[Owasp-board] OWASP Summit 2018 - event submitted for approval in OCMS

Seba seba at owasp.org
Wed Sep 6 06:19:34 UTC 2017


hi Josh, Board,

Like explained a couple of times already,  I am going over the results with
Tom as there is  a difference from our budget with actuals (break-even,
attached earlier) and the event P&L in quickbooks.

Here is an overview from our actuals (I can explain/track every cent):


[image: image.png]

This does NOT include the OWASP seed fund of 50.000 USD, which we did not
need/use!

Tom and I are scheduling a call why there are differences, but a lot is
because of Alison leaving and Virtual not keeping up.
(We still had a couple of invoices created last week, 3 months overdue)

So: yes the summit was break even.

As for the outcome, you must read
https://www.continuumsecurity.net/owasp-summit-exceeded-expectations/
from Stephen De Vries

Flagship project leaders such as:
Matteo Meucci (Testing Guide)
OWASP Top 10 (Dave Wichers / Andrew)
ZAP (Simon Bennet)
SAMM (myself, Bart De Win, Brian)
Can testify that we made real progress

Besides numerous other projects and initiatives, e.g.
The OWASP Mobile Security Testing Guide (MSTG) major update
created/released at the OWASP Summit 2017 -
https://owaspsummit.org/Outcomes/Mobile-Security/MSTG.html
The list goes on: https://owaspsummit.org/Outcomes/

I argue that this summit (and its organization) is core for our OWASP
mission and our community.
It may not have created a profit as an appsec conference, but we created
real OWASP content.
Which is the most important reason people rely on OWASP.

We are asking (and please put this up as vote):
1. Recognize the OWASP Summit as a global event with equal staff support as
for an appsec conference
2. Set aside 100.000 USD as seed fund to cover travel for selected
working-session organizers

I added this to the agenda (which seems quite empty at the moment) here -
https://www.owasp.org/index.php/September_6,_2017

Thank you

Kind regards

Seba


On Thu, Aug 31, 2017 at 5:55 PM Josh Sokol <josh.sokol at owasp.org> wrote:

> Seba,
>
> The current accounting of the event in Quickbooks looks like this:
>
> Revenue of 109,592 Euros
>
> Expenses of 187,030 Euros
>
> Less Donations 15019 Euros
>
> Net loss 62,420 Euros ($74215 USD)
>
> Budgeted Net Loss  64,365 Euros ($76,559 USD)
>
> Variance to Budget Net Income 1,945 Euros
>
>
> It seems like the differences here may be semantics.  When you say the
> summit was break-even according to your calculations, I'm guessing that
> it's with the budgeted net loss of 64,365 Euros?  When Matt says the event
> lost money, I believe he is referring to the difference between revenue and
> expenses (less donations) of 62,420 Euros.
>
>
> With respect to the seed funds, my assumption is that these are not being
> recognized as either the revenue or expenses since OWASP effectively
> fronted that money already.  I would assume, perhaps incorrectly, that we
> can remove seed funds from the equation above (unless the revenue
> includes the seed funds and the expenses include the pay back, which I kind
> of doubt) and the net here is that it cost the OWASP Foundation 84,438
> Euros to run the summit (factoring in the chapter/project donations that
> could have been spent elsewhere due to the opportunity cost).  That's just
> over $100,000 USD.
>
>
> This summit was an experiment with the goal of breaking even, and as far
> as I can tell the numbers show that we were very far from that goal.  Thus,
> the real questions in my mind are did we get $100k worth of value out of
> the summit and what else could that $100k USD have been spent on that would
> have resulted in more return for the OWASP Foundation?  My gut says that
> the return on investment just wasn't there for this and, while I think your
> heart is in the right place, the financials around it just don't make sense
> to continue.  Personally, and I'm only one Board member, I feel that this
> money is better spent elsewhere.
>
>
> ~josh
>
> On Thu, Aug 31, 2017 at 12:53 AM, Seba <seba at owasp.org> wrote:
>
>> hi Matt,
>>
>> we asked for 150K seed fund, but got 50K. Never 150K.
>> we were able to refund the 50K to the foundation: the first summit was
>> break-even (at least according to our own calculations).
>>
>> signing the contract does not commit you to provide us with the seed
>> fund, we should be able to at least have the same results as this year.
>> actually we will try to create a profit for the foundation.
>>
>> our parallel requests are:
>> 1) to have this recognized and supported as a global event
>> 2) to get 100K seed fund to cover travel of owasp volunteers that cannot
>> pay for their own travel (any profit will also cover these costs).
>>
>> I hope this clarifies our request?
>>
>> regards
>>
>> Seba
>>
>> On Wed, Aug 30, 2017 at 9:15 PM Matt Konda <matt.konda at owasp.org> wrote:
>>
>>> Seba,
>>>
>>> I support this event.  I know it was very positive last year for
>>> participants.
>>>
>>> However, I don't have a clear picture of the budget ask to run it again
>>> or the results from this year.
>>>
>>> The budget sheet suggests that there was a 150K seed fund and 50K was
>>> paid back.  That suggests OWASP committed 100K to this event which was
>>> outside of the regular budget process.  Am I missing something?
>>>
>>> If you can show me how the event is break even or better for the
>>> Foundation it would make it easier to move forward with the venue contract
>>> without going through the regular budgeting process.
>>>
>>> Signing the contract with the venue without these details puts us on a
>>> path that assumes we're planning to fund to a significant degree.  We have
>>> an annual process where we prioritize across initiatives.  It might be that
>>> this is a priority but it wouldn't make sense for us to commit a large $
>>> amount outside of that prioritization process.  It prevents other valuable
>>> initiatives from getting the same opportunity for funding.
>>>
>>> I hope this makes sense.  Definitely correct me where I am mistaken.
>>>
>>> Matt
>>>
>>>
>>>
>>> On Sun, Aug 27, 2017 at 4:35 AM, Seba <seba at owasp.org> wrote:
>>>
>>>> hi Matt,
>>>>
>>>> See inline below
>>>>
>>>> regards
>>>>
>>>> Seba
>>>>
>>>> On Thu, Aug 24, 2017 at 7:20 AM Matt Konda <matt.konda at owasp.org>
>>>> wrote:
>>>>
>>>>> Seba,
>>>>>
>>>>> Consider it added to the agenda.  Due to timing I’m going to suggest
>>>>> we discuss online as well and at the meeting as needed.
>>>>>
>>>>> I have a few questions:
>>>>>
>>>>> 1.  What is the best way to see the financial results from this year’s
>>>>> summit?
>>>>>
>>>> I am going over the results with Tom as there is  a difference from our
>>>> budget with actuals (break-even, attached) and the event P&L in quickbooks.
>>>>
>>>>>
>>>>> 2.  How do these results compare with other global events?  You
>>>>> mentioned it broke even, I believe that is with the “seed fund” which in
>>>>> theory was a “loan”.  So this feels like an investment for the Foundation,
>>>>> unlike the other global events.  Correct me if I am mistaken anywhere.
>>>>>
>>>> the event was able to refund the seed fund
>>>>
>>>>>
>>>>> 3.  Can you talk about the overall results?  (Lots of great things
>>>>> that came out of this year’s summit?)
>>>>>
>>>> the results were beyond our expectations. see the website
>>>> https://owaspsummit.org/ and the list of outcomes here
>>>> https://owaspsummit.org/Outcomes/
>>>>
>>>>
>>>>>
>>>>> 4.  How did the virtual part of the summit work out?  ($100K is a lot
>>>>> to spend on travel.)
>>>>>
>>>> quite ok and we will work to improve this next year
>>>> but the "magic" of the summit is really the face-to-face communication
>>>> during the working sessions and throughout the day
>>>> the board should really come over to experience this (you can schedule
>>>> your face to face board meeting here)!
>>>>
>>>>>
>>>>> 5.  Does it make sense for OWASP to have another summit event in the
>>>>> UK?  I see positives to this for sure.  I’m just wondering if the broader
>>>>> community is comfortable with this.
>>>>>
>>>> yes, the venue is perfect and we now have the logistics under control
>>>> London Heathrow is easy to fly into from all over the world
>>>>
>>>> we could organize other summits in other parts of the world, but we aim
>>>> to have the main summit organized in the same location in the coming years.
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> Matt
>>>>>
>>>>>
>>>>> On Aug 22, 2017, at 12:24 AM, Seba <seba at owasp.org> wrote:
>>>>>
>>>>> Dear board members,
>>>>>
>>>>> please find our request below/attached.
>>>>>
>>>>> as per response from Laura:
>>>>> "As you may know I can not approve funding for events, nor I can
>>>>> decide whether this is consider a Global Event. Once this is approved  by
>>>>> the board, I will be more that happy to assist you in any capacity."
>>>>>
>>>>> Can you take some time during the next board meeting to review and
>>>>> approve our request for funding and for the summit to be treated as a
>>>>> global event?
>>>>>
>>>>> Happy to take any questions prior to or during the meeting (if the
>>>>> time zone permits).
>>>>>
>>>>> Kind regards,
>>>>>
>>>>> Seba
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: Seba <seba at owasp.org>
>>>>> Date: Fri, Aug 18, 2017 at 6:03 AM
>>>>> Subject: OWASP Summit 2018 - event submitted for approval in OCMS
>>>>> To: Matt Tesauro <matt.tesauro at owasp.org>, Andrew van der Stock <
>>>>> vanderaj at owasp.org>, Laura Grau <laura.grau at owasp.org>, dinis <
>>>>> dinis at owasp.org>, Francois <francois at devseccon.com>
>>>>>
>>>>>
>>>>> Matt, Andrew, Laura,
>>>>>
>>>>> I submitted the OWASP Summit 2018 in OCMS (pdf attached).
>>>>>
>>>>> Budget proposal attached as well.
>>>>> Please see the notes:
>>>>> *We request a seeding fund from the foundation of 100.000 USD.*
>>>>> *This will allow us to contract the venue and lodging (similar to
>>>>> 2017).*
>>>>> *For this we request the non-used 50K seed fund of 2017 and an
>>>>> additional 50K for 2018.*
>>>>> *We intend to recover the 100K seed fund with sponsors and income
>>>>> tickets.*
>>>>> *We additionally request to re-use the 100K seed fund to cover the
>>>>> travel of selected working-session organizers and participants from the
>>>>> OWASP community.*
>>>>> *Our aim is to at least break even overall on the event in 2018 (which
>>>>> we already did in 2017).*
>>>>> *We will sell more tickets by creating an additional OWASP User Track
>>>>> for organisations or individuals to participate and exchange experiences
>>>>> and use cases of using OWASP best practices. **Given the success and
>>>>> outcome of 2017, together with a longer preparation time, we also intend to
>>>>> attract higher sponsorship and will create ""villa-booths"" for sponsors to
>>>>> showcase their technical expertise.*
>>>>> Additionally we *request for the summit to be recognized as a global
>>>>> event* for the foundation to have increased staff support.
>>>>>
>>>>> We have put in the option at the venue (same as this year: it is
>>>>> perfect for the summit and close to an international air hub - London
>>>>> Heathrow).
>>>>> *Can you arrange for the venue contract to be signed (see other email
>>>>> forwarded by Matt).*
>>>>>
>>>>> Thank you,
>>>>> Seba, Dinis, Francois
>>>>>
>>>>> <OWASP Summit 2018 Event Submission.pdf><owasp-summit-2018-budget
>>>>> v20170818.xlsx>
>>>>>
>>>>>
>>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20170906/382fa4ac/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 21186 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20170906/382fa4ac/attachment-0001.png>


More information about the Owasp-board mailing list