[Owasp-board] [Owasp-leaders] Fwd: [owasp accounting] SAMM project funds status

Eoin Keary eoin.keary at owasp.org
Mon Oct 9 19:44:33 UTC 2017


Yep, Seba has driven SAMM relentlessly over the years. Great project.

@eoinkeary
OWASP since 2004!!

> On 9 Oct 2017, at 19:19, Colin Watson <colin.watson at owasp.org> wrote:
> 
> Fortunately (nor not), I am not involved in any projects with more than $5,000, but it would seem from a distance that SAMM is certainly not inactive. I believe there have been a couple of dedicated summits, which most other projects never do.
> 
> If the process is to write to a project asking for a budget, then some guidance could maybe be given as to what is expected, and how reminders and decisions are made? Perhaps sending something to the relevant project mailing list would also be beneficial, so that hopefully someone reads the "final waring".
> 
> There are perhaps improvements in the way OWASP's project processes are handled. I myself have seen how it took 34 months and 19 months respectively for two projects to have project reviews completed since the original requests (finally done in Oct 2017, but awaiting for one to be confirmed). I imagine that other projects might fall by the wayside over 2-3 years of waiting for actions from OWASP. We should not be too quick to dismiss project leaders if they take a little time, or maybe didn't even receive the single request. Let's have some give and take.
> 
> Regarding potentially inactive chapters, a few years ago I asked if there was a way to email the chapter leaders of every US chapter (to request funds to run a Cornucopia session at AppSec USA 2015, and give away cards). OWASP doesn't seem to maintain lists of current chapter leaders, and I had to go through every chapter page individually and extract named contacts. How does OWASP contact chapters if it doesn't know who the leaders are?
> 
> Colin
> 
> 
> 
> 
>> On 9 October 2017 at 12:59, psiinon <psiinon at gmail.com> wrote:
>> I think this is one that should remain on both.
>> 
>> We had problems with the ZAP funds last year too.
>> I received an email saying that our funds were going to be taken away as we hadnt submitted a budget. As with SAMM we hadnt been aware that this was a requirement.
>> Not surprisingly I complained and got into discussions with various people.
>> In the end I asked for some advice and guidance on submitting a budget.
>> I received no response and that seems to have been the end of it - no more demands but no assistance and we kept our funds.
>> 
>> I can see why budgets would be a good thing, but I'm very unhappy about the process that has been followed.
>> OWASP should be supporting projects not trying to take money off them (except as a last resort for inactive projects).
>> 
>> Managing a project budget is actually quite tricky, especially with the lack of visibility we get and how infrequently the relevant pages get updated.
>> I appreciate that OWASP is somewhat short staffed at the moment.
>> I'd have thought that would be all the more reason to work with projects rather than getting into disputes with them :)
>> 
>> Cheers,
>> 
>> Simon
>> 
>> 
>>> On Mon, Oct 9, 2017 at 12:42 PM, Frank Catucci <frank.catucci at owasp.org> wrote:
>>> Should it not remain on both? 
>>> 
>>>> On Oct 9, 2017, at 1:13 AM, Seba <seba at owasp.org> wrote:
>>>> 
>>>> Hi Eoin,
>>>> 
>>>> Well, I did not post this on the leaders list.
>>>> I will reply only to the board mailing list for peeps that are interested :-)
>>>> 
>>>> Regards
>>>> 
>>>> Seba
>>>> 
>>>>> On Sun, 8 Oct 2017 at 22:36, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>>> And here's me thinking owasp mail lists were a forum for solving the problem of software insecurity :)
>>>>> 
>>>>> -what do I know.....
>>>>> 
>>>>> 
>>>>> @eoinkeary
>>>>> OWASP since 2004!!
>>>>> 
>>>>>> On 8 Oct 2017, at 09:26, Seba <seba at owasp.org> wrote:
>>>>>> 
>>>>> 
>>>>>> Hi Andrew,
>>>>>> 
>>>>>> I am pretty sure that an email to accounting would have resulted in a forward to you and Matt how to handle this?
>>>>>> 
>>>>>> You cannot expect from the project/chapter leaders to know about all the boards decisions.
>>>>>> 
>>>>>> Looking at what was decided:
>>>>>> Motion: P10 - Accounts with a balance of $5,000 or more as of December 1, with no proposed budget for spending their funds, will be contacted by the OWASP staff directly to review their account balance.
>>>>>> We were not contacted by the OWASP staff. And were not aware of having to submit a budget.
>>>>>> Furthermore when looking at:
>>>>>> Motion: P7 - The OWASP Foundation Staff will be responsible for notifying all chapters and projects of their available account balance on at least a monthly basis. The notification should also include a reference to where they can go to find the list of pre-approved expenses.
>>>>>> We have not seen this, it was only because we requested a detailed balance last September that we got insight in the removed money from our available budget.
>>>>>> 
>>>>>> When I look at the board meeting minutes of Oct-2015, I do not see a detailed proposal or rationale on these motions.
>>>>>> https://docs.google.com/document/d/1iun7xfeJI9vU0rEbIoix46ge1h_kQ_3WqeAG8e2ctPs/edit
>>>>>> (I am not going to listen to a complete recording for this).
>>>>>> 
>>>>>> I can only assume this was initiated for inactive chapter/projects (where you should just recoup all their budget).
>>>>>> The SAMM project is active and we put a lot of time/resources in generating income for the project and the foundation.
>>>>>> Part of the income was generated by giving SAMM training at appsec conferences, where 60% of the revenue was directly for the foundation and 40% was allocated to the SAMM project.
>>>>>> Recouping our budget - which we need to further develop SAMMv2 and organize/support SAMM and community summits - makes me feel that our volunteer efforts are underappreciated.
>>>>>> 
>>>>>> I can understand that you want to activate the budget at the chapter/projects - but you cannot do this "by policy" without an active communication and involvement of the staff and the volunteers.
>>>>>> 
>>>>>> So I come back to our original question: Please refund the 3677.22 USD to the OWASP SAMM project ?
>>>>>> 
>>>>>> I also suggest to contact all the chapters/project leaders individually for budgeting 2018, as I have not seen this either...
>>>>>> Secondly: instead of making budget available to projects/chapters we should teach them how to raise income through sponsorship, training, events, books, ...
>>>>>> 
>>>>>> Kind regards
>>>>>> 
>>>>>> Seba
>>>>>> 
>>>>>>> On Sat, Oct 7, 2017 at 10:36 PM Andrew van der Stock <vanderaj at owasp.org> wrote:
>>>>>>> Hi Seba and Brian
>>>>>>> 
>>>>>>> I'm sorry, I've been onsite doing crazy flying hours. As Tom Brennan notes, I am not operational. If you need to get something like this looked at, you need to mail accounting at owasp.org which goes to a group alias that our finance team can process. The process as agreed by the Board in 2015 was that projects and chapters who did not submit a budget OR were inactive had a reduction to a $5k balance. You did not submit a budget. There's no question OpenSAMM was active, but the OR part is that you didn't submit a budget. This will be happening again soon. 
>>>>>>> 
>>>>>>> Here's the extract of your transactions. With your $10k donation to the Developer Summit, your forthcoming travel of $1739 to the OpenSAMM summit in November and the $3677.22 reduction to $5k in December last year, the balance is currently $0 across both the EU and US chapter balances. 
>>>>>>> 
>>>>>>> What do you need and how can we move this forward? We have Community Engagement funds, and if you've not used it yet in 2017, you have $2k available under that program. I'm happy to approve that right now if that's what you need. 
>>>>>>> 
>>>>>>> thanks,
>>>>>>> Andrew
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>>> On Sat, Oct 7, 2017 at 8:40 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>> Agreed and as you know we are ALL volunteers and the only way to address when managing to policy and resources have been exhausted.
>>>>>>>> 
>>>>>>>> Thanks Seba.
>>>>>>>> 
>>>>>>>> Tom Brennan
>>>>>>>> 973-202-0122
>>>>>>>> 
>>>>>>>>> On Oct 7, 2017, at 10:46 AM, Seba <seba at owasp.org> wrote:
>>>>>>>>> 
>>>>>>>>> hi,
>>>>>>>>> 
>>>>>>>>> I have added this to the board agenda - https://www.owasp.org/index.php/October_11,_2017
>>>>>>>>> I will not be able to attend as this is the middle of the night in Europe.
>>>>>>>>> Maybe Brian can?
>>>>>>>>> 
>>>>>>>>> I raised this immediately to Andrew & staff when we got the detailed overview of income/expenses for the project.
>>>>>>>>> not getting any response and now having to add this to the board agenda does not seem very efficient use of time of the involved volunteers.
>>>>>>>>> 
>>>>>>>>> regards
>>>>>>>>> 
>>>>>>>>> Seba
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>> On Sat, Oct 7, 2017 at 3:41 PM Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>>>> Thank you for the insight Brian. Operationally,  Projects are managed by Matt T and Claudia it appears that those options have been exhausted.
>>>>>>>>>> 
>>>>>>>>>> Since on the surface the issue that needs additional clarity and was not able to be resolved by staff to satisfaction managing to currently written policy as a guideline then as the Secretary I would recommend to all members as I always do, 1) in advance (preferred 10 days) add new business item to the board wiki agenda https://www.owasp.org/index.php/Board 2) Have a representative attend the board meeting 3) the OpenSAMM project leader(a) to speak (when new business is called for a block of time) to this item on the upcoming monthly global board agenda resulting in a motion and a vote of its elected leaders to resolve it (that is the appeal)
>>>>>>>>>> 
>>>>>>>>>> Since we operate in a decentralized community meeting monthly for the purpose of official OWASP business the member shall simply edit and add as new business a item to be raised otherwise it will never be officially reviewed and voted on by the elected leadership to be resolved by a majority vote.  There is no ivory tower that is how and the purpose of a elected board of directors when operational issues need additional focus effecting members.
>>>>>>>>>> 
>>>>>>>>>> This democratic process using Roberts rules is super important to understand especially as we move to a election cycle that starts on October 9th people have to VOTE with what they want OWASP to be in the future
>>>>>>>>>> https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election it is also a great opportunity for incoming board candidates to be part of the discussion.
>>>>>>>>>> 
>>>>>>>>>> Tom Brennan
>>>>>>>>>> 973-202-0122
>>>>>>>>>> 
>>>>>>>>>>> On Oct 7, 2017, at 8:15 AM, Brian Glas <brian.glas at gmail.com> wrote:
>>>>>>>>>>> 
>>>>>>>>>>> Tom,
>>>>>>>>>>> This isn't related to the summit or a traditional reimbursement.
>>>>>>>>>>> 
>>>>>>>>>>> The original request was related to a withdrawal of funds from our budget that we very much disagreed with.
>>>>>>>>>>> 
>>>>>>>>>>> "We cannot agree to line 65 "Recouping funds from projects that are either inactive, or did not submit a budget for 2017"
>>>>>>>>>>> 
>>>>>>>>>>> 1) OWASP SAMM is one of the most active flagship projects for the last couple of years, we even had a project summit during the last 3 years (hence the income)
>>>>>>>>>>> 2) None of the SAMM project leaders did get a request to submit a budget for 2017. If we would have received that we should surely have provided one.
>>>>>>>>>>> 
>>>>>>>>>>> Please refund the 3677.22 USD to the OWASP SAMM project ?
>>>>>>>>>>> We need this to cover our project team summit expenses in November."
>>>>>>>>>>> 
>>>>>>>>>>> I'm not clear on what the dispute process is for something like this, so if you can point us to that, it would be much appreciated.
>>>>>>>>>>> 
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Brian
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>>> On Sat, Oct 7, 2017 at 7:39 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>>>>>> If the project team had the funding and they submit a reimbursement Andrew should not be in the middle when managing to the existing reimbursement policy in the current project handbook. He’s not operational and appointed to the treasurer role to keep the global budget in check not individual transactions.
>>>>>>>>>>>> 
>>>>>>>>>>>> Oct 11 this can be noted as old business re Summit to get it resolved if needed Seba. Please have a representative join the public meeting to speak to it https://www.owasp.org/index.php/Board
>>>>>>>>>>>> 
>>>>>>>>>>>> Tom Brennan
>>>>>>>>>>>> 973-202-0122
>>>>>>>>>>>> 
>>>>>>>>>>>>> On Oct 7, 2017, at 2:18 AM, Seba <seba at owasp.org> wrote:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> hi,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> As I am not getting a response from Andrew: I am escalating this to the board.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> We cannot agree to line 65 "Recouping funds from projects that are either inactive, or did not submit a budget for 2017"
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 1) OWASP SAMM is one of the most active flagship projects for the last couple of years, we even had a project summit during the last 3 years (hence the income)
>>>>>>>>>>>>> 2) None of the SAMM project leaders did get a request to submit a budget for 2017. If we would have received that we should surely have provided one.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Please refund the 3677.22 USD to the OWASP SAMM project?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thank you
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Kind regards
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Seba 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>>>>>> From: Seba <seba at owasp.org>
>>>>>>>>>>>>> Date: Sun, Oct 1, 2017 at 6:34 PM
>>>>>>>>>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>>>>>>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>>>>>>>>>> Cc: Bart De Win <bart.dewin at owasp.org>, Brian Glas <brian.glas at gmail.com>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> hi Andrew
>>>>>>>>>>>>> 
>>>>>>>>>>>>> nudge, nudge ?? :-)
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Can you confirm you get this email?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> regards
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Seba
>>>>>>>>>>>>> 
>>>>>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>>>>>> From: Seba <seba at owasp.org>
>>>>>>>>>>>>> Date: Sun, Sep 24, 2017 at 9:40 AM
>>>>>>>>>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>>>>>>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>>>>>>>>>> Cc: Bart De Win <bart.dewin at owasp.org>, Brian Glas <brian.glas at gmail.com>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Andrew,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Can you confirm the refund of 3677.22 USD to the OWASP SAMM project ?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thank you
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Seba
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>>>>>> From: Seba <seba at owasp.org>
>>>>>>>>>>>>> Date: Mon, Sep 11, 2017 at 9:25 PM
>>>>>>>>>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>>>>>>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>>>>>>>>>> Cc: Brian Glas <brian.glas at gmail.com>, Bart De Win <bart.dewin at owasp.org>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Gents,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> We cannot agree to line 65 "Recouping funds from projects that are either inactive, or did not submit a budget for 2017"
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 1) OWASP SAMM is one of the most active flagship projects for the last couple of years, we even had a project summit during the last 3 years (hence the income)
>>>>>>>>>>>>> 2) None of the SAMM project leaders did get a request to submit a budget for 2017. If we would have received that we should surely have provided one.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Please refund the 3677.22 USD to the OWASP SAMM project ?
>>>>>>>>>>>>> We need this to cover our project team summit expenses in November.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thank you
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Kind regards
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Seba
>>>>>>>>>>>>> 
>>>>>>>>>>>>> ---------- Forwarded message ---------
>>>>>>>>>>>>> From: Tom Pappas <tpappas at virtualmgmt.com>
>>>>>>>>>>>>> Date: Mon, Sep 11, 2017 at 1:14 AM
>>>>>>>>>>>>> Subject: RE: [owasp accounting] SAMM project funds status
>>>>>>>>>>>>> To: Seba <seba at owasp.org>, Andrew van der Stock (vanderaj at owasp.org) <vanderaj at owasp.org>
>>>>>>>>>>>>> Cc: Matt Tesauro (matt.tesauro at owasp.org) <matt.tesauro at owasp.org>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Hello Seba,  here you go there are two tabs as Open SAMM has both a US and EU balance.  These are from the beginning of the proj through 7.31.17 which is the last month we have closed.  Take care
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thomas S. Pappas, MSA |   Senior Vice President of Finance & Administration | Virtual, Inc.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> D: +1-781-876-8914
>>>>>>>>>>>>> 
>>>>>>>>>>>>> F:  +1-781-623-8460 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> tpappas at virtualmgmt.com 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 401 Edgewater Place, Suite 600, Wakefield, MA 01880
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> <image001.png>
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> From: Seba [mailto:seba at owasp.org] 
>>>>>>>>>>>>> Sent: Sunday, September 10, 2017 5:46 AM
>>>>>>>>>>>>> To: Alison Shrader <accounting at owasp.org>
>>>>>>>>>>>>> Subject: [owasp accounting] SAMM project funds status
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> hi,
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Can you provide a detailed overview of income/expenses for the SAMM project for the last year?
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thank you
>>>>>>>>>>>>> 
>>>>>>>>>>>>>  
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Seba
>>>>>>>>>>>>> 
>>>>>>>>>>>>> -- 
>>>>>>>>>>>>> You received this message because you are subscribed to the Google Groups "OWASP Accounting group" group.
>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, send an email to accounting+unsubscribe at owasp.org.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> <OpenSamm US and EU Balance as of 7.31.17.xlsx>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>> 
>>>>>>> 
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>> 
>> 
>> 
>> -- 
>> OWASP ZAP Project leader
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20171009/b5a2b785/attachment-0001.html>


More information about the Owasp-board mailing list