[Owasp-board] Discussion on Proposal 6

Josh Sokol josh.sokol at owasp.org
Fri Oct 9 02:20:36 UTC 2015


Here is the current text for proposal 6:

*If a request for funding has been approved for one chapter or project,
then it can be considered an acceptable expense for all chapters or
projects.  If they have an account balance which covers that expense in
full, then they should be considered pre-approved for spending.*

*Tobias:*
I agree in spirit, but I think this needs clarification and am a bit
concerned about liberal interpretations of what is the same expense type.
Expenses tend to not be exactly identical and I like to safe chapter and
project leads from searching the public expense lists for precedence. As
one example if a flight ticket is approved for a chapter leader to attend
the AppSec chapter leader workshop, that should not mean we also approve a
flight ticket to Bahamas for holiday for another chapter leader.
Technically both are flight expenses for chapter leaders. (I know I am
splitting hairs...)

Suggested revision:
Proposal 6: If a request for funding has been approved for one chapter or
project, then it can be considered an acceptable expense for all chapters
or projects. Our operations team shall periodically (at least once every 3
months) review the list of published expenses and if new expense types come
up add them to the published list of acceptable expenses. If the chapters
or projects have an account balance which covers that expense in full, then
they should be considered pre-approved for spending.

*Josh:*
I think that we need to trust people to do the right thing.  To my
knowledge, we have never had a person try to request reimbursement for a
trip to the Bahamas because someone got a flight paid for to AppSec.  Also,
keep in mind that this is a reimbursement process so our Operations Team
determines whether a request is legit.  To me, it would seem like you're
putting a lot of extra work on the Ops Team with little added benefit since
they are still going to have to find a way to write it up so that it will
not be misinterpreted.  I think we have reasonable controls in place to
prevent abuse and our liability here is minimal.  I don't see a need to
revise it in this manner.

*Tobias:*
Well, I don't think to maintain a list of good examples is unnecessarily
heavy workload. And in the long run, searching through a long unstructured
list of published expense claims will be more work load for both the staff
and the community to check for good expense precedents. If we do this one
time per quarter, the effort is clearly limited. If we (staff and leaders)
have to review an unlimited year long list for precedent, this seems much
more effort.

*Josh:*
In theory we are supposed to be maintaining a list of good examples
already.  Some of them are listed in the Chapter and Project Leader
Handbooks.  That said, they aren't anywhere close to all of the possible
things one would want to spend their money on.  The idea here was simply to
maintain the running list of all expenses that are approved or denied
(proposal 5) and use that to drive spending.  Again, I think this comes
down to a matter of trust.  We need to trust our Leaders to do the right
thing.  We need to trust the staff to ensure that the reimbursement is
legitimate before sending them a check.  With so many complaints about
difficulties withe the reimbursement process (as much as I've never seen
them), we should be looking for ways to strip away the red tape, not add
more of it.

~josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151008/c9d32d92/attachment-0001.html>


More information about the Owasp-board mailing list