[Owasp-board] Fwd: Request for 150K USD seed fund for the OWASP-DevSecCon Summit in April 2017 in the UK

Seba seba at owasp.org
Fri Nov 25 09:27:20 UTC 2016


hi Tom, all,

Just to clarify: DevSecCON is not a non-profit.

We agreed with Francois that ALL the transactions will be going through the
OWASP foundation. DevSecCon will not receive any money for this event.
Francois will dedicate his time for free to this summit and allows us to
use the DevSecCon logo & name.

We will put down our agreements in a co-marketing contract between OWASP
and DevSecCON.

@Laura - do you have a co-marketing template contract we can use for this?

Thanks

Seba

On Tue, Nov 22, 2016 at 4:26 PM Tom Brennan <tomb at owasp.org> wrote:

> Thanks, my only questions based on what I read so far is:
>
> Is DecSecCon another registered non-profit business?
>
> Will DevSecCon also be putting up 150k or is OWASP taking all the risk
> here acting as the funding vehicle?
>
>
>
> On Tue, Nov 22, 2016 at 9:52 AM, Seba <seba at owasp.org> wrote:
> > Hi Tom
> >
> > Can the timing be adapted, I cannot make the middle of the night ?
> >
> > Yes, this is a joint organisation from OWASP & DevSecCon.
> >
> > I will reach out to Andrew with the draft budget (with our current
> > assumptions)
> >
> > Seba
> >
> >
> > On Tue, Nov 22, 2016 at 3:46 PM Tom Brennan <tomb at owasp.org> wrote:
> >>
> >> Next meeting is the 30th see:
> >> https://www.owasp.org/index.php/Board#tab=Agenda_for_2016_Meetings
> >>
> >> re: the request this is a request for 150k from OWASP.  This
> >> relationship with another legal entity sounds like a partnership not a
> >> 100% summit or owasp regional event.. can you provide some clarity
> >> around that?  Andrew is the treasurer you might want to start a thread
> >> with him on it
> >>
> >> On Tue, Nov 22, 2016 at 2:58 AM, Seba <seba at owasp.org> wrote:
> >> > hi Tom,
> >> >
> >> > I listened to the recording, my notes below
> >> > recording -
> >> > https://drive.google.com/file/d/0B0yxedKRQADib3RmSHBBMmVfMXM/view
> >> > (starts
> >> > around 13', ends at 18')
> >> >
> >> > notes board meeting 8  - Nov on summit, notes
> >> >
> >> > aim for revenue neutral?
> >> > this is what owasp should be doing, but should be budget neutral
> >> > need more details in writing for the next board meeting
> >> > involve at least one board member to "own" this.
> >> > start with a lower seed fund?
> >> > chapter funds will also be called upon.
> >> >
> >> > As stated below, I am available for a call on the 30th (possibly
> joined
> >> > by
> >> > Dinis & Francois)
> >> > I can do 20h30 CET -
> >> >
> >> >
> https://www.timeanddate.com/worldclock/fixedtime.html?msg=summit+seed+fund+call&iso=20161130T2030&p1=48&am=30
> >> >
> >> > regards
> >> >
> >> > Seba
> >> >
> >> > On Wed, Nov 9, 2016 at 7:58 AM Seba <seba at owasp.org> wrote:
> >> >>
> >> >> Hi Tom,
> >> >>
> >> >> I will listen to the recordings, respond to questions and push this
> >> >> further towards a successful summit (together with the team).
> >> >> I can join a call on the 30th, assuming it is on a CET-timezone
> >> >> friendly
> >> >> time :-)
> >> >> Preferably 21h30 CEST / 3:30pm EST ?
> >> >>
> >> >> regards
> >> >>
> >> >> Seba
> >> >>
> >> >>
> >> >>
> >> >> On Wed, Nov 9, 2016 at 3:12 AM Tom Brennan - OWASP <tomb at owasp.org>
> >> >> wrote:
> >> >>>
> >> >>> @ Dinis and Seba listen to the board meeting recording/mins., about
> >> >>> the
> >> >>> request for over 100k for joint effort with another business.  Based
> >> >>> on the
> >> >>> current model it actually falls under a joint-event and would
> require
> >> >>> a
> >> >>> co-marketing agreement and seed-money.
> >> >>>
> >> >>> https://www.owasp.org/index.php/November_8,_2016 (when link is
> >> >>> available)
> >> >>>
> >> >>> You guys have been board members you know what it is like to have
> >> >>> something vague on the agenda a motion to approve money and
> questions
> >> >>> from
> >> >>> attendees members of the public, staff and board on the submission.
> >> >>> Without
> >> >>> anyone from your team to speak to the initiative or a staff member
> or
> >> >>> board
> >> >>> member briefed it unfortunately gets pushed and without a motion, a
> >> >>> second
> >> >>> or a vote to make it happen.
> >> >>>
> >> >>> So that it can be approved by a majority vote (4) people for 2017
> >> >>> would
> >> >>> someone from your team who is going to LEAD the effort answer
> >> >>> questions and
> >> >>> be available on the 30th?
> >> >>>
> >> >>> Would that person be Francois or one of you guys?
> >> >>> https://www.linkedin.com/in/francoisraynaud
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Tue, Nov 8, 2016 at 3:32 PM, Matt Konda <matt.konda at owasp.org>
> >> >>> wrote:
> >> >>>>
> >> >>>> Seba,
> >> >>>>
> >> >>>> Is there someone attending the board meeting that can speak to this
> >> >>>> in
> >> >>>> more detail?
> >> >>>>
> >> >>>> In general, I like the idea.  I have questions ...
> >> >>>>
> >> >>>> How many people do we expect to reach for the investment?
> >> >>>> What would be the outcome?
> >> >>>> What kind of organizational (events) support are you hoping for?
> >> >>>>
> >> >>>> As someone who was never part of the previous summits, I wonder if
> >> >>>> they
> >> >>>> are as open and inclusive as we would need them to be to justify
> >> >>>> almost 10%
> >> >>>> of our yearly budget to fund it.
> >> >>>>
> >> >>>> I definitely want to hear more - great work!
> >> >>>>
> >> >>>> Thanks,
> >> >>>> Matt
> >> >>>>
> >> >>>> On Tue, Nov 8, 2016 at 2:13 PM, Tobias Gondrom
> >> >>>> <tobias.gondrom at owasp.org> wrote:
> >> >>>>>
> >> >>>>> I support this initiative.
> >> >>>>>
> >> >>>>> This would be good to do!
> >> >>>>>
> >> >>>>> Best, Tobias
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> From: owasp-board-bounces+tobias.gondrom=
> owasp.org at lists.owasp.org
> >> >>>>>
> >> >>>>> [mailto:owasp-board-bounces+tobias.gondrom=
> owasp.org at lists.owasp.org] On
> >> >>>>> Behalf Of Seba
> >> >>>>> Sent: Monday, November 7, 2016 09:17
> >> >>>>> To: Michael Coates <michael.coates at owasp.org>
> >> >>>>> Cc: dinis <dinis at owasp.org>; OWASP Foundation Board List
> >> >>>>> <owasp-board at lists.owasp.org>; Francois <francois at devseccon.com>
> >> >>>>> Subject: Re: [Owasp-board] Fwd: Request for 150K USD seed fund for
> >> >>>>> the
> >> >>>>> OWASP-DevSecCon Summit in April 2017 in the UK
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> hi,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> I have added this as an extra topic on the agenda:
> >> >>>>>
> >> >>>>> https://www.owasp.org/index.php/November_8,_2016
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In the coming weeks I will create a detailed budget plan together
> >> >>>>> with
> >> >>>>> the team and Andrew/Laura.
> >> >>>>>
> >> >>>>> At this state we are looking for the approval under the condition
> >> >>>>> that
> >> >>>>> a detailed budget will be provided by the next board call.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for questions on Skyp/mobile in the coming days.
> >> >>>>>
> >> >>>>> I will not be able to join the call, as it will be midnight for me
> >> >>>>> then
> >> >>>>> ...
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 9:52 PM Michael Coates
> >> >>>>> <michael.coates at owasp.org> wrote:
> >> >>>>>
> >> >>>>> Acknowledged. We've got it now via the thread history.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The correct list is
> >> >>>>>
> >> >>>>> OWASP Foundation Board List <owasp-board at lists.owasp.org>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In a previous email you sent it to a defunct owasp.org address
> that
> >> >>>>> I
> >> >>>>> believe was created as part of gmail. I don't recall why.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> --
> >> >>>>> Michael Coates | @_mwc
> >> >>>>>
> >> >>>>> OWASP Global Board
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 2:40 AM, Seba <seba at owasp.org> wrote:
> >> >>>>>
> >> >>>>> Got an email that this is the correct email address?
> >> >>>>> Weird, as I already sent this to the email below.
> >> >>>>> Can hou confirm reception of this email?
> >> >>>>>
> >> >>>>> Thx!
> >> >>>>> Seba
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> ---------- Forwarded message ---------
> >> >>>>> From: Seba <seba at owasp.org>
> >> >>>>>
> >> >>>>> Date: Mon, 24 Oct 2016 at 14:00
> >> >>>>> Subject: Request for 150K USD seed fund for the OWASP-DevSecCon
> >> >>>>> Summit
> >> >>>>> in April 2017 in the UK
> >> >>>>> To: Laura Grau <laura.grau at owasp.org>, owasp-board at owasp.org
> >> >>>>> <owasp-board at owasp.org>
> >> >>>>> Cc: dinis <dinis at owasp.org>, psiinon <psiinon at gmail.com>,
> Francois
> >> >>>>> <francois at devseccon.com>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Dear Laura, Board,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Last week I attended DevSecCon in London together with a couple of
> >> >>>>> other OWASP leaders (Dinis, Simon) and was excited about the
> >> >>>>> positive
> >> >>>>> atmosphere, content, workshops and attendees (both from
> development
> >> >>>>> as from
> >> >>>>> security backgrounds).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Together with Francois Raynaud (founder of DevSecCon, in cc) we
> >> >>>>> would
> >> >>>>> like to organise a summit with as main focus and theme: grouping
> the
> >> >>>>> DevOps,
> >> >>>>> Security and OWASP communities to work on actionable and automated
> >> >>>>> solutions
> >> >>>>> for secure development and operations of software.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> We submitted the following event as Summit in OCMS as proposal for
> >> >>>>> next
> >> >>>>> year.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Owasp-DevSecCon Summit, England, April 2017
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> OWASP is joining forces with DevSecCon to create a Summit focused
> on
> >> >>>>> the collaboration between
> >> >>>>>
> >> >>>>> Developers and Application Security.
> >> >>>>>
> >> >>>>> This is not a conference with uni-directional presentations, this
> is
> >> >>>>> a
> >> >>>>> working summit with working sessions on areas like: Secure Coding,
> >> >>>>> Security
> >> >>>>> Testing/TDD, DevOps, Threat Modeling, Mobile Security, IoT, Risk &
> >> >>>>> Governance, Privacy & CTO/CISO requirements, Secure Design,
> >> >>>>> Bug-bounties,
> >> >>>>> Browser Security, AI for Attack & Defence, DDoS, Cyber Warfare,
> >> >>>>> AppSec
> >> >>>>> Standards; and of course, working sessions on popular OWASP
> projects
> >> >>>>> (lead
> >> >>>>> by its leaders) such as: Zap, Top 10, Dependency Checker,
> OwaspSAMM,
> >> >>>>> OWASP
> >> >>>>> Guides (Testing, ASVS, Core Review), AppSensor and dozens more.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Using the same model as the past two OWASP Summits in Portugal,
> this
> >> >>>>> 5
> >> >>>>> day event will be a 16h day high energy experience, where the
> >> >>>>> attendees are
> >> >>>>> expected to work and collaborate really hard. Every working
> session
> >> >>>>> will be
> >> >>>>> thoroughly prepared and focused on actionable outcomes.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> If you care about Application Security and want to collaborate
> with
> >> >>>>> the
> >> >>>>> key players in this industry, this is the event to be.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The Summit will occur in England, April 2017, with an entry ticket
> >> >>>>> of
> >> >>>>> $2000 (covering travel + hotel + accommodation + event fee). OWASP
> >> >>>>> is
> >> >>>>> funding a large number of its leaders and other deserving
> >> >>>>> individuals to
> >> >>>>> attend, so if you feel you can't afford this fee, or your company
> is
> >> >>>>> not in
> >> >>>>> a position to sponsor you, please contact the event organisers.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In terms of budget we ask for a seed fund of 150K USD (first draft
> >> >>>>> budget attached in the OCMS request).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our objective is to lower the financial impact (and possibly get
> >> >>>>> this
> >> >>>>> to 0 or even make it a budget positive event) through sponsoring
> >> >>>>> (externally
> >> >>>>> and from projects/chapters) and have participant's organisations
> >> >>>>> cover the
> >> >>>>> costs.
> >> >>>>>
> >> >>>>> Nevertheless, we ask this seed fund to get the ball rolling and
> >> >>>>> focus
> >> >>>>> on content, speakers, workshops and tracks. In parallel we will
> >> >>>>> involve
> >> >>>>> Laura, the staff and our community to co-organize this as a
> >> >>>>> professional
> >> >>>>> event and submit a detailed budget in the following cycles.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our main question is:
> >> >>>>>
> >> >>>>> 1) your approval to reserve this summit seed fund (either by email
> >> >>>>> or
> >> >>>>> on your next board meeting 9-November).
> >> >>>>>
> >> >>>>> + your support to make this a great summit!
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for any questions/remarks thru email or other means.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Thank you
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> OWASP SAMM project
> >> >>>>>
> >> >>>>> OWASP Belgium chapter
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>> _______________________________________________
> >> >>>> Owasp-board mailing list
> >> >>>> Owasp-board at lists.owasp.org
> >> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>
> >> >>>
> >> >>>
> >> >>> The information contained in this message and any attachments may be
> >> >>> privileged, confidential, proprietary or otherwise protected from
> >> >>> disclosure. If you, the reader of this message, are not the intended
> >> >>> recipient, you are hereby notified that any dissemination,
> >> >>> distribution,
> >> >>> copying or use of this message and any attachment is strictly
> >> >>> prohibited. If
> >> >>> you have received this message in error, please notify the sender
> >> >>> immediately by replying to the message, permanently delete it from
> >> >>> your
> >> >>> computer and destroy any
> >> >>> printout._______________________________________________
> >> >>> Owasp-board mailing list
> >> >>> Owasp-board at lists.owasp.org
> >> >>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >>
> >>
> >> --
> >> Tom Brennan
> >> 973-202-0122
>
>
>
> --
> Tom Brennan
> 973-202-0122
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161125/d41230ff/attachment-0001.html>


More information about the Owasp-board mailing list