
>             per year* and and shall be highly encouraged to meet in
>             person at least once annually at a date to be announced
>             and agreed upon.
>
>             To:
>
>             SECTION 3.03 Regular Meetings. The Board of Directors
>             shall have regular meetings quarterly lasting 4­6 hours as
>             needed.2 A link to the board meeting agenda’s and the
>             historical minutes is here:
>             https://www.owasp.org/index.php/OWASP_Board_Meetings
>             Meetings shall be at such dates, times, and places as the
>             Board shall determine in December of the preceding year.
>             These meetings will be open to public attendance.
>             Attendance in person or virtually by board members is
>             required at *no less than 9 of the 12 monthly meetings per
>             year* and and shall be highly encouraged to meet in person
>             at least once annually at a date to be announced and
>             agreed upon.
>
>             _______________________________________________
>
>             Owasp-board mailing list
>
>             Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>
>             https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150428/0b16e2cd/attachment-0001.html>


More information about the Owasp-board mailing list