[Owasp-board] OWASP Funding Proposal

Josh Sokol josh.sokol at owasp.org
Fri Oct 9 01:16:23 UTC 2015


I have held off on proposals 4 and 6 for the time being while we figure out
the wording and intent and will start a separate discussion on those.  In
the meantime, I have put forth the other proposals as individual motions so
that we can separate discussion and voting appropriately.

~josh

On Thu, Oct 8, 2015 at 5:15 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> My thoughts below:
>
>
>> Proposal 1: Agreed. But if I recall correctly your proposal #1 was
>> already approved at the last board meeting. So I think we can consider that
>> done.
>>
>
> Yes, Proposal 1 was approved at the last Board meeting.
>
> Proposal 2: Agreed
>>
>
> Cool.
>
> *Proposal 3: **needs clarification*
>> I think we need to spell out what we mean with an "active chapter" as we
>> are using the term as a criteria in proposal 3? Is that a mailing-list with
>> no traffic and no meetings, but two leaders on the wiki page? Or would
>> "active" mean they have some meetings and maybe a handful of members? My
>> proposal for the definition of "active chapter" would be something like at
>> least 3 emails on the mailing-list in the last year, at least one meeting
>> and at least 5 members. Is this enough to count as active? For "active
>> projects", I am less clear what is an active project? Just a project page
>> with no content and no communication or subscribers on the mailing-list
>> except for the two leaders? Would this already be an active project? Any
>> thoughts how we can describe this term from proposal 3?
>>
>
> The concept of an "active chapter" is defined in Section 2.2 of the
> Chapter Leader Handbook
> <https://owasp.org/index.php/Chapter_Handbook/Chapter_2:_Mandatory_Chapter_Rules#Hold_a_minimum_of_2_local_chapter_meetings_or_events_each_year>.
> I do not intend to revise that definition as part of this effort.  If you
> believe that the definition needs work, then I would recommend a separate
> effort to identify and clarify in that document.  Likewise, I believe that
> Johanna worked to define requirements around what it means to be an "active
> project" and undertook an effort to clean out inactives.  If we would like
> to add language along the lines of "as defined in the Chapter and Project
> Leader Handbooks", then I am OK with that, but I would prefer to leave the
> definition of "active" out of the proposal itself as it's something that is
> likely to change over time.
>
> Proposal 4: "Upon creation of a new project or chapter, as long as they
>> have at least two leaders they will be allocated a $500 budget to begin
>> with."
>> *COMMENT: *I have been thinking a bit more on Michael's comment last
>> night to reward activity. And I think some reward mechanism for chapter
>> activity and project status would be right. IMO we should be consistent and
>> apply the same criteria for "active" as we did in proposal 3.
>>
>
> I disagree here.  The biggest struggle for new chapter and project leaders
> is getting funding.  We need to eliminate that struggle.  Obviously,
> chapters and projects are still subject to requirements and approval by our
> ops team, as they are today, and that should weed out any issues.  Also,
> think about the current value of being an OWASP chapter or project leader.
> If our goal is to attract more of these types of people to OWASP, then $500
> seems like a pretty small amount in the grand scheme of things to
> incentivize them to do so.
>
> Proposal 5: Agreed
>>
>
> Cool.
>
> *Proposal 6: propose minor revision of wording to clarify*
>> > Proposal 6: If a request for funding has been approved for one chapter
>> or project, then it can be considered an acceptable
>> > expense for all chapters or projects.  If they have an account balance
>> which covers that expense in full, then they should
>> > be considered pre-approved for spending.
>>
>> I agree in spirit, but I think this needs clarification and am a bit
>> concerned about liberal interpretations of what is the same expense type.
>> Expenses tend to not be exactly identical and I like to safe chapter and
>> project leads from searching the public expense lists for precedence. As
>> one example if a flight ticket is approved for a chapter leader to attend
>> the AppSec chapter leader workshop, that should not mean we also approve a
>> flight ticket to Bahamas for holiday for another chapter leader.
>> Technically both are flight expenses for chapter leaders. (I know I am
>> splitting hairs...)
>>
>> *Suggested revision: *
>> Proposal 6: If a request for funding has been approved for one chapter or
>> project, then it can be considered an acceptable expense for all chapters
>> or projects. Our operations team shall periodically (at least once every 3
>> months) review the list of published expenses and if new expense types come
>> up add them to the published list of acceptable expenses. If the chapters
>> or projects have an account balance which covers that expense in full, then
>> they should be considered pre-approved for spending.
>>
>
> I think that we need to trust people to do the right thing.  To my
> knowledge, we have never had a person try to request reimbursement for a
> trip to the Bahamas because someone got a flight paid for to AppSec.  Also,
> keep in mind that this is a reimbursement process so our Operations Team
> determines whether a request is legit.  To me, it would seem like you're
> putting a lot of extra work on the Ops Team with little added benefit since
> they are still going to have to find a way to write it up so that it will
> not be misinterpreted.  I think we have reasonable controls in place to
> prevent abuse and our liability here is minimal.  I don't see a need to
> revise it in this manner.
>
> Proposal 7: Agreed.
>> (Personally for me bi-monthly or quarterly would also be ok, but am also
>> in agreement with monthly. )
>>
>
> Cool.  I would prefer to do it monthly because that is what it is
> currently and I see no reason to lessen that given that they are working
> towards automating the process.
>
> Proposal 8: Agreed.
>>
>
> Cool.
>
> Revised Proposal 9: Agreed.
>> (on a note: technically, this is already the case today, but I don't mind
>> making this more explicit.)
>>
>
> Cool.  Yeah, I agree that this is technically the case today.  The goal
> was very much to make the process more explicit.
>
> Revised Proposal 10: Agreed.
>>
>
> Cool.
>
> *New Proposal 11: *
>> Building on Michael's and your comment about rewarding active projects. I
>> very much like that idea!
>> And I would have a friendly additional proposal.
>> Proposal 11:
>> Any project newly reaching lab status receives a one-time extra USD500
>> into their project account.
>> Any project newly reaching flagship status receives a one-time extra
>> USD1000 into their project account.
>>
>> This could add some nice gamification feature for projects that are often
>> underfunded and could make the maturity status of projects more exciting.
>> What do you think about that?
>>
>
> I like it, though, keep in mind that this could end up being in addition
> to $500 that they haven't spent yet.  Could we modify it to instead say:
>
> *Proposal 11:*
> Any project newly reaching lab status with an account balance less than
> $500 will be brought to $500 as long as there are at least two active
> leaders at that time.  Any project newly reaching flagship status with an
> account balance less than $1000 will be brought to $1000 as long as there
> are at least two active leaders at that time.
>
> That prevents us from adding money to an account with an already large
> amount of unspent funds, compounding the problem, and continues the
> requirement of at least two active leaders.
>
> ~josh
>
> On Thu, Oct 8, 2015 at 2:15 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>> Hi Josh,
>>
>> I gave my feedback during the last board meeting.
>>
>> But let me provide feedback in a more structured way going through the
>> latest list.
>> I agree with nearly all of them. Only for for some, I think we need to
>> clarify a little bit more.
>>
>> Proposal 1: Agreed. But if I recall correctly your proposal #1 was
>> already approved at the last board meeting. So I think we can consider that
>> done.
>>
>>
>> Proposal 2: Agreed
>>
>> *Proposal 3: **needs clarification*
>> I think we need to spell out what we mean with an "active chapter" as we
>> are using the term as a criteria in proposal 3? Is that a mailing-list with
>> no traffic and no meetings, but two leaders on the wiki page? Or would
>> "active" mean they have some meetings and maybe a handful of members? My
>> proposal for the definition of "active chapter" would be something like at
>> least 3 emails on the mailing-list in the last year, at least one meeting
>> and at least 5 members. Is this enough to count as active? For "active
>> projects", I am less clear what is an active project? Just a project page
>> with no content and no communication or subscribers on the mailing-list
>> except for the two leaders? Would this already be an active project? Any
>> thoughts how we can describe this term from proposal 3?
>>
>> Proposal 4: "Upon creation of a new project or chapter, as long as they
>> have at least two leaders they will be allocated a $500 budget to begin
>> with."
>> *COMMENT: *I have been thinking a bit more on Michael's comment last
>> night to reward activity. And I think some reward mechanism for chapter
>> activity and project status would be right. IMO we should be consistent and
>> apply the same criteria for "active" as we did in proposal 3.
>>
>> Proposal 5: Agreed
>>
>> *Proposal 6: propose minor revision of wording to clarify*
>> > Proposal 6: If a request for funding has been approved for one chapter
>> or project, then it can be considered an acceptable
>> > expense for all chapters or projects.  If they have an account balance
>> which covers that expense in full, then they should
>> > be considered pre-approved for spending.
>>
>> I agree in spirit, but I think this needs clarification and am a bit
>> concerned about liberal interpretations of what is the same expense type.
>> Expenses tend to not be exactly identical and I like to safe chapter and
>> project leads from searching the public expense lists for precedence. As
>> one example if a flight ticket is approved for a chapter leader to attend
>> the AppSec chapter leader workshop, that should not mean we also approve a
>> flight ticket to Bahamas for holiday for another chapter leader.
>> Technically both are flight expenses for chapter leaders. (I know I am
>> splitting hairs...)
>>
>> *Suggested revision: *
>> Proposal 6: If a request for funding has been approved for one chapter or
>> project, then it can be considered an acceptable expense for all chapters
>> or projects. Our operations team shall periodically (at least once every 3
>> months) review the list of published expenses and if new expense types come
>> up add them to the published list of acceptable expenses. If the chapters
>> or projects have an account balance which covers that expense in full, then
>> they should be considered pre-approved for spending.
>>
>>
>> Proposal 7: Agreed.
>> (Personally for me bi-monthly or quarterly would also be ok, but am also
>> in agreement with monthly. )
>>
>> Proposal 8: Agreed.
>>
>> Revised Proposal 9: Agreed.
>> (on a note: technically, this is already the case today, but I don't mind
>> making this more explicit.)
>>
>> Revised Proposal 10: Agreed.
>>
>>
>> *New Proposal 11: *
>> Building on Michael's and your comment about rewarding active projects. I
>> very much like that idea!
>> And I would have a friendly additional proposal.
>> Proposal 11:
>> Any project newly reaching lab status receives a one-time extra USD500
>> into their project account.
>> Any project newly reaching flagship status receives a one-time extra
>> USD1000 into their project account.
>>
>> This could add some nice gamification feature for projects that are often
>> underfunded and could make the maturity status of projects more exciting.
>> What do you think about that?
>>
>> Best regards, Tobias
>>
>>
>> Ps.: our next board meeting is on October 14th. I propose to simply add
>> this to the agenda there. If we can resolve the clarification items, I am
>> also ok to e-vote on them before that.
>>
>>
>>
>> On 08/10/15 05:54, Josh Sokol wrote:
>>
>> Board,
>>
>> Almost two weeks has past since my funding proposal was put on hold at
>> the September Board Meeting.  It's been put out for the community to
>> comment on and, after some discussion, I made a couple of subtle tweaks for
>> clarification purposes to proposals 9 and 10, but it is otherwise pretty
>> much the same proposal as what I had originally presented.  We have had a
>> couple of members of the community communicate in favor of the plan.  The
>> two dissenters, Azzedine and Richard, have been addressed after a
>> clarification of the wording and intent.  The only Board member who I have
>> received feedback on it during this time period is Jim, and I believe he
>> stated that his issues have been sufficiently addressed.  Are there any
>> other concerns out there before it can be brought to a vote?  Here are the
>> current proposals:
>>
>>
>> https://www.owasp.org/index.php/Proposal_for_2015-09-25_OWASP_Board_Meeting
>>
>> If there are no further comments and we feel that two weeks is a
>> sufficient time for feedback, then I would like to proceed with an e-mail
>> vote so that we do not have to waste additional time on it during the
>> October Board Meeting.  Thoughts?
>>
>> ~josh
>>
>>
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151008/2a152b21/attachment-0001.html>


More information about the Owasp-board mailing list