<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>+2<br><br><div>--</div><div>Jim Manico</div><div>@Manicode</div><div>(808) 652-3805</div></div><div><br>On Mar 27, 2014, at 1:29 AM, Sarah Baso <<a href="mailto:sarah.baso@owasp.org">sarah.baso@owasp.org</a>> wrote:<br>
<br></div><blockquote type="cite"><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div>+1</div><div><br>On Mar 26, 2014, at 12:53 PM, GK Southwick <<a href="mailto:genevieve.southwick@owasp.org">genevieve.southwick@owasp.org</a>> wrote:<br>
<br></div><blockquote type="cite"><div><div dir="ltr">After following this further down the rabbit hole, I'm in agreement with Josh. The bylaws shouldn't state anything about the Community Manager's involvement, but the Chapter Leader's Handbook should certainly have a section on Conflict Resolution that involves the Community Manager. As I mentioned in my introductory email yesterday afternoon: <ul style="font-family:arial,sans-serif;font-size:13px">
<li style="margin-left:15px">Chapter/member disputes. One of my many hats here at OWASP is mediation. If an issue arises in your Chapter, that you feel needs to be brought to the attention of the Foundation, please bring it to me first. I should, by default, be informed of any issues that require the attention of anyone outside of your immediate chapter, so that I may assist with intervention and determine if it needs to be escalated further up the chain of command. If I am unable to mediate to the satisfaction of all parties involved, I will gladly assist in bringing the matter to the Board of Directors and step out of the process, so that they can make the case determination.</li>
</ul><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">This does not mean that the Community Manager should be mentioned in the bylaws. As Josh mentioned, if it's gotten so far that the Board needs to be involved, the matter should already have been brought to my attention by the Chapter Leader prior to that. Now that I understand the distinction that Josh is making there, I'm in complete agreement.</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">I will handle mediation of Chapter issues, prior to them being brought to the attention of the BoD - in fact, I'll bring them to the BoD myself, if an amicable resolution can't be reached, but my involvement should be addressed in the Chapter Handbook Rules & Regs. Not the Foundation Bylaws.</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">-= GK</font></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div>Community Manager<br></div><div>OWASP Foundation<br>
</div><div><br></div><div><a href="mailto:gk@owasp.org" target="_blank">gksouthwick@owasp.org</a></div><div>+01.415.742.2342</div><div><br></div></div></div>
<br><br><div class="gmail_quote">On Wed, Mar 26, 2014 at 1:42 PM, Josh Sokol <span dir="ltr"><<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div>Fabio,<br><br></div>I'm not sure we have the same vision as to what the OWASP Community Manager role is. If they are engaged with the community, as they should be, then they should already be aware of any issues. If an issue escalates to the point where a leader is revoking someone from participating, then we have clearly moved beyond the issue resolution phase and into the action justification phase. The Chapter Leader Handbook would be an ideal place to talk about your process for issue resolution, including escalation to the Community Manager, but I disagree that the Community Manager should be fielding appeals for revocation as they would have already been biased by the issue resolution that took place beforehand. It's like saying "I couldn't help fix the problem so I'm just going to decide to kick you out and I don't really feel like I was wrong therefore I won't raise the issue with the Board." Does that make sense? <br>
<br>This Bylaw change was only meant to grant leaders the ability to revoke and provide a path for appeal. I don't think that we need to put a whole dispute resolution process into the Bylaw item.<span class="HOEnZb"><font color="#888888"><br>
<br></font></span></div><span class="HOEnZb"><font color="#888888">~josh<br>
</font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 26, 2014 at 11:54 AM, Fabio Cerullo <span dir="ltr"><<a href="mailto:fcerullo@owasp.org" target="_blank">fcerullo@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Josh,<div><br></div><div>I don't want to be a pain and really appreciate your efforts in drafting this doc.</div>
<div><br></div><div>My only intent is to clarify the Global Board role and establish a clear escalation path through the Community Manager.</div>
<div><br></div><div>Here goes an updated wording.. please feel free to modify it at will:</div><div><br></div><div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">SECTION 4.07 Participation. Participation in OWASP activities (conferences, meetings, mailings lists, projects, etc) does not require membership, but is subject to adherence to the OWASP Code of Ethics, and OWASP leaders may revoke the privilege of participation to those who choose not to abide by that code. Notification of such a revocation must be made to the individual in writing, with the <b>OWASP Community Manager </b>CC’d for inclusion in the Foundation records. If an individual believes that this revocation is unjustified, then they have the option to appeal the decision by notifying the OWASP <b>Community Manager </b>in writing within 14 days of the original notification. <b>If there is enough evidence that this revocation was unjustified, then the Community Manager could raise the issue with the OWASP Global Board of Directors for review at the next Global Board meeting.</b></span><br>
</div><div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><b><br></b></span></div>By doing so, the Global Board avoids getting involved in matters that could be resolved by the Community Manager.<div>
<br></div><div>Any questions, just let me know.</div><div><br>Regards<span><font color="#888888"><br>Fabio</font></span></div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Mar 25, 2014 at 2:25 PM, Josh Sokol <span dir="ltr"><<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Fabio,</p>
<p dir="ltr">Yes, the community manager needs to be engaged at the community level to work with our leaders to make sure it doesn't get to this point. They should not, however, be responsible for appeals if someone feels they have been wrongly excluded. This puts our representative for community engagement in a position of potential conflict with members of our community. That said, I volunteered to put together wording of the Bylaws based on what was discussed at the Board meeting which I supported. If you or Tom would like to propose a different wording in a votable format, then I would be happy to consider that as an alternative. I do feel that we need to finish this off sooner rather than later though as I have had at least one Chapter leader ask me if it had been finalized yet as this is a priority for them.</p>
<span><font color="#888888">
<p dir="ltr">~josh</p></font></span><div><div>
<div class="gmail_quote">On Mar 24, 2014 9:00 AM, "Fabio Cerullo" <<a href="mailto:fcerullo@owasp.org" target="_blank">fcerullo@owasp.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Josh,<div><br></div><div>I like the escalation process suggested by Tom. </div><div><br></div><div>If an issue arises in the community, it has to be handled by the Community Manager first, and then as a last resource by the Board.</div>
<div><br></div><div>One of the CM main responsibilities is: <span style="line-height:19.200000762939453px;font-size:13px;font-family:sans-serif">to serve as the single point of contact for OWASP Chapter related questions, issues, and volunteerism.</span></div>
<div><br></div><div>Maybe we could amend the wording in the bylaws to include this escalation process?</div><div><br>Thanks</div><div>Fabio</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Mar 24, 2014 at 1:50 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Ok I second your motion and your notion, Josh. Sorry, been
listening to Smokey Robinson. It could have been worse, I could have
said something like "If you feel like loving me, if you have the
notion, I'll second that emotion" but decided against it.<br>
<br>
Aloha from Mumbai.<span><font color="#888888"><br>
Jim</font></span><div><div><br>
<br>
<br>
<br>
<div>On 3/24/14, 7:15 PM, Josh Sokol wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Bueller? Bueller?<br>
<br>
Can I please get a second and a vote? This was sent out 3
weeks ago.<br>
<br>
</div>
~josh<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Mar 21, 2014 at 10:27 PM, Jim
Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Sounds good Josh.
Sorry for any confusion.<br>
<br>
Cheers,<br>
Jim
<div>
<div><br>
<br>
<div>On 3/22/14, 12:24 PM, Josh Sokol wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">To be clear, what you're talking about
is a process and I support that. What I've
proposed (per what you all asked me to put
together at the Board meeting) is a policy via thr
Bylaws that specifies the path of revocation
should that process fail to allow cooler heads to
prevail. They are not mutually exclusive and are
both important along the path toward resolution
one way or another.</p>
<div class="gmail_quote">On Mar 21, 2014 7:56 PM,
"Jim Manico" <<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> +1<br>
<br>
I like this process.<br>
<br>
1) When conflict arises, first the chapter
leads bring in the community manager to see if
the dispute can be resolved.<br>
2) If necessary, chapters can start a process
to remove someone from the chapter. Community
manager over-sees this to make sure it's done
with integrity.<br>
3) If the individual thinks the process is
being done unfairly or they were removed
unfairly, they can petition the board to get
involved.<br>
<br>
This seems reasonable to be. I want to make
sure that competitive interests or corporate
interests are not taking over a chapter and
decide to remove someone to remove
competition. <br>
- Jim<br>
<br>
<div>On 3/22/14, 8:52 AM, GK Southwick wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Completely fair and I believe
that that was what Tom was suggesting,
only that it shouldn't go straight to the
BoD, unless there is no other recourse. We
now have a Community Manager to handle
mitigation, without having to involve the
board in every little dispute.
<div> <br>
</div>
<div>Don't get me wrong, I know that
completely ostracizing someone from the
community is not a "little" dispute, by
any means. But I also believe that
there's a time and place for escalation
and we can start every appeal at a lower
level than the BoD.
<div> <br>
</div>
<div>-= GK</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr">
<div>Community Manager<br>
</div>
<div>OWASP Foundation<br>
</div>
<div><br>
</div>
<div><a href="mailto:gk@owasp.org" target="_blank">gksouthwick@owasp.org</a></div>
<div>+01.415.742.2342</div>
<div><br>
</div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On Fri, Mar 21,
2014 at 5:39 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div>Since this is about someone
getting pushed out of the
community in a big way, something
against our DNA, I want to make
sure they have the ability to
appeal to the board after the
community review process is
complete. Fair?<br>
<br>
<div>--</div>
<div>Jim Manico</div>
<div>@Manicode</div>
<div><a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808) 652-3805</a></div>
</div>
<div>
<div>
<div><br>
On Mar 22, 2014, at 5:58 AM,
GK Southwick <<a href="mailto:genevieve.southwick@owasp.org" target="_blank">genevieve.southwick@owasp.org</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">Absolutely.
We don't need to escalate
it to BoD review, unless
we can't agree to disagree
at the community level
first.
<div><br>
</div>
<div>Best,</div>
<div><br>
</div>
<div>-= GK</div>
<div class="gmail_extra">
<br clear="all">
<div>
<div dir="ltr">
<div>Community
Manager<br>
</div>
<div>OWASP
Foundation<br>
</div>
<div><br>
</div>
<div><a href="mailto:gk@owasp.org" target="_blank">gksouthwick@owasp.org</a></div>
<div>+01.415.742.2342</div>
<div><br>
</div>
</div>
</div>
<br>
<br>
<div class="gmail_quote">On
Fri, Mar 21, 2014 at
2:53 PM, Tom Brennan <span dir="ltr"><<a href="mailto:tomb@owasp.org" target="_blank">tomb@owasp.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>" notifying the
OWASP Board of
Directors in
writing within 14
days of<br>
the original
notification"<br>
<br>
</div>
notifying the OWASP
Community Manager in
writing within 14
days of the<br>
original
notification<br>
<br>
What that does is
allow the staff to
look at the issue.
If<br>
satisfaction
resolution to either
party is not made
then it can be go<br>
on the agenda for a
board meeting
discussion.<br>
<br>
<br>
Semper Fi,<br>
<br>
Tom Brennan | OWASP
Foundation<br>
Vice Chairman<br>
Main: <a href="tel:%2B1%20973%20202%200122" value="+19732020122" target="_blank">+1
973 202 0122</a><br>
Skype: proactiverisk<br>
Web: <a href="http://www.owasp.org" target="_blank">http://www.owasp.org</a><br>
<br>
NYC CyberSocial 26
March<br>
<a href="http://www.meetup.com/OWASP-NYC/events/169653782/" target="_blank">http://www.meetup.com/OWASP-NYC/events/169653782/</a><br>
<br>
NJ CyberSocial 27
March<br>
<a href="http://www.meetup.com/OWASP-New-Jersey/events/169975572/" target="_blank">http://www.meetup.com/OWASP-New-Jersey/events/169975572/</a><br>
<div>
<div><br>
<br>
<br>
On Fri, Mar 21,
2014 at 3:56 PM,
Josh Sokol <<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>
wrote:<br>
> Does anyone
else have any
comments on
this? Tobias
asked if "in
writing"<br>
> includes
e-mail, but
otherwise that's
the only comment
I received. Can
I<br>
> have a
second please so
that we can
proceed with a
vote?<br>
><br>
><br>
> Proposal:
Add a new
section to the
OWASP Bylaws.<br>
><br>
> SECTION
4.07
Participation.
Participation in
OWASP activities
(conferences,<br>
> meetings,
mailings lists,
projects, etc)
does not require
membership, but
is<br>
> subject to
adherence to the
OWASP Code of
Ethics, and
OWASP leaders
may<br>
> revoke the
privilege of
participation to
those who choose
not to abide by<br>
> that code.
Notification of
such a
revocation must
be made to the
individual<br>
> in writing,
with the OWASP
Board of
Directors CC'd
for inclusion in
the<br>
> Foundation
records. If an
individual
believes that
this revocation
is<br>
>
unjustified,
then they have
the option to
appeal the
decision by
notifying<br>
> the OWASP
Board of
Directors in
writing within
14 days of the
original<br>
>
notification.<br>
><br>
> ~josh<br>
><br>
><br>
> On Tue, Mar
4, 2014 at 3:14
AM, Tobias <<a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>>
wrote:<br>
>><br>
>> Hi
Josh,<br>
>> sounds
good.<br>
>> One
question to the
lawyers among
us: does "in
writing" include
per email?<br>
>> Thanks,
Tobias<br>
>><br>
>><br>
>><br>
>> On
03/03/14 16:12,
Josh Sokol
wrote:<br>
>><br>
>> As
requested, I
have re-worded
the proposed
addition to the
Bylaws to<br>
>> include
information
about
notification and
an appeals
process. Also,
since<br>
>> the
most logical
place to put
this is in the
membership
section of the<br>
>> bylaws,
I modified to
say that
participation
does not require
membership.<br>
>> Please
discuss.<br>
>><br>
>>
Proposal: Add a
new section to
the OWASP
Bylaws.<br>
>><br>
>> SECTION
4.07
Participation.
Participation in
OWASP activities<br>
>>
(conferences,
meetings,
mailings lists,
projects, etc)
does not require<br>
>>
membership, but
is subject to
adherence to the
OWASP Code of
Ethics, and<br>
>> OWASP
leaders may
revoke the
privilege of
participation to
those who choose<br>
>> not to
abide by that
code.
Notification of
such a
revocation must
be made<br>
>> to the
individual in
writing, with
the OWASP Board
of Directors
CC'd for<br>
>>
inclusion in the
Foundation
records. If an
individual
believes that
this<br>
>>
revocation is
unjustified,
then they have
the option to
appeal the
decision<br>
>> by
notifying the
OWASP Board of
Directors in
writing within
14 days of the<br>
>>
original
notification.<br>
>><br>
>> Thanks!<br>
>><br>
>> ~josh<br>
>><br>
>><br>
>>
_______________________________________________<br>
>>
Owasp-board
mailing list<br>
>> <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
>> <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
>><br>
>><br>
><br>
><br>
>
_______________________________________________<br>
> Owasp-board
mailing list<br>
> <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
> <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
><br>
_______________________________________________<br>
Owasp-board
mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Owasp-board mailing
list</span><br>
<span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>
<span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Owasp-board mailing list</span><br><span><a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br>
<span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br></div></blockquote></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br>
<span>Owasp-board mailing list</span><br><span><a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br><span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
</div></blockquote></body></html>