[Owasp-board] [Governance] Proposal to change our bylaws about board member rotation and term limits

Tobias tobias.gondrom at owasp.org
Tue Oct 13 13:50:46 UTC 2015

Hi Michael,

let me express some thoughts on why I propose these numbers.

Note: I assume the benefits of term limits in general are understood. As 
best practices for governance. So I will not write an essay about this 
topic. ;-)

Reasons for choice of numbers:
Internet age is moving more quickly. Often normal organisations have 
limits of 2 terms with a total of 6 or 8 year, or in rare cases 10 year 
(= 2 x 5year) term limits. As we operate in a fast moving Internet and 
technology space our current term duration is 2 years. Which I think is 
good. Reducing it to 2 x 2 years is maybe a bit short compared to 6 or 8 
years. Also considering that the first year is definitely a learning 
curve. So compared to other organisations, 6 years seems reasonable. 
(shorter than 8 years as in many physical world scenarios, on the other 
hand allowing for a maximum of three terms).

And I think we would benefit from more rotation of board members from 
other parts of the community. Frankly, IMHO 6 years is a good long time. 
You could say maybe 1-2 years to fully understand the work of the board 
and initiate first changes, 1 term of 2 years to complete all the major 
programs you think are needed and 1 term of 2 years to finish and close 
any long-term open change items.
I think it gives enough time to affect long-term strategic change while 
on the other side also retains a healthy rotation of new board members 
to ensure a healthy governance of the foundation by the board that 
reflects a variety of board members and allows oversight by new board 
members of what previous board members did.

Of course, I also looked at other examples, like ISC2, IETF and other 
organisations that often limit to 2 -3 terms of 2 or 3 years. And to 
more slow organisations like governments with 2 terms of 4 years each.

So the reason, I think 3 terms of 2 years each in any 10 year period is 
a good, well balanced answer.

Best regards, Tobias

On 13/10/15 08:21, Michael Coates wrote:
> I'm curious what is our end goal with this motion? We could move the 
> term limit to 2 years or to 12 years. Without a clear goal we're just 
> picking numbers.
> I think we are saying that the power of an incumbent candidate is so 
> great that they can't be defeated in an election and we must put a 
> term limit so others can be on the board.
> Even if this is true (which I dont think it is) should we not enable 
> the community to pick the best people for the board?
> An important item to ask is how much do we value new people on the 
> board versus the best people on the board? Sure we won't know if 
> someone new is good without seeing them in action, but another valid 
> response is someone who is great in the community should shine whether 
> or not they're on the board ( I can think of several stars not on the 
> board).
> If we optimize to get new people at all costs, we certainly will 
> achieve that. But is that in the best interest of Owasp or does it 
> just feel more "fair" without accomplishing our goal?
> Food for thought. But I think In passing this motion we should know 
> what we're trying to accomplish and why we've chosen 6 years vs 8 
> years or 2 years as the limit.
> Thanks for consideration.
> On Oct 12, 2015, at 10:29 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>> Yup. But I see this as something non-critical. We can go through this 
>> process over email.
>> I think a better use of board meeting time is to reserve that time 
>> for discussions that we /*need*/ to discuss in person. This is not 
>> one of them, IMO.
>> Aloha,
>> Jim
>> On 10/13/15 6:59 AM, Tobias wrote:
>>> Hm. I could send out a motion on the board list for this proposal.
>>> But practically this time, I think it is more efficient and faster 
>>> to raise this motion at the board meeting tomorrow (Wednesday). 
>>> First, we can not simply move to voting on this without some 
>>> discussion wait time. So the board meeting will happen before that 
>>> wait time expires anyway. And if no discussion is needed for this 
>>> change, this can simply be voted within a minute. (And if there is 
>>> discussion it should be clarified or tabled for later discussion on 
>>> the list and brought up again at the following meeting.)
>>> Best regards, Tobias
>>> On 13/10/15 05:45, Jim Manico wrote:
>>>> I'd vote for it as well. Call the vote and let's do this.
>>>> --
>>>> Jim Manico
>>>> Global Board Member
>>>> OWASP Foundation
>>>> https://www.owasp.org <https://www.owasp.org/>
>>>> Join me in Rome for AppSecEU 2016!
>>>> On Oct 13, 2015, at 4:53 AM, Matt Konda <matt.konda at owasp.org> wrote:
>>>>> I support reducing maximum terms from 8 years to 6 years per the 
>>>>> language Tobias recommended.
>>>>> Personally, I would like to see this proposed and voted 
>>>>> electronically since we have 5/7 recorded as supportive in this 
>>>>> thread.
>>>>> Matt
>>>>> On Fri, Oct 9, 2015 at 4:30 PM, Josh Sokol <josh.sokol at owasp.org> 
>>>>> wrote:
>>>>>     I generally like this proposal and am inclined to vote "yes"
>>>>>     if so motioned.
>>>>>     ~josh
>>>>>     On Fri, Oct 9, 2015 at 8:10 AM, Andrew van der Stock
>>>>>     <vanderaj at owasp.org> wrote:
>>>>>         All boards need renewal and to ensure long term survival
>>>>>         of the organisation. With such a wide field of candidates
>>>>>         last year and this year, we do not have any problems in
>>>>>         recruiting new blood for the board, but that new blood may
>>>>>         be held back by folks who have been here a long while and
>>>>>         using their prior incumbency to gain a slot that might
>>>>>         deny new ideas for OWASP that we might otherwise miss out on.
>>>>>         I think three terms in 10 years is okay if towards the top
>>>>>         of my expectations. I am actually quite okay with the idea
>>>>>         of two terms in 10 years as we only have 7 Directors. The
>>>>>         maximum number of directors would 7 * 5 = 35 directors in
>>>>>         total, and realistically, most of us will go for a second
>>>>>         term and even a third term, which reduces it to 7 * 5 / 2
>>>>>         = lets call it 18 directors in 10 years with two terms,
>>>>>         and possibly as low as 7 * 5 / 3 = 12 directors with
>>>>>         everyone maxing out their three terms. I am not sure a max
>>>>>         of three terms is healthy, as if everyone affected by this
>>>>>         rule tapers off at once, there will be a period every few
>>>>>         years with many new directors, and few experienced directors.
>>>>>         Willing to discuss further. If the majority agree on three
>>>>>         terms I am still very likely to vote yes, and of course,
>>>>>         to take effect once the 2015 elections have been finalised.
>>>>>         thanks
>>>>>         Andrew
>>>>>         On Fri, Oct 9, 2015 at 11:42 PM, Jim Manico
>>>>>         <jim.manico at owasp.org> wrote:
>>>>>             I personally think this is a great idea and of course
>>>>>             should not effect current elections to be fair to Tom.
>>>>>             --
>>>>>             Jim Manico
>>>>>             Global Board Member
>>>>>             OWASP Foundation
>>>>>             https://www.owasp.org
>>>>>             Join me in Rome for AppSecEU 2016!
>>>>>             On Oct 9, 2015, at 1:57 PM, Tobias
>>>>>             <tobias.gondrom at owasp.org> wrote:
>>>>>>             Hello dear community,
>>>>>>             I like to raise a thought about term limits defined
>>>>>>             in our bylaws and how to encourage more board member
>>>>>>             rotation in the future, strengthening our governance
>>>>>>             and bringing new blood in the organisation.
>>>>>>             Last month, I had a very interesting discussion with
>>>>>>             the chair and some board members of ISC2 and they are
>>>>>>             currently moving to a more restrictive way of term
>>>>>>             limits to encourage new board members and rotation to
>>>>>>             improve oversight.
>>>>>>             Our current OWASP bylaws state in section 2.02
>>>>>>             "An individual is limited to 4 consecutive 2 year terms"
>>>>>>             I like to put this in context of other organisations
>>>>>>             like ISC2 bylaws:
>>>>>>             In the past they had "No member may be elected to the
>>>>>>             Board more than twice in any seven year period. "
>>>>>>             (Their term is for 3years.). They noticed a problem
>>>>>>             with people staying on very long after a one year
>>>>>>             break and hindering renewal of the board. So they are
>>>>>>             now moving towards*"Service as a Director may not
>>>>>>             exceed six years in any ten year period"**. *
>>>>>>             I had a longer conversation with several ISC2
>>>>>>             directors and I think this is a good idea and move,
>>>>>>             to enhance governance, democratic processes and bring
>>>>>>             in new people with new ideas (and avoid that the same
>>>>>>             people continue to sit on the board for too long). As
>>>>>>             you know many democratic elected presidents have term
>>>>>>             limits. The US president being a good example.
>>>>>>             I think we should consider to as well strengthen our
>>>>>>             bylaws in that regard and make ourselves more open
>>>>>>             and encouraging for new blood on the board.
>>>>>>             *=> My proposal idea would be to adjust section 2.02
>>>>>>             of our bylaws to state: **
>>>>>>             *"An individual is limited to 3 consecutive 2 year
>>>>>>             terms and serving as a Director may not exceed six
>>>>>>             years in any ten year period."
>>>>>>             Please note: Naturally this change could not affect
>>>>>>             the currently ongoing board elections (as they are
>>>>>>             already in progress), so it would take effect only
>>>>>>             going forward for all new upcoming elections.
>>>>>>             What are your thoughts on this?
>>>>>>             Best regards, Tobias
>>>>>>             Tobias Gondrom
>>>>>>             Chairman OWASP Global Board
>>>>>>             email: tobias.gondrom at owasp.org
>>>>>>             skype: tgondrom
>>>>>>             twitter: @tgondrom
>>>>>>             _______________________________________________
>>>>>>             Governance mailing list
>>>>>>             Governance at lists.owasp.org
>>>>>>             https://lists.owasp.org/mailman/listinfo/governance
>>>>>             _______________________________________________
>>>>>             Owasp-board mailing list
>>>>>             Owasp-board at lists.owasp.org
>>>>>             <mailto:Owasp-board at lists.owasp.org>
>>>>>             https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>         _______________________________________________
>>>>>         Governance mailing list
>>>>>         Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>>>>>         https://lists.owasp.org/mailman/listinfo/governance
>>>>>     _______________________________________________
>>>>>     Governance mailing list
>>>>>     Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>>>>>     https://lists.owasp.org/mailman/listinfo/governance
>>>>> _______________________________________________
>>>>> Governance mailing list
>>>>> Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/governance
>>>> _______________________________________________
>>>> Governance mailing list
>>>> Governance at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/governance
>> -- 
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> https://www.owasp.org
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/governance

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151013/9883c8d3/attachment-0001.html>

More information about the Owasp-board mailing list