[Owasp-board] OWASP Funding Proposal

Josh Sokol josh.sokol at owasp.org
Thu Oct 8 22:15:25 UTC 2015


My thoughts below:


> Proposal 1: Agreed. But if I recall correctly your proposal #1 was already
> approved at the last board meeting. So I think we can consider that done.
>

Yes, Proposal 1 was approved at the last Board meeting.

Proposal 2: Agreed
>

Cool.

*Proposal 3: **needs clarification*
> I think we need to spell out what we mean with an "active chapter" as we
> are using the term as a criteria in proposal 3? Is that a mailing-list with
> no traffic and no meetings, but two leaders on the wiki page? Or would
> "active" mean they have some meetings and maybe a handful of members? My
> proposal for the definition of "active chapter" would be something like at
> least 3 emails on the mailing-list in the last year, at least one meeting
> and at least 5 members. Is this enough to count as active? For "active
> projects", I am less clear what is an active project? Just a project page
> with no content and no communication or subscribers on the mailing-list
> except for the two leaders? Would this already be an active project? Any
> thoughts how we can describe this term from proposal 3?
>

The concept of an "active chapter" is defined in Section 2.2 of the Chapter
Leader Handbook
<https://owasp.org/index.php/Chapter_Handbook/Chapter_2:_Mandatory_Chapter_Rules#Hold_a_minimum_of_2_local_chapter_meetings_or_events_each_year>.
I do not intend to revise that definition as part of this effort.  If you
believe that the definition needs work, then I would recommend a separate
effort to identify and clarify in that document.  Likewise, I believe that
Johanna worked to define requirements around what it means to be an "active
project" and undertook an effort to clean out inactives.  If we would like
to add language along the lines of "as defined in the Chapter and Project
Leader Handbooks", then I am OK with that, but I would prefer to leave the
definition of "active" out of the proposal itself as it's something that is
likely to change over time.

Proposal 4: "Upon creation of a new project or chapter, as long as they
> have at least two leaders they will be allocated a $500 budget to begin
> with."
> *COMMENT: *I have been thinking a bit more on Michael's comment last
> night to reward activity. And I think some reward mechanism for chapter
> activity and project status would be right. IMO we should be consistent and
> apply the same criteria for "active" as we did in proposal 3.
>

I disagree here.  The biggest struggle for new chapter and project leaders
is getting funding.  We need to eliminate that struggle.  Obviously,
chapters and projects are still subject to requirements and approval by our
ops team, as they are today, and that should weed out any issues.  Also,
think about the current value of being an OWASP chapter or project leader.
If our goal is to attract more of these types of people to OWASP, then $500
seems like a pretty small amount in the grand scheme of things to
incentivize them to do so.

Proposal 5: Agreed
>

Cool.

*Proposal 6: propose minor revision of wording to clarify*
> > Proposal 6: If a request for funding has been approved for one chapter
> or project, then it can be considered an acceptable
> > expense for all chapters or projects.  If they have an account balance
> which covers that expense in full, then they should
> > be considered pre-approved for spending.
>
> I agree in spirit, but I think this needs clarification and am a bit
> concerned about liberal interpretations of what is the same expense type.
> Expenses tend to not be exactly identical and I like to safe chapter and
> project leads from searching the public expense lists for precedence. As
> one example if a flight ticket is approved for a chapter leader to attend
> the AppSec chapter leader workshop, that should not mean we also approve a
> flight ticket to Bahamas for holiday for another chapter leader.
> Technically both are flight expenses for chapter leaders. (I know I am
> splitting hairs...)
>
> *Suggested revision: *
> Proposal 6: If a request for funding has been approved for one chapter or
> project, then it can be considered an acceptable expense for all chapters
> or projects. Our operations team shall periodically (at least once every 3
> months) review the list of published expenses and if new expense types come
> up add them to the published list of acceptable expenses. If the chapters
> or projects have an account balance which covers that expense in full, then
> they should be considered pre-approved for spending.
>

I think that we need to trust people to do the right thing.  To my
knowledge, we have never had a person try to request reimbursement for a
trip to the Bahamas because someone got a flight paid for to AppSec.  Also,
keep in mind that this is a reimbursement process so our Operations Team
determines whether a request is legit.  To me, it would seem like you're
putting a lot of extra work on the Ops Team with little added benefit since
they are still going to have to find a way to write it up so that it will
not be misinterpreted.  I think we have reasonable controls in place to
prevent abuse and our liability here is minimal.  I don't see a need to
revise it in this manner.

Proposal 7: Agreed.
> (Personally for me bi-monthly or quarterly would also be ok, but am also
> in agreement with monthly. )
>

Cool.  I would prefer to do it monthly because that is what it is currently
and I see no reason to lessen that given that they are working towards
automating the process.

Proposal 8: Agreed.
>

Cool.

Revised Proposal 9: Agreed.
> (on a note: technically, this is already the case today, but I don't mind
> making this more explicit.)
>

Cool.  Yeah, I agree that this is technically the case today.  The goal was
very much to make the process more explicit.

Revised Proposal 10: Agreed.
>

Cool.

*New Proposal 11: *
> Building on Michael's and your comment about rewarding active projects. I
> very much like that idea!
> And I would have a friendly additional proposal.
> Proposal 11:
> Any project newly reaching lab status receives a one-time extra USD500
> into their project account.
> Any project newly reaching flagship status receives a one-time extra
> USD1000 into their project account.
>
> This could add some nice gamification feature for projects that are often
> underfunded and could make the maturity status of projects more exciting.
> What do you think about that?
>

I like it, though, keep in mind that this could end up being in addition to
$500 that they haven't spent yet.  Could we modify it to instead say:

*Proposal 11:*
Any project newly reaching lab status with an account balance less than
$500 will be brought to $500 as long as there are at least two active
leaders at that time.  Any project newly reaching flagship status with an
account balance less than $1000 will be brought to $1000 as long as there
are at least two active leaders at that time.

That prevents us from adding money to an account with an already large
amount of unspent funds, compounding the problem, and continues the
requirement of at least two active leaders.

~josh

On Thu, Oct 8, 2015 at 2:15 PM, Tobias <tobias.gondrom at owasp.org> wrote:

> Hi Josh,
>
> I gave my feedback during the last board meeting.
>
> But let me provide feedback in a more structured way going through the
> latest list.
> I agree with nearly all of them. Only for for some, I think we need to
> clarify a little bit more.
>
> Proposal 1: Agreed. But if I recall correctly your proposal #1 was already
> approved at the last board meeting. So I think we can consider that done.
>
>
> Proposal 2: Agreed
>
> *Proposal 3: **needs clarification*
> I think we need to spell out what we mean with an "active chapter" as we
> are using the term as a criteria in proposal 3? Is that a mailing-list with
> no traffic and no meetings, but two leaders on the wiki page? Or would
> "active" mean they have some meetings and maybe a handful of members? My
> proposal for the definition of "active chapter" would be something like at
> least 3 emails on the mailing-list in the last year, at least one meeting
> and at least 5 members. Is this enough to count as active? For "active
> projects", I am less clear what is an active project? Just a project page
> with no content and no communication or subscribers on the mailing-list
> except for the two leaders? Would this already be an active project? Any
> thoughts how we can describe this term from proposal 3?
>
> Proposal 4: "Upon creation of a new project or chapter, as long as they
> have at least two leaders they will be allocated a $500 budget to begin
> with."
> *COMMENT: *I have been thinking a bit more on Michael's comment last
> night to reward activity. And I think some reward mechanism for chapter
> activity and project status would be right. IMO we should be consistent and
> apply the same criteria for "active" as we did in proposal 3.
>
> Proposal 5: Agreed
>
> *Proposal 6: propose minor revision of wording to clarify*
> > Proposal 6: If a request for funding has been approved for one chapter
> or project, then it can be considered an acceptable
> > expense for all chapters or projects.  If they have an account balance
> which covers that expense in full, then they should
> > be considered pre-approved for spending.
>
> I agree in spirit, but I think this needs clarification and am a bit
> concerned about liberal interpretations of what is the same expense type.
> Expenses tend to not be exactly identical and I like to safe chapter and
> project leads from searching the public expense lists for precedence. As
> one example if a flight ticket is approved for a chapter leader to attend
> the AppSec chapter leader workshop, that should not mean we also approve a
> flight ticket to Bahamas for holiday for another chapter leader.
> Technically both are flight expenses for chapter leaders. (I know I am
> splitting hairs...)
>
> *Suggested revision: *
> Proposal 6: If a request for funding has been approved for one chapter or
> project, then it can be considered an acceptable expense for all chapters
> or projects. Our operations team shall periodically (at least once every 3
> months) review the list of published expenses and if new expense types come
> up add them to the published list of acceptable expenses. If the chapters
> or projects have an account balance which covers that expense in full, then
> they should be considered pre-approved for spending.
>
>
> Proposal 7: Agreed.
> (Personally for me bi-monthly or quarterly would also be ok, but am also
> in agreement with monthly. )
>
> Proposal 8: Agreed.
>
> Revised Proposal 9: Agreed.
> (on a note: technically, this is already the case today, but I don't mind
> making this more explicit.)
>
> Revised Proposal 10: Agreed.
>
>
> *New Proposal 11: *
> Building on Michael's and your comment about rewarding active projects. I
> very much like that idea!
> And I would have a friendly additional proposal.
> Proposal 11:
> Any project newly reaching lab status receives a one-time extra USD500
> into their project account.
> Any project newly reaching flagship status receives a one-time extra
> USD1000 into their project account.
>
> This could add some nice gamification feature for projects that are often
> underfunded and could make the maturity status of projects more exciting.
> What do you think about that?
>
> Best regards, Tobias
>
>
> Ps.: our next board meeting is on October 14th. I propose to simply add
> this to the agenda there. If we can resolve the clarification items, I am
> also ok to e-vote on them before that.
>
>
>
> On 08/10/15 05:54, Josh Sokol wrote:
>
> Board,
>
> Almost two weeks has past since my funding proposal was put on hold at the
> September Board Meeting.  It's been put out for the community to comment on
> and, after some discussion, I made a couple of subtle tweaks for
> clarification purposes to proposals 9 and 10, but it is otherwise pretty
> much the same proposal as what I had originally presented.  We have had a
> couple of members of the community communicate in favor of the plan.  The
> two dissenters, Azzedine and Richard, have been addressed after a
> clarification of the wording and intent.  The only Board member who I have
> received feedback on it during this time period is Jim, and I believe he
> stated that his issues have been sufficiently addressed.  Are there any
> other concerns out there before it can be brought to a vote?  Here are the
> current proposals:
>
> https://www.owasp.org/index.php/Proposal_for_2015-09-25_OWASP_Board_Meeting
>
> If there are no further comments and we feel that two weeks is a
> sufficient time for feedback, then I would like to proceed with an e-mail
> vote so that we do not have to waste additional time on it during the
> October Board Meeting.  Thoughts?
>
> ~josh
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151008/52640f31/attachment-0001.html>


More information about the Owasp-board mailing list