[Owasp-board] Funding and Iran follow up

Tom Brennan - OWASP tomb at owasp.org
Tue Sep 6 00:43:58 UTC 2016


In response to your email inquiry on the board list, the action item
defined (8) days ago by the majority consensus of the board to the
staff was to obtain a letter of advisory from the OWASP Foundation
retained legal council on the request/topic by the 21-Sept meeting.

If a member of the staff who is handling this needs more information from
you they will reach out on this operational and legal issue. I would expect
a update on this at the next meeting because we (elected board) are not day
to day operational on the any of the tasks underway and the board
explicitly requested a letter of advisory from legal council on "Projects,
Funding and Iran"

Be patient, we now have three senior staff now at OWASP (Kate, Tiffany and
Matt) and we will get clarity on the topic(s). The staff will then discuss
it and recommend how to move forward at the 21-Sept update how to implement
it including updates to associated handbooks/policies as needed.

Thank you for your email to the owasp-board mailing list






On Monday, September 5, 2016, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Do we have to wait for a monthly board meeting to manage the foundation
> and obtain updates? On the 21 September 2016?
>
> I don't agree with this way of management.
>
> I think is time that we allow the staff to work and be responsible for
> certain things.
>
> I think it has to be clear operations & management activities from
> direction and decisions on vision and mission.
> That is the OWASP I know, the OWASP that used to be managed by Executive
> Director Sarah Baso.
>
> The board is not supposed to deal with Daily operation business such as
> this.
>
> Since there is no executive director, not sure who is accountable
> regarding operations, but it seems the board is taking that role.
>
> Gents, you are board members not employees working and involved in daily
> management activities , neither I think you have time for this given the
> fact your busy schedules.
>
> I assume these kind of things should be properly delegated.
>
> I ask once again: when will we have an answer regarding this?
>
> On Mon, Sep 5, 2016 at 12:52 PM, Tom Brennan <tomb at proactiverisk.com
> <javascript:_e(%7B%7D,'cvml','tomb at proactiverisk.com');>> wrote:
>
>> Updates will be provided at the monthly board meeting that is open to the
>> public. The action documented in the last meetig mins., was to obtain a
>> letter of advisory from the retained legal council of OWASP Foundation Inc.
>> and financial advisors.
>>
>>
>> On Monday, September 5, 2016, johanna curiel curiel <
>> johanna.curiel at owasp.org
>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>>
>>> Board members
>>>
>>> Any news regarding the position of OWASP with regards the Iran project
>>> leaders?
>>>
>>> Please let us know
>>>
>>> regards
>>>
>>> Johanna
>>>
>>> On Wed, Aug 24, 2016 at 10:04 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Board members,
>>>>
>>>> The following issues was mentioned during the board meeting yesterday:
>>>>
>>>> "Projects, Funding and Iran - Matt Tesauro & Claudia Casanovas
>>>>
>>>> We have several projects with leaders or co-leaders located in Iran.
>>>> This makes funding those projects problematic due to the OWASP Foundation
>>>> being a US charity and the economic sanctions imposed by the US. For
>>>> background, see the US Dept of State Iran Sanction site
>>>> <http://www.state.gov/e/eb/tfs/spi/iran/index.htm>. Details of the
>>>> projects in question are in the Projects Report for this month, slide 5
>>>> <https://docs.google.com/presentation/d/16III5sOo06KLyjdG2HEa7cA8hOSf9SKsuWbzbgD467s/edit?ts=57bc81b8#slide=id.g112855a4f6_0_14>.
>>>> S*ince any funding of activities in Iran represents a risk to the
>>>> Foundation, the staff is asking for the board to determine how the
>>>> Foundation will interact with any community members or project leaders
>>>> which are located in Iran*"
>>>>
>>>> https://www.owasp.org/index.php/August_23,_2016
>>>>
>>>> Now that this issue has been raised after some many years having a
>>>> Project Leader from Iran (Abbas Naderi) and even a project leader that was
>>>> considered to be part of the board and was a board candidate, I'm
>>>> requesting a clarification and solution, meaning that once you have raised
>>>> this subject , the situation should be clarified asap.
>>>>
>>>> I did consult a lawyer but he mentioned that in this case, being OWASP
>>>> a US non-profit foundation, to consult a lawyer knowledgeable in these
>>>> matters, not just any lawyer.
>>>>
>>>> So far, none of the Iranian leaders have received any goods or
>>>> financial support from OWASP. There is no commercial exchange between
>>>> Iranian leaders and OWASP, however, the restrictions go so far including
>>>> exchange of services or goods, or any kind of financial support, such as ,
>>>> sponsoring. In this case, many of the support/services provided by OWASP,
>>>> could be seen as an exchange of services.
>>>>
>>>> I'm not a lawyer and since we are talking about a very specific
>>>> situation, OWASP needs to define this situation asap because the
>>>> consequences for OWASP can be quite big.
>>>>
>>>> *One of the project that I co-lead, is technically nor can be
>>>> considered a 'Iranian' project, so please let's not call it that way. The
>>>> Projects are not from Iran, the projects are open source, anyone can reach
>>>> them and they are co-lead/lead by some one from Iran.So please, correct
>>>> this naming that bring confusion and the wrong tone to this issue.*
>>>>
>>>> Given this situation, it is clear that OWASP requires the advice of a
>>>> knowledgeable lawyer specialised in these cases, considering also that some
>>>> of the sanctions have been lifted and what that means for OWASP if provides
>>>> support of goods or services.
>>>>
>>>>
>>>> Please let us know asap, the next steps. I hope there is some actions
>>>> after this issue has been raised, so Ali and Reza , including me know what
>>>> to expect.
>>>>
>>>> Regards
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>>
>>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>
>>
>> --
>>
>> *Thomas Brennan*
>> Managing Partner, ProactiveRISK
>> +1-888-255-0834 Ext 799 | tomb at proactiverisk.com
>> <javascript:_e(%7B%7D,'cvml','tomb at proactiverisk.com');> | Proactive
>> Risk Inc. <http://www.proactiverisk.com> | 759 Bloomfield Ave., Suite
>> 172, West Caldwell New Jersey 07006
>>
>>
>> The information contained in this message and any attachments may be
>> privileged, confidential, proprietary or otherwise protected from
>> disclosure. If you, the reader of this message, are not the intended
>> recipient, you are hereby notified that any dissemination, distribution,
>> copying or use of this message and any attachment is strictly prohibited.
>> If you have received this message in error, please notify the sender
>> immediately by replying to the message, permanently delete it from your
>> computer and destroy any printout.
>
>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>


-- 
Tom Brennan
GPG ID: DC6AA149
https://www.linkedin.com/in/tombrennan

-- 
The information contained in this message and any attachments may be 
privileged, confidential, proprietary or otherwise protected from 
disclosure. If you, the reader of this message, are not the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying or use of this message and any attachment is strictly prohibited. 
If you have received this message in error, please notify the sender 
immediately by replying to the message, permanently delete it from your 
computer and destroy any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160905/ba99b4c3/attachment.html>


More information about the Owasp-board mailing list