[Owasp-board] Funding and Iran follow up

johanna curiel curiel johanna.curiel at owasp.org
Tue Sep 6 01:24:18 UTC 2016


Thank you Tom for that quick reaction.

I assume , given the information provided by you, that the staff is already
busy on these matters and that we will received a complete update on the
21st September?

On Mon, Sep 5, 2016 at 8:43 PM, Tom Brennan - OWASP <tomb at owasp.org> wrote:

> In response to your email inquiry on the board list, the action item
> defined (8) days ago by the majority consensus of the board to the
> staff was to obtain a letter of advisory from the OWASP Foundation
> retained legal council on the request/topic by the 21-Sept meeting.
>
> If a member of the staff who is handling this needs more information from
> you they will reach out on this operational and legal issue. I would expect
> a update on this at the next meeting because we (elected board) are not day
> to day operational on the any of the tasks underway and the board
> explicitly requested a letter of advisory from legal council on "Projects,
> Funding and Iran"
>
> Be patient, we now have three senior staff now at OWASP (Kate, Tiffany and
> Matt) and we will get clarity on the topic(s). The staff will then discuss
> it and recommend how to move forward at the 21-Sept update how to implement
> it including updates to associated handbooks/policies as needed.
>
> Thank you for your email to the owasp-board mailing list
>
>
>
>
>
>
> On Monday, September 5, 2016, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Do we have to wait for a monthly board meeting to manage the foundation
>> and obtain updates? On the 21 September 2016?
>>
>> I don't agree with this way of management.
>>
>> I think is time that we allow the staff to work and be responsible for
>> certain things.
>>
>> I think it has to be clear operations & management activities from
>> direction and decisions on vision and mission.
>> That is the OWASP I know, the OWASP that used to be managed by Executive
>> Director Sarah Baso.
>>
>> The board is not supposed to deal with Daily operation business such as
>> this.
>>
>> Since there is no executive director, not sure who is accountable
>> regarding operations, but it seems the board is taking that role.
>>
>> Gents, you are board members not employees working and involved in daily
>> management activities , neither I think you have time for this given the
>> fact your busy schedules.
>>
>> I assume these kind of things should be properly delegated.
>>
>> I ask once again: when will we have an answer regarding this?
>>
>> On Mon, Sep 5, 2016 at 12:52 PM, Tom Brennan <tomb at proactiverisk.com>
>> wrote:
>>
>>> Updates will be provided at the monthly board meeting that is open to
>>> the public. The action documented in the last meetig mins., was to
>>> obtain a letter of advisory from the retained legal council of OWASP
>>> Foundation Inc. and financial advisors.
>>>
>>>
>>> On Monday, September 5, 2016, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Board members
>>>>
>>>> Any news regarding the position of OWASP with regards the Iran project
>>>> leaders?
>>>>
>>>> Please let us know
>>>>
>>>> regards
>>>>
>>>> Johanna
>>>>
>>>> On Wed, Aug 24, 2016 at 10:04 AM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> Board members,
>>>>>
>>>>> The following issues was mentioned during the board meeting yesterday:
>>>>>
>>>>> "Projects, Funding and Iran - Matt Tesauro & Claudia Casanovas
>>>>>
>>>>> We have several projects with leaders or co-leaders located in Iran.
>>>>> This makes funding those projects problematic due to the OWASP Foundation
>>>>> being a US charity and the economic sanctions imposed by the US. For
>>>>> background, see the US Dept of State Iran Sanction site
>>>>> <http://www.state.gov/e/eb/tfs/spi/iran/index.htm>. Details of the
>>>>> projects in question are in the Projects Report for this month, slide
>>>>> 5
>>>>> <https://docs.google.com/presentation/d/16III5sOo06KLyjdG2HEa7cA8hOSf9SKsuWbzbgD467s/edit?ts=57bc81b8#slide=id.g112855a4f6_0_14>.
>>>>> S*ince any funding of activities in Iran represents a risk to the
>>>>> Foundation, the staff is asking for the board to determine how the
>>>>> Foundation will interact with any community members or project leaders
>>>>> which are located in Iran*"
>>>>>
>>>>> https://www.owasp.org/index.php/August_23,_2016
>>>>>
>>>>> Now that this issue has been raised after some many years having a
>>>>> Project Leader from Iran (Abbas Naderi) and even a project leader that was
>>>>> considered to be part of the board and was a board candidate, I'm
>>>>> requesting a clarification and solution, meaning that once you have raised
>>>>> this subject , the situation should be clarified asap.
>>>>>
>>>>> I did consult a lawyer but he mentioned that in this case, being OWASP
>>>>> a US non-profit foundation, to consult a lawyer knowledgeable in these
>>>>> matters, not just any lawyer.
>>>>>
>>>>> So far, none of the Iranian leaders have received any goods or
>>>>> financial support from OWASP. There is no commercial exchange between
>>>>> Iranian leaders and OWASP, however, the restrictions go so far including
>>>>> exchange of services or goods, or any kind of financial support, such as ,
>>>>> sponsoring. In this case, many of the support/services provided by OWASP,
>>>>> could be seen as an exchange of services.
>>>>>
>>>>> I'm not a lawyer and since we are talking about a very specific
>>>>> situation, OWASP needs to define this situation asap because the
>>>>> consequences for OWASP can be quite big.
>>>>>
>>>>> *One of the project that I co-lead, is technically nor can be
>>>>> considered a 'Iranian' project, so please let's not call it that way. The
>>>>> Projects are not from Iran, the projects are open source, anyone can reach
>>>>> them and they are co-lead/lead by some one from Iran.So please, correct
>>>>> this naming that bring confusion and the wrong tone to this issue.*
>>>>>
>>>>> Given this situation, it is clear that OWASP requires the advice of a
>>>>> knowledgeable lawyer specialised in these cases, considering also that some
>>>>> of the sanctions have been lifted and what that means for OWASP if provides
>>>>> support of goods or services.
>>>>>
>>>>>
>>>>> Please let us know asap, the next steps. I hope there is some actions
>>>>> after this issue has been raised, so Ali and Reza , including me know what
>>>>> to expect.
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>> --
>>>>> Johanna Curiel
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>
>>>
>>> --
>>>
>>> *Thomas Brennan*
>>> Managing Partner, ProactiveRISK
>>> +1-888-255-0834 Ext 799 | tomb at proactiverisk.com | Proactive Risk Inc.
>>> <http://www.proactiverisk.com> | 759 Bloomfield Ave., Suite 172, West
>>> Caldwell New Jersey 07006
>>>
>>>
>>> The information contained in this message and any attachments may be
>>> privileged, confidential, proprietary or otherwise protected from
>>> disclosure. If you, the reader of this message, are not the intended
>>> recipient, you are hereby notified that any dissemination, distribution,
>>> copying or use of this message and any attachment is strictly prohibited.
>>> If you have received this message in error, please notify the sender
>>> immediately by replying to the message, permanently delete it from your
>>> computer and destroy any printout.
>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>
> --
> Tom Brennan
> GPG ID: DC6AA149
> https://www.linkedin.com/in/tombrennan
>
>
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160905/04488c5d/attachment-0001.html>


More information about the Owasp-board mailing list