[Owasp-board] Discussion on Proposal 4

Josh Sokol josh.sokol at owasp.org
Fri Oct 9 21:47:26 UTC 2015

Andrew, perhaps you are confusing this proposal with proposal 3 which
states that "*All accounts belonging to active chapters and projects, as
defined in the Chapter and Project Handbooks respectively, with balances
less than $500, will be brought to $500 beginning January 1, 2016 as long
as there are at least two active leaders at that time.*"  This proposal
only applies to *NEW* projects and chapters.  I'm not sure about new
projects in 2015, but there were 28 new chapters in 2015 which would equate
to $14k under this proposal, if it were in place this year.  Think of this
as "kickstarter" funding to get them moving.  If they don't want it, or
cannot use it, then they can always donate it back.


On Fri, Oct 9, 2015 at 3:52 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Tobias,
> I have read all of the conversation and discussion carefully an I voted
> YES on all 11 of these proposals.
> - Jim
> On 10/9/15 10:49 PM, Tobias wrote:
> As our mailing-list got a bit swamped, this might have got lost in the
> hundred voting emails, do we have any further discussion elements on this
> one?
> And if people like vote on this, can they please confirm that they have at
> least acknowledged this discussion when casting their vote?
> Thanks, Tobias
> On 09/10/15 14:29, Andrew van der Stock wrote:
> At the moment, and I would love to hear from the large project leaders
> here too, is that prior to this initiative, it was too hard for projects to
> spend money on anything really useful.
> I worked with Sam and applied for DHS grants expecting to be able to take
> some time off to work on the Developer Guide. The brouhaha was so much that
> I never felt I could use the granted DHS grant money granted specifically
> for us to work on the Developer Guide to work on the Developer Guide. In
> the end, I used some of the funds to go AppSec USA 2013 to try and build
> some community, but was put into a really small room, and I ended up
> speaking to 10 folks who already knew about the Dev Guide. I got more out
> of the Project Summit than I did out of my talk.
> I don't want to get stuck into the past problems as we're trying to solve
> a general problem here, but giving new projects $500 when it's really hard
> for them to spend that money on anything useful is ... another form of ring
> fencing.
> I am prepared to be proven wrong, but I would hate for $500 * 130 = $65k
> to be so thinly spread that no one project can't do anything useful with
> it, but all projects as a whole have $65k less than they do today. This is
> the problem with the entire Community Engagement Funding, which unless you
> knew it existed, also doesn't get spent. You've already used CEF as an
> example of projects not spending money in previous go arounds on this
> topic.
> My view right now is not to vote yes on this one until we have a really
> good discussion about eliminating barriers for projects to spend their
> funds. This might need to be done later with a second proposal to work out
> a perpetual project summit budget, or alternative ideas such as VPS credits
> with our labs solution.
> thanks
> Andrew
> On Fri, Oct 9, 2015 at 1:10 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> Here is the current text for proposal 4:
>> *Upon creation of a new project or chapter, as long as they have at least
>> two leaders they will be allocated a $500 budget to begin with.*
>> *Tobias:*
>> COMMENT: I have been thinking a bit more on Michael's comment last night
>> to reward activity. And I think some reward mechanism for chapter activity
>> and project status would be right. IMO we should be consistent and apply
>> the same criteria for "active" as we did in proposal 3.
>> *Josh:*
>> I disagree here.  The biggest struggle for new chapter and project
>> leaders is getting funding.  We need to eliminate that struggle.
>> Obviously, chapters and projects are still subject to requirements and
>> approval by our ops team, as they are today, and that should weed out any
>> issues.  Also, think about the current value of being an OWASP chapter or
>> project leader.  If our goal is to attract more of these types of people to
>> OWASP, then $500 seems like a pretty small amount in the grand scheme of
>> things to incentivize them to do so.
>> *Tobias:*
>> Noted. I can see your point.
>> But, we may have a different perception on the requirements and approval
>> process by the ops team to create a new chapter/project. In my
>> understanding, today, the barrier to setting up a chapter or project is
>> intentionally very very low. Close to zero. Basically anyone can do it with
>> close to zero evidence. So, I am here a bit more on the side of caution. My
>> concern is to manage the potential risk of abuse. Call it "fiduciary ...".
>> I trust our community, but independent of trust, we also are responsible
>> (and legally obliged) to put sufficient controls in place before releasing
>> charity funds. With an active chapter or project there are at least some
>> community review controls in place. I am concerned that we would not fulfil
>> our fiduciary duty of protecting foundation money against fraud risks if we
>> assign money immediately without the need for the chapter/project to be
>> active. That is the reason why I proposed this alternative.
>> Do you and others think I am overprotective?
>> It would be helpful for me to hear some further board members' opinion on
>> that before moving to a vote.
>> (On a note: Thinking about it, another way to achieve a higher minimum
>> control of expenses for new projects could be to add some extra review for
>> a new chapter/project expense (e.g. by the ops team, or maybe an active
>> neighbour chapter) before we sign-off on expenses.)
>> *Josh:*
>> The barrier may be low, but it is definitely not zero.  Noreen provided a
>> bit of insight into her process for vetting chapter leaders at the Leader
>> Sessions at AppSec.  She looks at resumes, loosely looks for associated
>> references, etc.  We also have qualifications around the locations for new
>> Chapters.  I'm not as familiar as the process for Projects, but ultimately
>> I don't think any of that matters much.  Putting money in an account is no
>> different than what happens today.  What matters are the controls around
>> how that money gets spent.  Personally, I think you are being too
>> overprotective here and we have controls in place to address your concern,
>> but I'm open to the opinions of others.
>> ~josh
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151009/0bc6c3d4/attachment-0001.html>

More information about the Owasp-board mailing list