[Owasp-board] Discussion on Proposal 4

Matt Konda matt.konda at owasp.org
Tue Oct 13 02:04:12 UTC 2015

I vote yes for #4.

Josh and Jim also voted yes.  I registered Andrew as a no based on the

It is not clear whether others are prepared to vote.  This does not yet
have enough votes to succeed.


On Fri, Oct 9, 2015 at 4:47 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Andrew, perhaps you are confusing this proposal with proposal 3 which
> states that "*All accounts belonging to active chapters and projects, as
> defined in the Chapter and Project Handbooks respectively, with balances
> less than $500, will be brought to $500 beginning January 1, 2016 as long
> as there are at least two active leaders at that time.*"  This proposal
> only applies to *NEW* projects and chapters.  I'm not sure about new
> projects in 2015, but there were 28 new chapters in 2015 which would equate
> to $14k under this proposal, if it were in place this year.  Think of this
> as "kickstarter" funding to get them moving.  If they don't want it, or
> cannot use it, then they can always donate it back.
> ~josh
> On Fri, Oct 9, 2015 at 3:52 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> Tobias,
>> I have read all of the conversation and discussion carefully an I voted
>> YES on all 11 of these proposals.
>> - Jim
>> On 10/9/15 10:49 PM, Tobias wrote:
>> As our mailing-list got a bit swamped, this might have got lost in the
>> hundred voting emails, do we have any further discussion elements on this
>> one?
>> And if people like vote on this, can they please confirm that they have
>> at least acknowledged this discussion when casting their vote?
>> Thanks, Tobias
>> On 09/10/15 14:29, Andrew van der Stock wrote:
>> At the moment, and I would love to hear from the large project leaders
>> here too, is that prior to this initiative, it was too hard for projects to
>> spend money on anything really useful.
>> I worked with Sam and applied for DHS grants expecting to be able to take
>> some time off to work on the Developer Guide. The brouhaha was so much that
>> I never felt I could use the granted DHS grant money granted specifically
>> for us to work on the Developer Guide to work on the Developer Guide. In
>> the end, I used some of the funds to go AppSec USA 2013 to try and build
>> some community, but was put into a really small room, and I ended up
>> speaking to 10 folks who already knew about the Dev Guide. I got more out
>> of the Project Summit than I did out of my talk.
>> I don't want to get stuck into the past problems as we're trying to solve
>> a general problem here, but giving new projects $500 when it's really hard
>> for them to spend that money on anything useful is ... another form of ring
>> fencing.
>> I am prepared to be proven wrong, but I would hate for $500 * 130 = $65k
>> to be so thinly spread that no one project can't do anything useful with
>> it, but all projects as a whole have $65k less than they do today. This is
>> the problem with the entire Community Engagement Funding, which unless you
>> knew it existed, also doesn't get spent. You've already used CEF as an
>> example of projects not spending money in previous go arounds on this
>> topic.
>> My view right now is not to vote yes on this one until we have a really
>> good discussion about eliminating barriers for projects to spend their
>> funds. This might need to be done later with a second proposal to work out
>> a perpetual project summit budget, or alternative ideas such as VPS credits
>> with our labs solution.
>> thanks
>> Andrew
>> On Fri, Oct 9, 2015 at 1:10 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> Here is the current text for proposal 4:
>>> *Upon creation of a new project or chapter, as long as they have at
>>> least two leaders they will be allocated a $500 budget to begin with.*
>>> *Tobias:*
>>> COMMENT: I have been thinking a bit more on Michael's comment last night
>>> to reward activity. And I think some reward mechanism for chapter activity
>>> and project status would be right. IMO we should be consistent and apply
>>> the same criteria for "active" as we did in proposal 3.
>>> *Josh:*
>>> I disagree here.  The biggest struggle for new chapter and project
>>> leaders is getting funding.  We need to eliminate that struggle.
>>> Obviously, chapters and projects are still subject to requirements and
>>> approval by our ops team, as they are today, and that should weed out any
>>> issues.  Also, think about the current value of being an OWASP chapter or
>>> project leader.  If our goal is to attract more of these types of people to
>>> OWASP, then $500 seems like a pretty small amount in the grand scheme of
>>> things to incentivize them to do so.
>>> *Tobias:*
>>> Noted. I can see your point.
>>> But, we may have a different perception on the requirements and approval
>>> process by the ops team to create a new chapter/project. In my
>>> understanding, today, the barrier to setting up a chapter or project is
>>> intentionally very very low. Close to zero. Basically anyone can do it with
>>> close to zero evidence. So, I am here a bit more on the side of caution. My
>>> concern is to manage the potential risk of abuse. Call it "fiduciary ...".
>>> I trust our community, but independent of trust, we also are responsible
>>> (and legally obliged) to put sufficient controls in place before releasing
>>> charity funds. With an active chapter or project there are at least some
>>> community review controls in place. I am concerned that we would not fulfil
>>> our fiduciary duty of protecting foundation money against fraud risks if we
>>> assign money immediately without the need for the chapter/project to be
>>> active. That is the reason why I proposed this alternative.
>>> Do you and others think I am overprotective?
>>> It would be helpful for me to hear some further board members' opinion
>>> on that before moving to a vote.
>>> (On a note: Thinking about it, another way to achieve a higher minimum
>>> control of expenses for new projects could be to add some extra review for
>>> a new chapter/project expense (e.g. by the ops team, or maybe an active
>>> neighbour chapter) before we sign-off on expenses.)
>>> *Josh:*
>>> The barrier may be low, but it is definitely not zero.  Noreen provided
>>> a bit of insight into her process for vetting chapter leaders at the Leader
>>> Sessions at AppSec.  She looks at resumes, loosely looks for associated
>>> references, etc.  We also have qualifications around the locations for new
>>> Chapters.  I'm not as familiar as the process for Projects, but ultimately
>>> I don't think any of that matters much.  Putting money in an account is no
>>> different than what happens today.  What matters are the controls around
>>> how that money gets spent.  Personally, I think you are being too
>>> overprotective here and we have controls in place to address your concern,
>>> but I'm open to the opinions of others.
>>> ~josh
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>> --
>> Jim Manico
>> Global Board Member
>> OWASP Foundationhttps://www.owasp.org
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151012/01f2317d/attachment.html>

More information about the Owasp-board mailing list