[Owasp-board] Discussion on Proposal 4
jim.manico at owasp.org
Fri Oct 9 20:52:09 UTC 2015
I have read all of the conversation and discussion carefully an I voted
YES on all 11 of these proposals.
On 10/9/15 10:49 PM, Tobias wrote:
> As our mailing-list got a bit swamped, this might have got lost in the
> hundred voting emails, do we have any further discussion elements on
> this one?
> And if people like vote on this, can they please confirm that they
> have at least acknowledged this discussion when casting their vote?
> Thanks, Tobias
> On 09/10/15 14:29, Andrew van der Stock wrote:
>> At the moment, and I would love to hear from the large project
>> leaders here too, is that prior to this initiative, it was too hard
>> for projects to spend money on anything really useful.
>> I worked with Sam and applied for DHS grants expecting to be able to
>> take some time off to work on the Developer Guide. The brouhaha was
>> so much that I never felt I could use the granted DHS grant money
>> granted specifically for us to work on the Developer Guide to work on
>> the Developer Guide. In the end, I used some of the funds to go
>> AppSec USA 2013 to try and build some community, but was put into a
>> really small room, and I ended up speaking to 10 folks who already
>> knew about the Dev Guide. I got more out of the Project Summit than I
>> did out of my talk.
>> I don't want to get stuck into the past problems as we're trying to
>> solve a general problem here, but giving new projects $500 when it's
>> really hard for them to spend that money on anything useful is ...
>> another form of ring fencing.
>> I am prepared to be proven wrong, but I would hate for $500 * 130 =
>> $65k to be so thinly spread that no one project can't do anything
>> useful with it, but all projects as a whole have $65k less than they
>> do today. This is the problem with the entire Community Engagement
>> Funding, which unless you knew it existed, also doesn't get spent.
>> You've already used CEF as an example of projects not spending money
>> in previous go arounds on this topic.
>> My view right now is not to vote yes on this one until we have a
>> really good discussion about eliminating barriers for projects to
>> spend their funds. This might need to be done later with a second
>> proposal to work out a perpetual project summit budget, or
>> alternative ideas such as VPS credits with our labs solution.
>> On Fri, Oct 9, 2015 at 1:10 PM, Josh Sokol <josh.sokol at owasp.org
>> <mailto:josh.sokol at owasp.org>> wrote:
>> Here is the current text for proposal 4:
>> *Upon creation of a new project or chapter, as long as they have
>> at least two leaders they will be allocated a $500 budget to
>> begin with.*
>> COMMENT: I have been thinking a bit more on Michael's comment
>> last night to reward activity. And I think some reward mechanism
>> for chapter activity and project status would be right. IMO we
>> should be consistent and apply the same criteria for "active" as
>> we did in proposal 3.
>> I disagree here. The biggest struggle for new chapter and
>> project leaders is getting funding. We need to eliminate that
>> struggle. Obviously, chapters and projects are still subject to
>> requirements and approval by our ops team, as they are today, and
>> that should weed out any issues. Also, think about the current
>> value of being an OWASP chapter or project leader. If our goal
>> is to attract more of these types of people to OWASP, then $500
>> seems like a pretty small amount in the grand scheme of things to
>> incentivize them to do so.
>> Noted. I can see your point.
>> But, we may have a different perception on the requirements and
>> approval process by the ops team to create a new chapter/project.
>> In my understanding, today, the barrier to setting up a chapter
>> or project is intentionally very very low. Close to zero.
>> Basically anyone can do it with close to zero evidence. So, I am
>> here a bit more on the side of caution. My concern is to manage
>> the potential risk of abuse. Call it "fiduciary ...". I trust
>> our community, but independent of trust, we also are responsible
>> (and legally obliged) to put sufficient controls in place before
>> releasing charity funds. With an active chapter or project there
>> are at least some community review controls in place. I am
>> concerned that we would not fulfil our fiduciary duty of
>> protecting foundation money against fraud risks if we assign
>> money immediately without the need for the chapter/project to be
>> active. That is the reason why I proposed this alternative.
>> Do you and others think I am overprotective?
>> It would be helpful for me to hear some further board members'
>> opinion on that before moving to a vote.
>> (On a note: Thinking about it, another way to achieve a higher
>> minimum control of expenses for new projects could be to add some
>> extra review for a new chapter/project expense (e.g. by the ops
>> team, or maybe an active neighbour chapter) before we sign-off on
>> The barrier may be low, but it is definitely not zero. Noreen
>> provided a bit of insight into her process for vetting chapter
>> leaders at the Leader Sessions at AppSec. She looks at resumes,
>> loosely looks for associated references, etc. We also have
>> qualifications around the locations for new Chapters. I'm not as
>> familiar as the process for Projects, but ultimately I don't
>> think any of that matters much. Putting money in an account is no
>> different than what happens today. What matters are the controls
>> around how that money gets spent. Personally, I think you are
>> being too overprotective here and we have controls in place to
>> address your concern, but I'm open to the opinions of others.
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
Global Board Member
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board