[Owasp-board] Request for 150K USD seed fund for the OWASP-DevSecCon Summit in April 2017 in the UK

Tom Brennan tomb at owasp.org
Wed Nov 23 00:04:31 UTC 2016


The board determined we needed the meeting, looks like no one updated the wiki..


> On Nov 22, 2016, at 3:17 PM, Tiffany Long <tiffany.long at owasp.org> wrote:
> 
> Hey Tom, 
> 
> The Nov. 30th meeting says that it is an optional place holder but it takes place three weeks after the last meeting and three weeks before the next one.  
> 
> What makes it optional?
> 
> Best, 
> Tiffany
> 
> 
> Tiffany Long
> Community Manager  
> 
> On Tue, Nov 22, 2016 at 7:26 AM, Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> Thanks, my only questions based on what I read so far is:
> 
> Is DecSecCon another registered non-profit business?
> 
> Will DevSecCon also be putting up 150k or is OWASP taking all the risk
> here acting as the funding vehicle?
> 
> 
> 
> On Tue, Nov 22, 2016 at 9:52 AM, Seba <seba at owasp.org <mailto:seba at owasp.org>> wrote:
> > Hi Tom
> >
> > Can the timing be adapted, I cannot make the middle of the night ?
> >
> > Yes, this is a joint organisation from OWASP & DevSecCon.
> >
> > I will reach out to Andrew with the draft budget (with our current
> > assumptions)
> >
> > Seba
> >
> >
> > On Tue, Nov 22, 2016 at 3:46 PM Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> >>
> >> Next meeting is the 30th see:
> >> https://www.owasp.org/index.php/Board#tab=Agenda_for_2016_Meetings <https://www.owasp.org/index.php/Board#tab=Agenda_for_2016_Meetings>
> >>
> >> re: the request this is a request for 150k from OWASP.  This
> >> relationship with another legal entity sounds like a partnership not a
> >> 100% summit or owasp regional event.. can you provide some clarity
> >> around that?  Andrew is the treasurer you might want to start a thread
> >> with him on it
> >>
> >> On Tue, Nov 22, 2016 at 2:58 AM, Seba <seba at owasp.org <mailto:seba at owasp.org>> wrote:
> >> > hi Tom,
> >> >
> >> > I listened to the recording, my notes below
> >> > recording -
> >> > https://drive.google.com/file/d/0B0yxedKRQADib3RmSHBBMmVfMXM/view <https://drive.google.com/file/d/0B0yxedKRQADib3RmSHBBMmVfMXM/view>
> >> > (starts
> >> > around 13', ends at 18')
> >> >
> >> > notes board meeting 8  - Nov on summit, notes
> >> >
> >> > aim for revenue neutral?
> >> > this is what owasp should be doing, but should be budget neutral
> >> > need more details in writing for the next board meeting
> >> > involve at least one board member to "own" this.
> >> > start with a lower seed fund?
> >> > chapter funds will also be called upon.
> >> >
> >> > As stated below, I am available for a call on the 30th (possibly joined
> >> > by
> >> > Dinis & Francois)
> >> > I can do 20h30 CET -
> >> >
> >> > https://www.timeanddate.com/worldclock/fixedtime.html?msg=summit+seed+fund+call&iso=20161130T2030&p1=48&am=30 <https://www.timeanddate.com/worldclock/fixedtime.html?msg=summit+seed+fund+call&iso=20161130T2030&p1=48&am=30>
> >> >
> >> > regards
> >> >
> >> > Seba
> >> >
> >> > On Wed, Nov 9, 2016 at 7:58 AM Seba <seba at owasp.org <mailto:seba at owasp.org>> wrote:
> >> >>
> >> >> Hi Tom,
> >> >>
> >> >> I will listen to the recordings, respond to questions and push this
> >> >> further towards a successful summit (together with the team).
> >> >> I can join a call on the 30th, assuming it is on a CET-timezone
> >> >> friendly
> >> >> time :-)
> >> >> Preferably 21h30 CEST / 3:30pm EST ?
> >> >>
> >> >> regards
> >> >>
> >> >> Seba
> >> >>
> >> >>
> >> >>
> >> >> On Wed, Nov 9, 2016 at 3:12 AM Tom Brennan - OWASP <tomb at owasp.org <mailto:tomb at owasp.org>>
> >> >> wrote:
> >> >>>
> >> >>> @ Dinis and Seba listen to the board meeting recording/mins., about
> >> >>> the
> >> >>> request for over 100k for joint effort with another business.  Based
> >> >>> on the
> >> >>> current model it actually falls under a joint-event and would require
> >> >>> a
> >> >>> co-marketing agreement and seed-money.
> >> >>>
> >> >>> https://www.owasp.org/index.php/November_8,_2016 <https://www.owasp.org/index.php/November_8,_2016> (when link is
> >> >>> available)
> >> >>>
> >> >>> You guys have been board members you know what it is like to have
> >> >>> something vague on the agenda a motion to approve money and questions
> >> >>> from
> >> >>> attendees members of the public, staff and board on the submission.
> >> >>> Without
> >> >>> anyone from your team to speak to the initiative or a staff member or
> >> >>> board
> >> >>> member briefed it unfortunately gets pushed and without a motion, a
> >> >>> second
> >> >>> or a vote to make it happen.
> >> >>>
> >> >>> So that it can be approved by a majority vote (4) people for 2017
> >> >>> would
> >> >>> someone from your team who is going to LEAD the effort answer
> >> >>> questions and
> >> >>> be available on the 30th?
> >> >>>
> >> >>> Would that person be Francois or one of you guys?
> >> >>> https://www.linkedin.com/in/francoisraynaud <https://www.linkedin.com/in/francoisraynaud>
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Tue, Nov 8, 2016 at 3:32 PM, Matt Konda <matt.konda at owasp.org <mailto:matt.konda at owasp.org>>
> >> >>> wrote:
> >> >>>>
> >> >>>> Seba,
> >> >>>>
> >> >>>> Is there someone attending the board meeting that can speak to this
> >> >>>> in
> >> >>>> more detail?
> >> >>>>
> >> >>>> In general, I like the idea.  I have questions ...
> >> >>>>
> >> >>>> How many people do we expect to reach for the investment?
> >> >>>> What would be the outcome?
> >> >>>> What kind of organizational (events) support are you hoping for?
> >> >>>>
> >> >>>> As someone who was never part of the previous summits, I wonder if
> >> >>>> they
> >> >>>> are as open and inclusive as we would need them to be to justify
> >> >>>> almost 10%
> >> >>>> of our yearly budget to fund it.
> >> >>>>
> >> >>>> I definitely want to hear more - great work!
> >> >>>>
> >> >>>> Thanks,
> >> >>>> Matt
> >> >>>>
> >> >>>> On Tue, Nov 8, 2016 at 2:13 PM, Tobias Gondrom
> >> >>>> <tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>> wrote:
> >> >>>>>
> >> >>>>> I support this initiative.
> >> >>>>>
> >> >>>>> This would be good to do!
> >> >>>>>
> >> >>>>> Best, Tobias
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> From: owasp-board-bounces+tobias.gondrom=owasp.org at lists.owasp.org <mailto:owasp.org at lists.owasp.org>
> >> >>>>>
> >> >>>>> [mailto:owasp-board-bounces+tobias.gondrom <mailto:owasp-board-bounces%2Btobias.gondrom>=owasp.org at lists.owasp.org <mailto:owasp.org at lists.owasp.org>] On
> >> >>>>> Behalf Of Seba
> >> >>>>> Sent: Monday, November 7, 2016 09:17
> >> >>>>> To: Michael Coates <michael.coates at owasp.org <mailto:michael.coates at owasp.org>>
> >> >>>>> Cc: dinis <dinis at owasp.org <mailto:dinis at owasp.org>>; OWASP Foundation Board List
> >> >>>>> <owasp-board at lists.owasp.org <mailto:owasp-board at lists.owasp.org>>; Francois <francois at devseccon.com <mailto:francois at devseccon.com>>
> >> >>>>> Subject: Re: [Owasp-board] Fwd: Request for 150K USD seed fund for
> >> >>>>> the
> >> >>>>> OWASP-DevSecCon Summit in April 2017 in the UK
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> hi,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> I have added this as an extra topic on the agenda:
> >> >>>>>
> >> >>>>> https://www.owasp.org/index.php/November_8,_2016 <https://www.owasp.org/index.php/November_8,_2016>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In the coming weeks I will create a detailed budget plan together
> >> >>>>> with
> >> >>>>> the team and Andrew/Laura.
> >> >>>>>
> >> >>>>> At this state we are looking for the approval under the condition
> >> >>>>> that
> >> >>>>> a detailed budget will be provided by the next board call.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for questions on Skyp/mobile in the coming days.
> >> >>>>>
> >> >>>>> I will not be able to join the call, as it will be midnight for me
> >> >>>>> then
> >> >>>>> ...
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 9:52 PM Michael Coates
> >> >>>>> <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
> >> >>>>>
> >> >>>>> Acknowledged. We've got it now via the thread history.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The correct list is
> >> >>>>>
> >> >>>>> OWASP Foundation Board List <owasp-board at lists.owasp.org <mailto:owasp-board at lists.owasp.org>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In a previous email you sent it to a defunct owasp.org <http://owasp.org/> address that
> >> >>>>> I
> >> >>>>> believe was created as part of gmail. I don't recall why.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> --
> >> >>>>> Michael Coates | @_mwc
> >> >>>>>
> >> >>>>> OWASP Global Board
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 2:40 AM, Seba <seba at owasp.org <mailto:seba at owasp.org>> wrote:
> >> >>>>>
> >> >>>>> Got an email that this is the correct email address?
> >> >>>>> Weird, as I already sent this to the email below.
> >> >>>>> Can hou confirm reception of this email?
> >> >>>>>
> >> >>>>> Thx!
> >> >>>>> Seba
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> ---------- Forwarded message ---------
> >> >>>>> From: Seba <seba at owasp.org <mailto:seba at owasp.org>>
> >> >>>>>
> >> >>>>> Date: Mon, 24 Oct 2016 at 14:00
> >> >>>>> Subject: Request for 150K USD seed fund for the OWASP-DevSecCon
> >> >>>>> Summit
> >> >>>>> in April 2017 in the UK
> >> >>>>> To: Laura Grau <laura.grau at owasp.org <mailto:laura.grau at owasp.org>>, owasp-board at owasp.org <mailto:owasp-board at owasp.org>
> >> >>>>> <owasp-board at owasp.org <mailto:owasp-board at owasp.org>>
> >> >>>>> Cc: dinis <dinis at owasp.org <mailto:dinis at owasp.org>>, psiinon <psiinon at gmail.com <mailto:psiinon at gmail.com>>, Francois
> >> >>>>> <francois at devseccon.com <mailto:francois at devseccon.com>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Dear Laura, Board,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Last week I attended DevSecCon in London together with a couple of
> >> >>>>> other OWASP leaders (Dinis, Simon) and was excited about the
> >> >>>>> positive
> >> >>>>> atmosphere, content, workshops and attendees (both from development
> >> >>>>> as from
> >> >>>>> security backgrounds).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Together with Francois Raynaud (founder of DevSecCon, in cc) we
> >> >>>>> would
> >> >>>>> like to organise a summit with as main focus and theme: grouping the
> >> >>>>> DevOps,
> >> >>>>> Security and OWASP communities to work on actionable and automated
> >> >>>>> solutions
> >> >>>>> for secure development and operations of software.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> We submitted the following event as Summit in OCMS as proposal for
> >> >>>>> next
> >> >>>>> year.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Owasp-DevSecCon Summit, England, April 2017
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> OWASP is joining forces with DevSecCon to create a Summit focused on
> >> >>>>> the collaboration between
> >> >>>>>
> >> >>>>> Developers and Application Security.
> >> >>>>>
> >> >>>>> This is not a conference with uni-directional presentations, this is
> >> >>>>> a
> >> >>>>> working summit with working sessions on areas like: Secure Coding,
> >> >>>>> Security
> >> >>>>> Testing/TDD, DevOps, Threat Modeling, Mobile Security, IoT, Risk &
> >> >>>>> Governance, Privacy & CTO/CISO requirements, Secure Design,
> >> >>>>> Bug-bounties,
> >> >>>>> Browser Security, AI for Attack & Defence, DDoS, Cyber Warfare,
> >> >>>>> AppSec
> >> >>>>> Standards; and of course, working sessions on popular OWASP projects
> >> >>>>> (lead
> >> >>>>> by its leaders) such as: Zap, Top 10, Dependency Checker, OwaspSAMM,
> >> >>>>> OWASP
> >> >>>>> Guides (Testing, ASVS, Core Review), AppSensor and dozens more.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Using the same model as the past two OWASP Summits in Portugal, this
> >> >>>>> 5
> >> >>>>> day event will be a 16h day high energy experience, where the
> >> >>>>> attendees are
> >> >>>>> expected to work and collaborate really hard. Every working session
> >> >>>>> will be
> >> >>>>> thoroughly prepared and focused on actionable outcomes.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> If you care about Application Security and want to collaborate with
> >> >>>>> the
> >> >>>>> key players in this industry, this is the event to be.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The Summit will occur in England, April 2017, with an entry ticket
> >> >>>>> of
> >> >>>>> $2000 (covering travel + hotel + accommodation + event fee). OWASP
> >> >>>>> is
> >> >>>>> funding a large number of its leaders and other deserving
> >> >>>>> individuals to
> >> >>>>> attend, so if you feel you can't afford this fee, or your company is
> >> >>>>> not in
> >> >>>>> a position to sponsor you, please contact the event organisers.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In terms of budget we ask for a seed fund of 150K USD (first draft
> >> >>>>> budget attached in the OCMS request).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our objective is to lower the financial impact (and possibly get
> >> >>>>> this
> >> >>>>> to 0 or even make it a budget positive event) through sponsoring
> >> >>>>> (externally
> >> >>>>> and from projects/chapters) and have participant's organisations
> >> >>>>> cover the
> >> >>>>> costs.
> >> >>>>>
> >> >>>>> Nevertheless, we ask this seed fund to get the ball rolling and
> >> >>>>> focus
> >> >>>>> on content, speakers, workshops and tracks. In parallel we will
> >> >>>>> involve
> >> >>>>> Laura, the staff and our community to co-organize this as a
> >> >>>>> professional
> >> >>>>> event and submit a detailed budget in the following cycles.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our main question is:
> >> >>>>>
> >> >>>>> 1) your approval to reserve this summit seed fund (either by email
> >> >>>>> or
> >> >>>>> on your next board meeting 9-November).
> >> >>>>>
> >> >>>>> + your support to make this a great summit!
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for any questions/remarks thru email or other means.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Thank you
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> OWASP SAMM project
> >> >>>>>
> >> >>>>> OWASP Belgium chapter
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>> _______________________________________________
> >> >>>> Owasp-board mailing list
> >> >>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> >> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> >> >>>>
> >> >>>
> >> >>>
> >> >>> The information contained in this message and any attachments may be
> >> >>> privileged, confidential, proprietary or otherwise protected from
> >> >>> disclosure. If you, the reader of this message, are not the intended
> >> >>> recipient, you are hereby notified that any dissemination,
> >> >>> distribution,
> >> >>> copying or use of this message and any attachment is strictly
> >> >>> prohibited. If
> >> >>> you have received this message in error, please notify the sender
> >> >>> immediately by replying to the message, permanently delete it from
> >> >>> your
> >> >>> computer and destroy any
> >> >>> printout._______________________________________________
> >> >>> Owasp-board mailing list
> >> >>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> >> >>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> >>
> >>
> >>
> >> --
> >> Tom Brennan
> >> 973-202-0122 <tel:973-202-0122>
> 
> 
> 
> --
> Tom Brennan
> 973-202-0122 <tel:973-202-0122>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161122/3c044549/attachment-0001.html>


More information about the Owasp-board mailing list