[Owasp-board] Proposed change to Section 3.03 of the bylaws

Matt Konda matt.konda at owasp.org
Thu Apr 30 03:20:54 UTC 2015


Bil, I appreciate you spending the time to draft and update these bylaws.

We didn't get to vote on this today, but let me make my opinions known.

I think that if a board member can't make 75% of meetings, we will have
issues.  I think that needs to be a concrete expectation and one that would
only have exceptions in very special cases.  I'd rather lean toward making
it firm than making it fuzzy so that people continue to treat it as a real
expectation.

I would also note that when people are late or leave early it effectively
makes them absent for votes.  Perhaps we should define attendance as being
present for all votes.  When I'm taking minutes, I notice when people come
and go and by this measure we're closer to being under-represented than the
previous thread might suggest.

I also think that 12 x 1 hour meetings is perhaps not enough.  I would
support making the meetings 90 minutes or finding better ways to do board
work offline or prepare in advance so that we don't end up having topics we
don't have time to handle (like this item).  In my view, if we can't cover
the core agenda items, we should hold longer meetings until we develop a
process that doesn't suffer from that problem.

I don't think we should require it but I have found the weekly meetings
with the ED to be extremely helpful in staying in the loop on what the team
is doing.  I wonder if that should be noted somewhere.

That's at least 10 cents, right?

Matt


On Tue, Apr 28, 2015 at 3:44 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hi guys,
>
> I have no strong objections against 75%. I would prefer 66%, considering
> that removal from the board is a pretty heavy handed step and people these
> days are in various timezones and it may sometimes mean that you have to
> get up at 4am as Andrew did in January to attend a board meeting, which I
> feel was pretty tough.
>
> If the majority of the board is in favor of 75%, I will support that as
> well.
>
> I definitely like the new overall language, too.
>
> Thanks a lot for preparing.
>
> Tobias
>
>
> On 28/04/15 19:52, Josh Sokol wrote:
>
>  I like the new wording.  Thank you very much for putting that together
> Bil.  I would be happy to vote in favor of this change to our Bylaws.  I
> guess I would favor the 75% because, in the case of quarterly meetings,
> this means that a person would be required to attend 3 out of the 4
> meetings.  2 out of the 4 has them failing at their Board member duties
> IMHO.  In the case of monthly meetings, that still affords them to miss 3
> meetings which is still a lot in my opinion.  The difference between 75%
> and 66% in the case of monthly meetings is 4 missed meetings instead of 5.
> 66% again is one meeting shy of half.  Why even be on the Board if you're
> going to attend half of the meetings?  And, Tobias, it shouldn't matter
> whether this is an issue with the current Board.  Bylaws set expectations
> for current and future Board alike, unless they are changed.
>
>  ~josh
>
> On Tue, Apr 28, 2015 at 1:03 PM, Bil Corry <bil.corry at owasp.org> wrote:
>
>>  Hi Tobias,
>>
>>
>>
>> I'll leave it to the board to decide if 66% is an acceptable attendance
>> record, instead of the more stringent 75%.  Perhaps it can be discussed at
>> the board meeting, then voted upon.  I don't have a personal opinion one
>> way or another – on the one hand, you want dedicated board members, but on
>> the other hand, they're all volunteers and some may not try to be on the
>> board if there isn't enough flexibility.  From what I recall, Josh was one
>> such potential candidate that wasn't sure he could meet the in-person
>> meeting requirement.
>>
>>
>>
>>
>>
>> - Bil
>>
>>
>>
>> *From:* Tobias [mailto:tobias.gondrom at owasp.org]
>> *Sent:* Monday, April 27, 2015 11:29 PM
>> *To:* bil.corry at owasp.org; josh.sokol at owasp.org
>> *Cc:* owasp-board at lists.owasp.org
>>
>> *Subject:* Re: [Owasp-board] Proposed change to Section 3.03 of the
>> bylaws
>>
>>
>>
>> Hi Bill, hi all,
>>
>> thanks a lot for drafting this. We definitely need to update the bylaws
>> to reflect the new monthly meeting schedule.
>>
>> But while I can see that it may seem tempting to enforce hard rules of
>> attendance for board members, I don't feel that we really need it.
>>
>> IMHO, lack of attendance has not been a major issue the last 2 years and
>> I hope it will not be an issue in the future. So to some degree it feels
>> like over-engineering.
>> Just for last year, here is our records of attendance, which I would say
>> is a pretty well functioning board:
>>
>> https://docs.google.com/spreadsheets/d/1wpaOCBP-qrnde0sLiglDMJOUCtse6oB-zf3ONCkWgZk/edit#gid=6
>>
>> Outright removal would indeed be irresponsible, because a board member
>> might have had very good reasons (incl. illness or working on activities
>> for our own OWASP organisation) for not attending.
>>
>> I can sense that you might want to cause a vote of confidence.
>> But I am not sure we really need to define such a process step, but
>> depending on my fellow board members, I would ok with that.
>>
>> As for attendance ratios: personally, I feel that expulsion of an elected
>> board member from the board through a non-confidence vote is still a pretty
>> heavy step, therefore 8/12 = 66% (instead of 75%) should be sufficient as
>> minimum requirement before such a vote can be cast.
>>
>> Overall, I hope we can continue to positively motivate people to attend
>> the board meeting, instead of threatening with a stick.
>>
>> Your thoughts?
>>
>> Best regards, Tobias
>>
>>
>>
>> On 27/04/15 13:30, Bil Corry wrote:
>>
>> Below is the updated proposed text.  I suggest reading through it first,
>> then come back here for my discussion about the choices I made.
>>
>>
>>
>> It's get a little tricky with the 75% since it's based on the calendar
>> year, so for example, assuming 12 monthly meetings for the year, you could
>> miss Jan, Feb, and March, but attend all of the rest and still meet the
>> attendance requirement (attended 9/12 = 75%).  However, if you miss Jan,
>> Feb, Mar, and Apr, then obviously there is no way to attend 75% for the
>> entire year, the best you could hope for is (8/12 = 66%) which means the
>> vote of confidence is triggered at the point the fourth meeting is missed.
>>
>>
>>
>> The reason for having a vote of confidence instead of outright removal is
>> to allow some sanity to the policy – this allows the board to take into
>> account the factors that led to the missed meetings (rescheduled meetings,
>> personal situations, etc).
>>
>>
>>
>> The reason cancelled meetings are still counted is so that we don't end
>> up in a situation where someone misses 4 meetings (8/12 = 66% attendance),
>> they're voted off the board, then later two meetings are cancelled, and now
>> their attendance is 8/10 = 80%.  Instead, those two cancelled meetings are
>> counted as attended by all board members, which keeps the attendance for
>> the voted off board member at 8/12 = 66%.  Hope that makes sense.
>>
>>
>>
>>
>>
>> - Bil
>>
>>
>>
>>
>>
>> *PROPOSED*
>>
>>
>>
>> *SECTION 3.03 Regular Meetings.* The Board of Directors shall have
>> regular meetings as needed.  A link to the board meeting agenda’s and the
>> historical minutes is here:
>> https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall be
>> at such dates, times, and places as the Board shall determine in December
>> of the preceding year and as amended by the Board. In no event will there
>> be less than one meeting per quarter.  These meetings will be open to
>> public attendance, however, certain portions of the meeting may be closed
>> to board members  and their delegates when required for legal reasons, or
>> to shield liability, or to handle personnel issues, or similar.  Attendance
>> in person or virtually by board members is required at no less than 75% of
>> the total meetings each year and shall be highly encouraged to meet in
>> person at least once annually at a date to be announced and agreed upon.
>> Attendance is tabulated after every scheduled meeting for the purpose of
>> determining if the 75% attendance requirement has been met, and the
>> tabulation is based upon the entire calendar year.  Cancelled meetings are
>> considered attended for the purposes of the tabulation.  Failure by a board
>> member to meet the 75% attendance requirement after any tabulation will
>> cause a mandatory vote of confidence by the remaining board members, whose
>> votes will be publicly recorded.  An overall vote of "no confidence" is
>> recorded if half or more of the board members vote for it, which causes the
>> board member in question to be instantly removed from their seat on the
>> board.  Vacancies on the board are handled as per Section 3.10.
>>
>>
>>
>>
>>
>> 2 OWASP Board of Directors will hold quarterly board meetings lasting 4­6
>> hours each. The schedule of meetings will be set by the board in December
>> before the year. It is likely the the board meetings will take place on
>> Saturdays or on a dedicated day before a large OWASP conference. This
>> change is a result of the success of the longer format board meeting and
>> also a result of the Executive Director role that has enabled full time
>> involvement and focus on OWASP operations. Board members must attend (in
>> person or virtually) 3 of the 4 meetings to fulfill the attendance
>> requirements. This will take effect in January, 2014. Changes passed August
>> 19, 2013.
>>
>> 3 “and shall be highly encouraged to meet in person at least once
>> annually at a date to be announced and agreed upon” amendment to document
>> passed June 10, 2013.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* Josh Sokol [mailto:josh.sokol at owasp.org <josh.sokol at owasp.org>]
>> *Sent:* Monday, April 20, 2015 11:18 PM
>> *To:* Bil Corry
>> *Cc:* Tobias; OWASP Foundation Board List
>> *Subject:* Re: [Owasp-board] Proposed change to Section 3.03 of the
>> bylaws
>>
>>
>>
>> I like the changes here for the most part, but a couple of thoughts:
>>
>> 1) I think we need to find a way to remove the language about meetings
>> lasting 4-6 hours.  This was fine when the meetings were quarterly, but
>> when we switched to monthly the only lasted about an hour.  So, if we can
>> eliminate the meeting duration from the text, I think that would be ideal.
>>
>> 2) Something that I've always wondered is what happens when a Board
>> member does not attend 75% of the meetings?  It says that it's mandatory to
>> attend, but what are the ramifications?  Forfeiture of their Board position
>> and appointment of a new Director for the duration of their seat?  It may
>> not have ever been a problem, but I witnessed it happen in our local ISSA
>> chapter and it was incredibly frustrating to have a President in absencia
>> and our VP basically had to step up and take on his responsibilities and we
>> were short a Board member the whole time.  If we are making changes, I'd
>> like to see something here to correct that as well.
>>
>> ~josh
>>
>>
>>
>> On Mon, Apr 20, 2015 at 3:16 AM, Bil Corry <bil.corry at owasp.org> wrote:
>>
>> Below is new proposed text.  I made the following changes (you can read
>> the original here
>> <https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf>):
>>
>>
>>
>> 1.    Removed the footnotes.  They were capturing the changes, but
>> there's a section at the end of the bylaws that already does that.
>> Footnote 1 on page 4 should also be removed (and added to the section at
>> the end of the bylaws).
>>
>> 2.    Removed all references to quarterly meetings and the number of
>> total meetings.  Instead, it now stipulates the minimum number of meetings
>> required, but the board can determine how many meetings total are needed
>> for the upcoming year and can now modify it as needed.
>>
>> 3.    Changed the board member attendance requirement to a percentage
>> instead of a fixed number.
>>
>> 4.    Clarified that while the meetings are open to the public, certain
>> portions of the meeting may be closed to just the board members and their
>> delegates.
>>
>>
>>
>>
>>
>> - Bil
>>
>>
>>
>>
>>
>> *PROPOSED*
>>
>>
>>
>> *SECTION 3.03 Regular Meetings.* The Board of Directors shall have
>> regular meetings lasting 4 to ­6 hours as needed.  A link to the board
>> meeting agenda’s and the historical minutes is here:
>> https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall be
>> at such dates, times, and places as the Board shall determine in December
>> of the preceding year and as amended by the Board. In no event will there
>> be less than one meeting per quarter.  These meetings will be open to
>> public attendance, however, certain portions of the meeting may be closed
>> to board members  and their delegates when required for legal reasons, or
>> to shield liability, or to handle personnel issues, or similar.  Attendance
>> in person or virtually by board members is required at no less than 75% of
>> the total meetings each year and shall be highly encouraged to meet in
>> person at least once annually at a date to be announced and agreed upon.
>>
>>
>>
>>
>>
>> 2 OWASP Board of Directors will hold quarterly board meetings lasting 4­6
>> hours each. The schedule of meetings will be set by the board in December
>> before the year. It is likely the the board meetings will take place on
>> Saturdays or on a dedicated day before a large OWASP conference. This
>> change is a result of the success of the longer format board meeting and
>> also a result of the Executive Director role that has enabled full time
>> involvement and focus on OWASP operations. Board members must attend (in
>> person or virtually) 3 of the 4 meetings to fulfill the attendance
>> requirements. This will take effect in January, 2014. Changes passed August
>> 19, 2013.
>>
>> 3 “and shall be highly encouraged to meet in person at least once
>> annually at a date to be announced and agreed upon” amendment to document
>> passed June 10, 2013.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* owasp-board-bounces at lists.owasp.org [mailto:
>> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Josh Sokol
>> *Sent:* Saturday, April 04, 2015 7:55 AM
>> *To:* Tobias
>> *Cc:* OWASP Foundation Board List
>> *Subject:* Re: [Owasp-board] Proposed change to Section 3.03 of the
>> bylaws
>>
>>
>>
>> Can we adjust wih Bil's suggestion and re-propose?
>>
>> ~josh
>>
>> On Apr 4, 2015 12:48 AM, "Tobias" <tobias.gondrom at owasp.org> wrote:
>>
>> I second the proposed change.
>>
>> Any discussion?
>>
>> Best regards, Tobias
>>
>>
>>
>> On 26/03/15 03:25, Jim Manico wrote:
>>
>>   *I propose we change section 3.03 of the bylaws to reflect our return
>> to monthly meetings:*
>>
>> SECTION 3.03 Regular Meetings. The Board of Directors shall have regular
>> meetings quarterly lasting 4­6 hours as needed.2 A link to the board
>> meeting agenda’s and the historical minutes is here:
>> https://www.owasp.org/index.php/OWASP_Board_Meetings Meetings shall be
>> at such dates, times, and places as the Board shall determine in December
>> of the preceding year. These meetings will be open to public attendance.
>> Attendance in person or virtually by board members is required at *no
>> less than 3 of the 4 quarterly meetings per year* and and shall be
>> highly encouraged to meet in person at least once annually at a date to be
>> announced and agreed upon.
>>
>> To:
>>
>> SECTION 3.03 Regular Meetings. The Board of Directors shall have regular
>> meetings quarterly lasting 4­6 hours as needed.2 A link to the board
>> meeting agenda’s and the historical minutes is here:
>> https://www.owasp.org/index.php/OWASP_Board_Meetings Meetings shall be
>> at such dates, times, and places as the Board shall determine in December
>> of the preceding year. These meetings will be open to public attendance.
>> Attendance in person or virtually by board members is required at *no
>> less than 9 of the 12 monthly meetings per year* and and shall be highly
>> encouraged to meet in person at least once annually at a date to be
>> announced and agreed upon.
>>
>>
>>
>> _______________________________________________
>>
>> Owasp-board mailing list
>>
>> Owasp-board at lists.owasp.org
>>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150429/f9b2feb1/attachment-0001.html>


More information about the Owasp-board mailing list