[Owasp-board] Funding and Iran follow up

johanna curiel curiel johanna.curiel at owasp.org
Mon Sep 5 21:08:23 UTC 2016

Do we have to wait for a monthly board meeting to manage the foundation and
obtain updates? On the 21 September 2016?

I don't agree with this way of management.

I think is time that we allow the staff to work and be responsible for
certain things.

I think it has to be clear operations & management activities from
direction and decisions on vision and mission.
That is the OWASP I know, the OWASP that used to be managed by Executive
Director Sarah Baso.

The board is not supposed to deal with Daily operation business such as

Since there is no executive director, not sure who is accountable regarding
operations, but it seems the board is taking that role.

Gents, you are board members not employees working and involved in daily
management activities , neither I think you have time for this given the
fact your busy schedules.

I assume these kind of things should be properly delegated.

I ask once again: when will we have an answer regarding this?

On Mon, Sep 5, 2016 at 12:52 PM, Tom Brennan <tomb at proactiverisk.com> wrote:

> Updates will be provided at the monthly board meeting that is open to the
> public. The action documented in the last meetig mins., was to obtain a
> letter of advisory from the retained legal council of OWASP Foundation Inc.
> and financial advisors.
> On Monday, September 5, 2016, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Board members
>> Any news regarding the position of OWASP with regards the Iran project
>> leaders?
>> Please let us know
>> regards
>> Johanna
>> On Wed, Aug 24, 2016 at 10:04 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Board members,
>>> The following issues was mentioned during the board meeting yesterday:
>>> "Projects, Funding and Iran - Matt Tesauro & Claudia Casanovas
>>> We have several projects with leaders or co-leaders located in Iran.
>>> This makes funding those projects problematic due to the OWASP Foundation
>>> being a US charity and the economic sanctions imposed by the US. For
>>> background, see the US Dept of State Iran Sanction site
>>> <http://www.state.gov/e/eb/tfs/spi/iran/index.htm>. Details of the
>>> projects in question are in the Projects Report for this month, slide 5
>>> <https://docs.google.com/presentation/d/16III5sOo06KLyjdG2HEa7cA8hOSf9SKsuWbzbgD467s/edit?ts=57bc81b8#slide=id.g112855a4f6_0_14>.
>>> S*ince any funding of activities in Iran represents a risk to the
>>> Foundation, the staff is asking for the board to determine how the
>>> Foundation will interact with any community members or project leaders
>>> which are located in Iran*"
>>> https://www.owasp.org/index.php/August_23,_2016
>>> Now that this issue has been raised after some many years having a
>>> Project Leader from Iran (Abbas Naderi) and even a project leader that was
>>> considered to be part of the board and was a board candidate, I'm
>>> requesting a clarification and solution, meaning that once you have raised
>>> this subject , the situation should be clarified asap.
>>> I did consult a lawyer but he mentioned that in this case, being OWASP a
>>> US non-profit foundation, to consult a lawyer knowledgeable in these
>>> matters, not just any lawyer.
>>> So far, none of the Iranian leaders have received any goods or financial
>>> support from OWASP. There is no commercial exchange between Iranian leaders
>>> and OWASP, however, the restrictions go so far including exchange of
>>> services or goods, or any kind of financial support, such as , sponsoring.
>>> In this case, many of the support/services provided by OWASP, could be seen
>>> as an exchange of services.
>>> I'm not a lawyer and since we are talking about a very specific
>>> situation, OWASP needs to define this situation asap because the
>>> consequences for OWASP can be quite big.
>>> *One of the project that I co-lead, is technically nor can be considered
>>> a 'Iranian' project, so please let's not call it that way. The Projects are
>>> not from Iran, the projects are open source, anyone can reach them and they
>>> are co-lead/lead by some one from Iran.So please, correct this naming that
>>> bring confusion and the wrong tone to this issue.*
>>> Given this situation, it is clear that OWASP requires the advice of a
>>> knowledgeable lawyer specialised in these cases, considering also that some
>>> of the sanctions have been lifted and what that means for OWASP if provides
>>> support of goods or services.
>>> Please let us know asap, the next steps. I hope there is some actions
>>> after this issue has been raised, so Ali and Reza , including me know what
>>> to expect.
>>> Regards
>>> --
>>> Johanna Curiel
>> --
>> Johanna Curiel
>> OWASP Volunteer
> --
> *Thomas Brennan*
> Managing Partner, ProactiveRISK
> +1-888-255-0834 Ext 799 | tomb at proactiverisk.com | Proactive Risk Inc.
> <http://www.proactiverisk.com> | 759 Bloomfield Ave., Suite 172, West
> Caldwell New Jersey 07006
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.

Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160905/a6314023/attachment-0001.html>

More information about the Owasp-board mailing list