<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hang on a sec, I was being sincere. If Dennis has a question about my integrity, then I welcome his concern and will endeavor to do better. I was not taking a pot shot.<br>
<br><div>--</div><div>Jim Manico</div><div>@Manicode</div><div>(808) 652-3805</div></div><div><br>On May 1, 2014, at 9:57 AM, Josh Sokol <<a href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a>> wrote:<br><br>
</div><blockquote type="cite"><div><p dir="ltr">I agree with Eoin and believe that in this case both Jim and Dennis are borderline on grounds for suspension.  Jim, as a Board member we are expected to hold ourselves to a higher standard.  Dennis, if you believe that Jim has been unethical and have evidence to support that, then we have a process to handle that and posting ranting to the Board list is not part of that process.  You know that as well as anyone and I expect more from you.  This bickering and "pot shots" is completely unprofessional and needs to stop.</p>


<p dir="ltr">~josh</p>
<div class="gmail_quote">On May 1, 2014 4:48 AM, "Eoin Keary" <<a href="mailto:eoin.keary@owasp.org">eoin.keary@owasp.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="auto"><div>Please refrain from comments such as this. It does not comply with owasp ethics. I believe further examples of this should be grounds of suspension from owasp.</div><div><br><br>Eoin Keary<div>Owasp Global Board</div>

<div><a href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353 87 977 2988</a></div><div><br></div></div><div><br>On 1 May 2014, at 03:51, Jim Manico <<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>> wrote:<br>

<br></div><blockquote type="cite"><div>
  
    
  
  
    Dennis,<br>
    <br>
    I am certainly am a fuck X, but I do my best to be ethical. If you
    think I am being unethical in some way, then I am all ears to hear
    your concerns and complaints in a public forum like this. So what is
    your issue? How do you see me as unethical?<br>
    <br>
    Cheers,<br>
    Jim "The Fuck X" Manico<br>
    <br>
    <br>
    <br>
    <div>On 4/30/14, 10:42 PM, Dennis Groves
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Why - -o you can tell more lies you unethical fuck?</div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Wed, Apr 30, 2014 at 4:51 PM, Jim
          Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"> Since we are
              officially not going to go with SWAMP, can you please CC
              me in when you tell Kevin Green? I want to make sure he
              understands why from the board level.<br>
              <br>
              Thank you,<br>
              Jim
              <div>
                <div><br>
                  <br>
                  <div>On 4/29/14, 8:35 PM, Samantha Groves wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <p>Hello All,</p>
                      <p><br>
                      </p>
                      <p>Sarah has asked me to review the business
                        proposal in more detail, and I just wanted to
                        share my thoughts on the situation and the
                        proposed SWAMP integration agreement. </p>
                      <p>As you know, Kevin and I have been working on
                        this proposal for some time. Originally, this
                        discussion started with SWAMP wanting to sponsor
                        a project summit based on our tools projects,
                        but it slowly evolved into more of a consulting
                        type of engagement. I then shared my concerns
                        with Sarah, and asked for her help as the scope
                        of this agreement had changed into one where
                        OWASP could potentially find itself liable. </p>
                      <p>Now, after reading Sarah’s business proposal, I
                        have to say, that I am in total agreement with
                        what she recommends. I do not believe we should
                        move forward with this opportunity as it stands,
                        or opening up a consultancy business for us
                        under the foundation umbrella at this point in
                        time. Here is why:</p>
                      <p>1). Infrastructure: We do not have the
                        appropriate operational infrastructure set up to
                        run a consultancy. It is a very different type
                        of business, and it requires dedicated resources
                        to build and run it. </p>
                      <p>2). Human Resources: We do not have the staff
                        or the funds to hire the staff we would need to
                        open this new line of business. You will need to
                        hire your project, operations, and sales staff
                        to start, as Sarah pointed out. </p>
                      <p>Moreover, I HIGHLY recommend we not rely on
                        volunteer efforts to complete contracted work.
                        As I mentioned, consulting is a very different
                        type of business with different risks and
                        liabilities, and to rely on volunteers to
                        complete your contractual obligations is not a
                        very good business decision. You need dedicated
                        resources that are directly accountable for
                        delivery as the statements of work and project
                        plans are rigid. There is very little
                        flexibility, and from my experience, volunteers
                        need flexibility when working on projects as
                        this work is not their primary source of
                        income. </p>
                      <p>Now, I realize that we have won several grants
                        for our projects that give them the funding they
                        need to complete project milestones. However, I
                        would like to clarify and stress that receiving
                        grant funds, and entering into a business
                        contract, are two very different endeavors.
                        Grants are far more flexible, and they are a
                        donation for a very particular purpose made to
                        an organization. This is why having volunteers
                        work on projects with grant funding is far more
                        reasonable as the timeline, milestones, and
                        deliverables are flexible. They are more inline
                        with the innovation type of platform we
                        currently have. </p>
                      <p>3). Legal Liabilities: Now, I am not legal
                        council by any stretch of the imagination, but I
                        have been trained in basic international
                        business law and IP. Sarah outlines the legal
                        risks to our business perfectly in section VII
                        of her proposal. As I mentioned, getting into a
                        contractual agreement with another organization,
                        whether the products are open-source or not,
                        still makes us liable for delivery of whatever
                        is specified in the contract. I have read Jim’s
                        comment about OWASP providing no-warranty as the
                        product is open source, and that is correct. The
                        products are without warranty (open-source)<span>;
                          however, our legal liability to produce what
                          is in the contract, is not.</span> They are
                        two separate things. </p>
                      <p>These are only three of quite a few other
                        concerns I have about this new line of business,
                        and entering into an agreement with the SWAMP
                        team at this point in time. The way I see it, we
                        have two questions:</p>
                      <p>1. Should we enter into the proposed agreement
                        with SWAMP?</p>
                      <p>2. Should we start a new line of business:
                        Consulting?</p>
                      <p><br>
                      </p>
                      <p><b>Answers</b></p>
                      <p>1. I do not believe we should enter into the
                        agreement with SWAMP as the contract makes us
                        liable for the work produced, as it stands. Now,
                        if Kevin and team are ok working with the
                        project leaders directly, then I see no issue
                        with that. However, I highly recommend that the
                        foundation not enter into a contract with
                        another organization (SWAMP) on a consultancy
                        basis as we are fully aware we do not have the
                        infrastructure to deliver what is promised in
                        the Statement of Work. We are taking a big risk,
                        and while I am very comfortable with risks and
                        recommend them in business, we must make sure to
                        take calculated risks. This, to me, is not a
                        calculated risk. It is a reactive one based on
                        an opportunity that we might not be able to make
                        good on. </p>
                      <p>2. I do not recommend we do this at this time.
                        I think it is an excellent idea to consider in a
                        year’s time, but we are not in a position where
                        we can take this on right now. It requires quite
                        a bit of investment, and as I see it, we are not
                        even in a position to make appropriate business
                        decisions when it comes to starting lines of
                        business like this. The fact that we were even
                        entertaining the idea that we should run this
                        consultancy under the OWASP non-profit umbrella
                        makes it clear to me that we are not ready to
                        take this on. We cannot run it as a separate
                        program. As Sarah suggested, we will need to
                        start a new organization, <span>such as a
                          for-profit subsidiary of our non profit,</span><span> </span>so
                        we can shift liability to that entity in case
                        anything goes wrong. This way, if we are sued
                        into bankruptcy, we still have the mother-ship
                        intact. </p>
                      <p><br>
                      </p>
                      <p>These are just my 2 cents after briefly
                        reviewing the situation and scope. I hope it is
                        helpful.</p>
                      <p>Thank you, Sarah and Board.</p>
                      <p><br>
                      </p>
                      <p> </p>
                      <p>Samantha</p>
                    </div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">On Mon, Apr 28, 2014 at
                        6:03 PM, Sarah Baso <span dir="ltr"><<a href="mailto:sarah.baso@owasp.org" target="_blank">sarah.baso@owasp.org</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div dir="ltr">All -
                            <div><br>
                            </div>
                            <div>Here is the (brief) business plan I put
                              together on the project and consulting
                              work such as that being requested by DHS
                              Swamp.  Admittedly, I stopped with with
                              the details on what rolling out a plan
                              would like this would look like after
                              doing some initial research on the legal
                              and tax repercussions for us.
                               Additionally, I don't think this exact
                              model is in alignment with the charity
                              work we are trying to accomplish.</div>
                            <div><br>
                            </div>
                            <div>This is not to say we shouldn't look
                              for funding opportunities to develop our
                              projects - but i don't think this model is
                              the right one for us.</div>
                            <div><br>
                              <div><a href="https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing" target="_blank">https://docs.google.com/document/d/1S3J8Krkysqr0m5U9-NLefMCOGvmGFw30oJU-8IMH4zQ/edit?usp=sharing</a><br clear="all">


                                <div><br>
                                </div>
                                <div>I look forward to hearing your
                                  thoughts.</div>
                                <span><font color="#888888">
                                    <div><br>
                                      Sarah Baso</div>
                                    -- <br>
                                    <div dir="ltr">
                                      <div>Executive Director</div>
                                      <div>OWASP Foundation</div>
                                      <div><br>
                                      </div>
                                      <div><a href="mailto:sarah.baso@owasp.org" target="_blank">sarah.baso@owasp.org</a><br>
                                        <a href="tel:%2B1.312.869.2779" value="+13128692779" target="_blank">+1.312.869.2779</a><br>
                                        <br>
                                        <br>
                                        <br>
                                        <br>
                                      </div>
                                    </div>
                                  </font></span></div>
                            </div>
                          </div>
                          <br>
_______________________________________________<br>
                          Owasp-board mailing list<br>
                          <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
                          <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                      <br clear="all">
                      <div><br>
                      </div>
                      -- <br>
                      <div dir="ltr">
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><font color="#ff6600"><b>Samantha Groves, MBA</b></font></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><i><font color="#ff6600">OWASP Projects Manager</font></i></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><i><font color="#ff6600"><br>
                            </font></i></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><font color="#666666">The OWASP Foundation</font></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><font color="#666666">Phoenix, USA</font></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><span style="color:rgb(102,102,102)">Email: <a href="mailto:samantha.groves@owasp.org" target="_blank">samantha.groves@owasp.org</a></span></p>


                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><font color="#666666">Skype: samanthahz </font></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><font color="#666666"><br>
                          </font></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><a href="https://www.owasp.org/index.php/Category:OWASP_Project" style="background-color:transparent" target="_blank">OWASP Global Projects</a></p>


                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><a href="http://goo.gl/mZXdZ" target="_blank">Book
                            a Meeting with Me</a></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><font color="#666666"><a href="http://owasp4.owasp.org/contactus.html" target="_blank">OWASP Contact US Form</a></font></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><a href="http://www.tfaforms.com/263506" target="_blank">New Project Application Form</a></p>
                        <p style="font-size:13px;font-family:arial,sans-serif;margin:0px"><br>
                        </p>
                        <p style="color:rgb(80,0,80);font-size:13px;font-family:arial,sans-serif;margin:0px"><br>
                        </p>
                      </div>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
Owasp-board mailing list
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            Owasp-board mailing list<br>
            <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
            <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div dir="ltr"><span style="background-color:rgb(255,255,255)"><span style="font-family:verdana,sans-serif"><font size="1"><span style="border-collapse:collapse"><a href="http://about.me/dennis.groves" target="_blank">Dennis
                    Groves</a>, MSc</span></font></span></span>
          <div>
            <span style="background-color:rgb(255,255,255)"><span style="font-family:verdana,sans-serif"><font size="1"><span style="border-collapse:collapse"><a href="mailto:dennis.groves@owasp.org" target="_blank">Email me,</a> or <a href="http://goo.gl/8sPIy" target="_blank">schedule a meeting</a>.<br>


                  </span></font></span></span></div>
          <div>
            <div style="text-align:left"><i><span style="background-color:rgb(255,255,255)"><span style="font-family:verdana,sans-serif"><font size="1">This email is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB" target="_blank">CC BY-ND 3.0</a> <font size="1">license</font>.</font></span></span></i></div>


            <div style="text-align:left"><span style="font-family:verdana,sans-serif"><font size="1"><font color="#999999"><span style="border-collapse:collapse"><span style="color:rgb(0,0,0)"><span style="background-color:rgb(255,255,0)"><a href="http://www.fsf.org/campaigns/secure-boot/statement" target="_blank">Stand up for your freedom to
                            install free software.</a></span></span><br>
                    </span></font></font></span><span style="font-family:verdana,sans-serif"><font size="1"><font color="#999999"><span style="border-collapse:collapse"><span style="color:rgb(102,102,102)">Please do not
                        send me Microsoft Office/Apple iWork documents.
                        <br>
                        Send <a href="http://fsf.org/campaigns/opendocument/" target="_blank">OpenDocument</a> instead!</span><br>
                      <br>
                    </span></font></font></span>
              <div style="text-align:left"><span style="font-family:verdana,sans-serif"><font size="1"><font color="#999999"><span style="border-collapse:collapse"><a href="http://www.owasp.org/" target="_blank"><img src="http://www.owasp.org/skins/monobook/ologo.png" height="92" width="96"></a></span></font></font></span><br>


              </div>
              <span style="font-family:verdana,sans-serif"></span></div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  

</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Owasp-board mailing list</span><br><span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>

<span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br></div></blockquote></div><br>_______________________________________________<br>


Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div>
</div></blockquote></body></html>