[Owasp-board] [Governance] Bylaw Update Discussion - Board Member Confidence

Bil Corry bil.corry at owasp.org
Sun Sep 6 09:47:53 UTC 2015


Thanks Jim.

And to be clear, the proposed text does not currently stipulate rotating
board meeting times based on time zones of Board members, but if that's
desired, I'll draft some language.  My thought is to leave out of the
Bylaws so that the Board has flexibility in when they schedule meetings,
but I leave it to the Board to let me know if that isn't working.  One
advantage to rotating the times, regardless of the Board member locations,
is that it allows community members from the far reaches of the planet to
occasionally be able to join the live call during a sane hour for them.


- Bil

On Sun, Sep 6, 2015 at 12:44 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Bil,
>
> This is not the first time you've suggested careful edits to the
> foundations bylaws. I just wanted to say •thank you Bil•. I see this as a
> very high value activity. If you see anything else in question please say
> something. :)
>
> Thanks again, Bil.
>
> Aloha,
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me at AppSecUSA <http://appsecusa.org/> 2015!
>
> On Sep 5, 2015, at 12:17 PM, Bil Corry <bil.corry at owasp.org> wrote:
>
> Hi Tobias,
>
> Replying to your items
>
> 1. I added the following wording: "An overall vote of "confidence" is
> record if half or more of the board members vote for it and it will prevent
> further votes of confidence for the remainder of the year so long as the
> board member in question does not miss any further meetings."
>
> 2. As I mentioned earlier, the calculation starts at the first meeting,
> but is calculated based on the entire year.  So if you miss the first
> meeting, that's 11/12 attendance or 92%, which does not trigger a vote.  If
> I can make it clearer, please let me know, this is what it currently says
> "Attendance is tabulated by the Executive Director or delegate within seven
> days after every scheduled meeting for the purpose of determining if the
> 75% attendance requirement has been met, and the tabulation is based upon
> the entire calendar year"
>
> 3. We can add wording that makes it a requirement that board meeting times
> must rotate for the timezones of the Board members, if that makes this more
> fair.
>
> Here's the proposed text in its entirety:
>
>
> *SECTION 3.03 Regular Meetings.* The Board of Directors shall have
> regular meetings as needed.  A link to the board meeting agenda’s and the
> historical minutes is here:
> https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall be
> at such dates, times, and places as the Board shall determine in December
> of the preceding year and as amended by the Board. In no event will there
> be less than one meeting per quarter.  These meetings will be open to
> public attendance, however, certain portions of the meeting may be closed
> to board members and their delegates when required for legal reasons, or to
> shield liability, or to handle personnel issues, or similar.  Attendance in
> person or virtually by board members is required at no less than 75% of the
> total meetings each year and shall be highly encouraged to meet in person
> at least once annually at a date to be announced and agreed upon.
> Attendance is tabulated by the Executive Director or delegate within seven
> days after every scheduled meeting for the purpose of determining if the
> 75% attendance requirement has been met, and the tabulation is based upon
> the entire calendar year.  Cancelled meetings are considered attended for
> the purposes of the tabulation.  Failure by a board member to meet the 75%
> attendance requirement after any tabulation will cause a mandatory vote of
> confidence by the remaining board members, whose votes will be publicly
> recorded.  The vote of confidence is to take place within 21 days, but not
> sooner than 7 days, of notification by the Executive Director or delegate
> that a board member has not met the attendance threshold.  During the first
> seven days, the board member in question will have an opportunity to make
> their case to their fellow board members.  The vote of confidence will take
> place on the OWASP Board of Directors email list, unless the Board votes to
> review the matter at their next meeting, so long as the next meeting occurs
> within the 21-day window.  An overall vote of "confidence" is record if
> half or more of the board members vote for it and it will prevent further
> votes of confidence for the remainder of the year so long as the board
> member in question does not miss any further meetings.  An overall vote of
> "no confidence" is recorded if more than half of the board members vote
> for it, which causes the board member in question to be instantly removed
> from their seat on the board.  Vacancies on the board are handled as per
> Section 3.10.
>
>
> 2 OWASP Board of Directors will hold quarterly board meetings lasting 4­6
> hours each. The schedule of meetings will be set by the board in December
> before the year. It is likely the the board meetings will take place on
> Saturdays or on a dedicated day before a large OWASP conference. This
> change is a result of the success of the longer format board meeting and
> also a result of the Executive Director role that has enabled full time
> involvement and focus on OWASP operations. Board members must attend (in
> person or virtually) 3 of the 4 meetings to fulfill the attendance
> requirements. This will take effect in January, 2014. Changes passed August
> 19, 2013.
>
> 3 “and shall be highly encouraged to meet in person at least once annually
> at a date to be announced and agreed upon” amendment to document passed
> June 10, 2013.
>
>
>
>
>
>
>
>
>
>
> - Bil
>
>
>
>
>
>
>
> On Sun, Aug 30, 2015 at 11:56 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>> I agree.
>> We should come to a motion and get a vote going on that.
>>
>> I have 3 comments:
>> 1. The future wording should avoid that after a trigger has been reached,
>> that we vote again (and again) even though the respective board member is
>> attending. The wording might require clarification on that issue.
>>
>> 2. I would prefer to avoid a situation where the calculation starts on
>> the first meeting. E.g. a board member missing the first meeting and
>> immediately triggering a vote of confidence. We could start the trigger at
>> the 4th meeting, that gives reasonable excuse if one of the first 4
>> meetings is missed.
>>
>> And on a personal level: I like to remind us again, that so far I have
>> given some priority to timing for US board members as most of our board
>> members are there. So I like to ask for some understanding for people
>> outside. Before you judge too quickly, please take a moment and think about
>> how the current board times translate into European, China, Australia or
>> Hawaii times...
>> In fact I am extremely grateful for Andrew's, Jim's and also Fabio's
>> patience and understanding for the scheduling. It is hard to schedule for a
>> globally distributed board. Still I believe it is in fact a very good thing
>> for OWASP that we are having a global diversity on our board.
>>
>> Thank you and best regards,
>>
>> Tobias
>> (chair)
>>
>>
>>
>> On 26/08/15 17:43, Michael Coates wrote:
>>
>> Like all issues we've had some discussion on the list.  Next step would
>> be a motion, second and a vote. Then the cards fall where they may.
>>
>> It sounds like most opinions are on the table so if someone wants to make
>> a motion, then go for it.
>>
>> My view echoes Matt, we have to show up. 75% is good and we can work on
>> the schedule to share the pain if that is the issue. Note that we set the
>> schedule at the beginning of the year, so we should be more diligent in the
>> future if people's voices on the schedule weren't heard.
>>
>>
>> I still agree that in person is nice, but not a hard requirement.
>>
>>
>>
>> On Aug 26, 2015, at 7:59 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> Ahhh, so this is something personal against me because I won't agree that
>> it makes sense to lower the bar for attendance?  Let's call a spade a
>> spade, Fabio.
>>
>> These are two completely separate issues.  The Board attendance is one
>> that ensures that you are at the meetings and actively engaged in the
>> discussion and voting.  This is your FIDUCIARY RESPONSIBILITY AS A BOARD
>> MEMBER.  Meeting in-person has no effect on whether you are performing your
>> Board duties.  It's a nice thing.  And, engaging with the community has
>> NOTHING to do with attending a Board meeting in-person.  It has to do with
>> being present while other members of our community are present.  Our
>> community extends well beyond those present at AppSecUSA or AppSecEU.  That
>> is an EXTREMELY narrow-minded viewpoint.  In fact, I would go so far as to
>> argue that there are more members of our community that were at BlackHat
>> than at either AppSec conference.  Nothing against AppSec, it's a great
>> conference, I even ran one, but they're limited in appeal and in those who
>> attend.
>>
>> ~josh
>>
>> On Wed, Aug 26, 2015 at 8:45 AM, Fabio Cerullo <fcerullo at owasp.org>
>> wrote:
>>
>>> Guys,
>>>
>>> My take on the 75% percent is that in the same fashion that US Board
>>> members could attend meetings comfortably during the day it is unfair to
>>> request other non-US Board members to attend meetings in the middle of the
>>> night. And then ask for a vote of CONFIDENCE if you go below that bar.
>>> Josh, in the same fashion that you object cannot attend meetings in person
>>> due to family reasons I think is unfair for you to request other Board
>>> members to make family sacrifices or deprive them from sleep.
>>>
>>> Here is the 2015 schedule for past/upcoming Board meetings… almost all
>>> of them are early afternoon PST (Pacific time):
>>>
>>>
>>> https://www.owasp.org/index.php/OWASP_Board_Meetings#tab=Agenda_for_2015_Meetings
>>>
>>> So my recommendation there is either to make the requirement more
>>> logical for everyone (attendance 50% or lower) or change the wording so the
>>> vote of CONFIDENCE is not mandatory.
>>>
>>> Regarding the attendance in person… my suggestion is to require OWASP
>>> Board members to attend in-person at least ONE meeting a year and engage
>>> with the Global OWASP community.
>>>
>>> I don’t believe there is a requirement in the Bylaws for OWASP Board
>>> members to attend BlackHat, BSides or other non-OWASP events.
>>>
>>> Thanks,
>>>
>>> Fabio Cerullo
>>> Global Board Member
>>> OWASP Foundation
>>> https://www.owasp.org
>>> Join me at AppSecUSA 2015 <https://2015.appsecusa.org> in San Francisco!
>>>
>>> On 26 Aug 2015, at 13:53, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> Josh,
>>>
>>> +1 on both accounts. I am personally very grateful for your many and
>>> regular contributions on the board, even when we disagree on occasion. I
>>> think you handle conflict extremely well and I appreciate your strong sense
>>> of ethics.
>>>
>>> Keep on rockin' in the free world.
>>>
>>> Aloha,
>>> Jim
>>>
>>> On 8/26/15 7:13 AM, Josh Sokol wrote:
>>>
>>> Fabio,
>>>
>>> I did not express any concern about the 75% requirement.  I think it is
>>> a very reasonable expectation to have a Board member not miss more than 3
>>> meetings a year.  Even that number seems high to me.  I don't see any issue
>>> if Michael or Andrew were to trigger a vote of confidence if they were to
>>> miss another meeting.  In all likelihodd, if that were to happen, we would
>>> just handle it exactly as we handled your situation.  We recognize
>>> contributions outside of the meetings and move on.  That said, if a Board
>>> member got elected, and simply wasn't attending meetings, or wasn't putting
>>> in any effort, would you really want to wait longer than 3 months to have
>>> the OPTION to remove them?  This process is working exactly as it was
>>> designed to.  Why would we want to change it all of a sudden now that
>>> someone was falling below the bar?
>>>
>>> With respect to changing the in-person Board meeting requirements, I
>>> strongly object.  I was the one who petitioned the Board to have this
>>> requirement changed from MUST to SHOULD in the first place.  While my
>>> family and work obligations make travel quite difficult for me, I don't
>>> think it has sacrificed my participation in the Board at all.  And in terms
>>> of interaction with the community, I was out at both BSides Las Vegas and
>>> BlackHat where OWASP had a presence at both.  Were you?  I participate in
>>> the MONTHLY OWASP Austin chapter meetings, MONTHLY happy hours, and
>>> LASCON.  I attend many other local and regional security events such as
>>> BSides Austin and HouSecCon.  So, there are MANY other ways for a Board
>>> member to meet with the community, talk about their needs, and help them
>>> progress their projects without an in-person Board meeting.  With OWASP
>>> having a highly-distributed global Board, and in this age of technology,
>>> the idea that we all have to be in the same place to get something done is
>>> ludicrous.  Is it more ideal?  Absolutely.  Should it be a requirement?
>>> Absolutely not.
>>>
>>> ~josh
>>>
>>> On Tue, Aug 25, 2015 at 5:08 AM, Fabio Cerullo <fcerullo at owasp.org>
>>> wrote:
>>>
>>>> Bill,
>>>>
>>>> Thanks for updating the wording in the clause below. I have some
>>>> comments regarding the 75% attendance requirement.
>>>>
>>>> Besides Josh, several board members already expressed a concern about
>>>> this requirement and are willing to lower/eliminate it.
>>>>
>>>> Just to give you an example: Michael and Andrew will trigger a vote of
>>>> CONFIDENCE if they miss another meeting during the calendar year.
>>>>
>>>>
>>>> https://docs.google.com/spreadsheets/d/1wpaOCBP-qrnde0sLiglDMJOUCtse6oB-zf3ONCkWgZk/edit?pli=1#gid=6
>>>>
>>>> I think that is counterproductive and will send us in a spiral of votes
>>>> of CONFIDENCE at every Board meeting. I would suggest to lower that
>>>> requirement or NOT making the vote of CONFIDENCE a requirement for meetings
>>>> attendance. The vote of CONFIDENCE should be a mechanism to expel a Board
>>>> member if they don’t fulfil their duties, misbehave with other
>>>> members/staff of the community, or they significantly do not show up at the
>>>> Board meetings (e.g. attendance less than 50%).
>>>>
>>>> Also, I believe the requirement to meet in person is quite vague as per
>>>> current statement below. I attended all in person meetings at AppSec USA &
>>>> AppSec EU and think they are very valuable. You have a chance to meet with
>>>> the community, talk about their needs, help them progress their projects,
>>>> and meet face-to-face with your fellow Board members. So if we are going to
>>>> change the Bylaws, I think we need to put a requirement for Board members
>>>> to meet in person at least ONCE a year. I will appreciate your feedback and
>>>> from the rest of the Governance list regarding this matter.
>>>>
>>>> Attendance in person or virtually by board members is required at no
>>>> less than 75% of the total meetings each year and *shall be highly
>>>> encouraged to meet in person at least once annually* at a date to be
>>>> announced and agreed upon.
>>>>
>>>> Thanks,
>>>>
>>>> Fabio Cerullo
>>>> Global Board Member
>>>> OWASP Foundation
>>>> https://www.owasp.org
>>>> Join me at AppSecUSA 2015 <https://2015.appsecusa.org/> in
>>>> San Francisco!
>>>>
>>>> On 25 Aug 2015, at 10:22, Bil Corry <bil.corry at owasp.org> wrote:
>>>>
>>>> Hi Josh,
>>>>
>>>> Tabulation is described as thus (emphasis is mine):
>>>>
>>>> "Attendance is tabulated after every scheduled meeting for the purpose
>>>> of determining if the 75% attendance requirement has been met, and the
>>>> tabulation is *based upon the entire calendar year.*"
>>>>
>>>> That means if there are 12 meetings during the year and you miss the
>>>> first meeting, your attendance is 11/12 or 92%.  No vote required.
>>>>
>>>> As far as your other concerns, I've updated the text below, hopefully
>>>> I've covered it all?  I pulled deadlines out of thin air, so feel free to
>>>> tweak the numbers and method of voting.
>>>>
>>>>
>>>> *SECTION 3.03 Regular Meetings.* The Board of Directors shall have
>>>> regular meetings as needed.  A link to the board meeting agenda’s and the
>>>> historical minutes is here:
>>>> https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings shall
>>>> be at such dates, times, and places as the Board shall determine in
>>>> December of the preceding year and as amended by the Board. In no event
>>>> will there be less than one meeting per quarter.  These meetings will be
>>>> open to public attendance, however, certain portions of the meeting may be
>>>> closed to board members and their delegates when required for legal
>>>> reasons, or to shield liability, or to handle personnel issues, or
>>>> similar.  Attendance in person or virtually by board members is required at
>>>> no less than 75% of the total meetings each year and shall be highly
>>>> encouraged to meet in person at least once annually at a date to be
>>>> announced and agreed upon.  Attendance is tabulated by the Executive
>>>> Director or delegate within seven days after every scheduled meeting for
>>>> the purpose of determining if the 75% attendance requirement has been met,
>>>> and the tabulation is based upon the entire calendar year.  Cancelled
>>>> meetings are considered attended for the purposes of the tabulation.
>>>> Failure by a board member to meet the 75% attendance requirement after any
>>>> tabulation will cause a mandatory vote of confidence by the remaining
>>>> board members, whose votes will be publicly recorded.  The vote of
>>>> confidence is to take place within 21 days, but not sooner than 7 days, of
>>>> notification by the Executive Director or delegate that a board member has
>>>> not met the attendance threshold.  During the first seven days, the board
>>>> member in question will have an opportunity to make their case to their
>>>> fellow board members.  The vote of confidence will take place on the OWASP
>>>> Board of Directors email list, unless the Board votes to review the matter
>>>> at their next meeting, so long as the next meeting occurs within the 21-day
>>>> window.  An overall vote of "confidence" is record if half or more of the
>>>> board members vote for it and it will prevent further votes of confidence
>>>> for the remainder of the year so long as the board member in question does
>>>> not miss any further meetings.  An overall vote of "no confidence" is
>>>> recorded if more than half of the board members vote for it, which causes
>>>> the board member in question to be instantly removed from their seat on the
>>>> board.  Vacancies on the board are handled as per Section 3.10.
>>>>
>>>>
>>>>
>>>>
>>>> 2 OWASP Board of Directors will hold quarterly board meetings lasting
>>>> 4­6 hours each. The schedule of meetings will be set by the board in
>>>> December before the year. It is likely the the board meetings will take
>>>> place on Saturdays or on a dedicated day before a large OWASP conference.
>>>> This change is a result of the success of the longer format board meeting
>>>> and also a result of the Executive Director role that has enabled full time
>>>> involvement and focus on OWASP operations. Board members must attend (in
>>>> person or virtually) 3 of the 4 meetings to fulfill the attendance
>>>> requirements. This will take effect in January, 2014. Changes passed August
>>>> 19, 2013.
>>>>
>>>> 3 “and shall be highly encouraged to meet in person at least once
>>>> annually at a date to be announced and agreed upon” amendment to document
>>>> passed June 10, 2013.
>>>>
>>>>
>>>>
>>>>
>>>> - Bil
>>>>
>>>>
>>>> On Mon, Aug 24, 2015 at 2:31 PM, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>>
>>>>> Bil,
>>>>>
>>>>> I initiated a Board vote on the new text that you had proposed back in
>>>>> April or May this year and the Board unanimously voted to approve.  Paul
>>>>> has been working to try to identify all of the changes that have been made
>>>>> (there's only been one or two this year) in order to get a new version of
>>>>> the Bylaws on the website.  Regardless, the one that is there is definitely
>>>>> out-of-date.
>>>>>
>>>>> With respect to your update, thank you, I was thinking something
>>>>> similar as well, but this doesn't address a few of my bullet points:
>>>>>
>>>>>    - The method of tabulation is unspecified.  If we are tabulating
>>>>>    sequentially, then we have a situation where if a Board member missed their
>>>>>    first meeting, a vote is required to be held for three tabulations (0%,
>>>>>    50%, and 66%) until they make it up over 75%.  I am guessing that the
>>>>>    intent is for this to be tabulated assuming attendance for all future
>>>>>    meetings and action would be taken if the person would be unable to
>>>>>    maintain 75% attendance, but if anyone disagrees and has a different
>>>>>    interpretation, please let me know.
>>>>>    - The timeframe for the vote is unspecified.  It just says that it
>>>>>    will cause a mandatory vote of confidence, but never says when that vote is
>>>>>    supposed to take place or who is supposed to initiate it.  Is it to be
>>>>>    handled immediately at the time of tabulation?  Is it handled offline over
>>>>>    e-mail as we recently did?  Is it handled at the next Board meeting?  Based
>>>>>    on the current verbiage, technically the Board could drag it's heels on it
>>>>>    indefinitely.  I would think that something reasonable would be having the
>>>>>    vote initiated by our Executive Director within two weeks of the tabulation
>>>>>    that found them to be not meeting their attendance requirements.  If there
>>>>>    is a Board meeting during that window, then it could be handled then, or
>>>>>    handled via the mailing list otherwise.  That provides time to handle the
>>>>>    situation and removes any Board member bias from the initiation of the vote.
>>>>>    - This does not offer the offender an opportunity to explain why
>>>>>    they failed to meet their attendance requirement.  I think that a
>>>>>    reasonable process would assume that there is a rational explanation for
>>>>>    why they did not attend.  Maybe it's because all of the meetings were being
>>>>>    held at 2 AM in their timezone.  Maybe it's because of a death in the
>>>>>    family.  I think this process should take the personal factor into
>>>>>    consideration.
>>>>>
>>>>> Would you care to take a stab at addressing these?  If not, I can
>>>>> certainly take a shot at it as well.
>>>>>
>>>>> ~josh
>>>>>
>>>>> On Mon, Aug 24, 2015 at 2:07 AM, Bil Corry <bil.corry at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Hi Josh,
>>>>>>
>>>>>> The current bylaw I see is from last year, which doesn't have the
>>>>>> text you quoted.  It's here:
>>>>>>
>>>>>>      https://www.owasp.org/index.php/OWASP_Foundation_ByLaws
>>>>>>
>>>>>> I know we discussed changing the bylaws, but I don't know what was
>>>>>> ultimately adopted.  FWIW, this is the wording from last proposed text,
>>>>>> which is very clear on how tabulation is calculated, although it doesn't
>>>>>> give strict time limes for tabulation and confidence voting.  The thought
>>>>>> was to allow the Board some flexibility in how they want to execute it.
>>>>>> But if you'd like it to be formally incorporated into the bylaws, then
>>>>>> please proposed some text.
>>>>>>
>>>>>>
>>>>>> *SECTION 3.03 Regular Meetings.* The Board of Directors shall have
>>>>>> regular meetings as needed.  A link to the board meeting agenda’s and the
>>>>>> historical minutes is here:
>>>>>> https://www.owasp.org/index.php/OWASP_Board_Meetings.  Meetings
>>>>>> shall be at such dates, times, and places as the Board shall determine in
>>>>>> December of the preceding year and as amended by the Board. In no event
>>>>>> will there be less than one meeting per quarter.  These meetings will be
>>>>>> open to public attendance, however, certain portions of the meeting may be
>>>>>> closed to board members  and their delegates when required for legal
>>>>>> reasons, or to shield liability, or to handle personnel issues, or
>>>>>> similar.  Attendance in person or virtually by board members is required at
>>>>>> no less than 75% of the total meetings each year and shall be highly
>>>>>> encouraged to meet in person at least once annually at a date to be
>>>>>> announced and agreed upon.  Attendance is tabulated after every scheduled
>>>>>> meeting for the purpose of determining if the 75% attendance requirement
>>>>>> has been met, and the tabulation is based upon the entire calendar year.
>>>>>> Cancelled meetings are considered attended for the purposes of the
>>>>>> tabulation.  Failure by a board member to meet the 75% attendance
>>>>>> requirement after any tabulation will cause a mandatory vote of
>>>>>> confidence by the remaining board members, whose votes will be
>>>>>> publicly recorded.  An overall vote of "no confidence" is recorded
>>>>>> if half or more of the board members vote for it, which causes the board
>>>>>> member in question to be instantly removed from their seat on the board.
>>>>>> Vacancies on the board are handled as per Section 3.10.
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2 OWASP Board of Directors will hold quarterly board meetings lasting
>>>>>> 4­6 hours each. The schedule of meetings will be set by the board in
>>>>>> December before the year. It is likely the the board meetings will take
>>>>>> place on Saturdays or on a dedicated day before a large OWASP conference.
>>>>>> This change is a result of the success of the longer format board meeting
>>>>>> and also a result of the Executive Director role that has enabled full time
>>>>>> involvement and focus on OWASP operations. Board members must attend (in
>>>>>> person or virtually) 3 of the 4 meetings to fulfill the attendance
>>>>>> requirements. This will take effect in January, 2014. Changes passed August
>>>>>> 19, 2013.
>>>>>>
>>>>>> 3 “and shall be highly encouraged to meet in person at least once
>>>>>> annually at a date to be announced and agreed upon” amendment to document
>>>>>> passed June 10, 2013.
>>>>>>
>>>>>>
>>>>>>
>>>>>> - Bil
>>>>>>
>>>>>>
>>>>>> On Sat, Aug 22, 2015 at 6:01 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Board,
>>>>>>>
>>>>>>> As recently discussed and voted on in a separate thread, our current
>>>>>>> Bylaws state as follows:
>>>>>>>
>>>>>>> *Failure by a board member to meet the 75% attendance requirement
>>>>>>> after any tabulation will cause a mandatory vote of confidence by the
>>>>>>> remaining board members, whose votes will be publicly recorded.  An overall
>>>>>>> vote of "no confidence" is recorded if half or more of the board members
>>>>>>> vote for it, which causes the board member in question to be instantly
>>>>>>> removed from their seat on the board.*
>>>>>>>
>>>>>>> I see a few issues with this:
>>>>>>>
>>>>>>>    - The timeframe that this applies to is unspecified.  Is it per
>>>>>>>    quarter?  Per calendar year?  Over the two year duration of a Board member
>>>>>>>    term?  Over the cumulative time that a Board member is in office?  I'm
>>>>>>>    guessing that the intent is for this to be over the calendar year, but if
>>>>>>>    anyone disagrees and has a different interpretation, please let me know.
>>>>>>>    - The definition of "tabulation" is unspecified.  Who is doing
>>>>>>>    the tabulation?  Is there a certain time that this tabulation is
>>>>>>>    conducted?  I'm guessing that the intent is for this to be based on the
>>>>>>>    attendance role that is captured during the Board meeting, but if anyone
>>>>>>>    disagrees and has a different interpretation, please let me know.
>>>>>>>    - The method of tabulation is unspecified.  If we are tabulating
>>>>>>>    sequentially, then we have a situation where if a Board member missed their
>>>>>>>    first meeting, a vote is required to be held for three tabulations (0%,
>>>>>>>    50%, and 66%) until they make it up over 75%.  I am guessing that the
>>>>>>>    intent is for this to be tabulated assuming attendance for all future
>>>>>>>    meetings and action would be taken if the person would be unable to
>>>>>>>    maintain 75% attendance, but if anyone disagrees and has a different
>>>>>>>    interpretation, please let me know.
>>>>>>>    - The timeframe for the vote is unspecified.  It just says that
>>>>>>>    it will cause a mandatory vote of confidence, but never says when that vote
>>>>>>>    is supposed to take place or who is supposed to initiate it.  Is it to be
>>>>>>>    handled immediately at the time of tabulation?  Is it handled offline over
>>>>>>>    e-mail as we recently did?  Is it handled at the next Board meeting?  Based
>>>>>>>    on the current verbiage, technically the Board could drag it's heels on it
>>>>>>>    indefinitely.  I would think that something reasonable would be having the
>>>>>>>    vote initiated by our Executive Director within two weeks of the tabulation
>>>>>>>    that found them to be not meeting their attendance requirements.  If there
>>>>>>>    is a Board meeting during that window, then it could be handled then, or
>>>>>>>    handled via the mailing list otherwise.  That provides time to handle the
>>>>>>>    situation and removes any Board member bias from the initiation of the vote.
>>>>>>>    - This does not offer the offender an opportunity to explain why
>>>>>>>    they failed to meet their attendance requirement.  I think that a
>>>>>>>    reasonable process would assume that there is a rational explanation for
>>>>>>>    why they did not attend.  Maybe it's because all of the meetings were being
>>>>>>>    held at 2 AM in their timezone.  Maybe it's because of a death in the
>>>>>>>    family.  I think this process should take the personal factor into
>>>>>>>    consideration.
>>>>>>>
>>>>>>> With the above in mind, I don't see a reason to lower the bar from
>>>>>>> 75%.  My thinking is that this is a reasonable expectation to have of a
>>>>>>> Board member with all things being equal.  It may not be the best measure
>>>>>>> of engagement, but it is still a responsibility that all Board members are
>>>>>>> aware of going into it, and I am not aware of it having been an issue in
>>>>>>> the past (until now), so I'm not sure why we would change it now that one
>>>>>>> Board member had a vote initiated for it.  I would propose that we update
>>>>>>> the language in order to better clarify my bullet points above, but leave
>>>>>>> the requirement itself in place.  Please provide your thoughts regarding
>>>>>>> each of these bullet points (or any other issues that you think need to be
>>>>>>> addressed here).  Once we have some level of agreement with these, I can
>>>>>>> take the action item of re-writing this section of the Bylaws in order to
>>>>>>> incorporate these changes.  Thanks.
>>>>>>>
>>>>>>> ~josh
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> _______________________________________________
>>>> Governance mailing list
>>>> Governance at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/governance
>>>>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Governance mailing listGovernance at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/governance
>>>
>>>
>>> --
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundationhttps://www.owasp.org
>>> Join me at AppSecUSA 2015!
>>>
>>>
>>>
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
>>
>>
>>
>> _______________________________________________
>> Governance mailing listGovernance at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/governance
>>
>>
>>
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
>>
>>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150906/583bc57d/attachment-0001.html>


More information about the Owasp-board mailing list