<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Johanna,<br>
    <br>
    Once the survey results are in, please attend the next board meeting
    for that month and we will reserve time to discuss the survey
    results together. Converting survey results into actionable change
    can be difficult. And because the changes suggested are fairly big,
    we might need to pull resources from other areas to accomplish these
    goals. <br>
    <br>
    The other thing to note is, how much money do successful projects
    really need? I manage four OWASP projects and they all pretty much
    have zero funding yet I feel they are successful. Most of the tools
    we need to manage a successful project these days are cheap and
    free.<br>
    <br>
    So if anyone is saying that they cannot be successful at an OWASP
    projects because they do not have money, I think they are missing
    the point of open source and are not aware of the modern free
    development tools and resources available.<br>
    <br>
    Now Johanna, I still think discussing increased project funding is
    critical, I'm with you! But I state with respect that lack of funds
    is a poor excuse for not being successful at an open source project
    in 2015.<br>
    <br>
    Let me give you an example.  Jeremy Long runs the Dependency Check
    project, a very amazing tool which earned OWASP Flagship status. I
    see regular check-in's from him super early in the morning because
    he wakes up at the crack of dawn to get some coding time in before
    he starts his day. You can't buy dedication like that. You need to
    have it in your gut - the burning desire to make something happen
    regardless of the bull$hit happening around you. I know of several
    in our community who have that fire. Jeremy. Simon. Abraham
    Aranguren, Bharadwaj Machiraju, John Melton, Colin Watson, Ryan
    Barnett and many others who just dig in and do it.<br>
    <br>
    I honestly think that if anyone working on a OWASP Flagship or Labs
    project needed funding - they should ask about it. I know it's a
    form, but it's like a few drop down menus and a textarea. <br>
    <br>
    Aloha,<br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
    <br>
    <br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 8/17/15 3:31 PM, johanna curiel
      curiel wrote:<br>
    </div>
    <blockquote
cite="mid:CACxry_2s=M+eEDxbGZNj-4ZLtYfxuAwU4wwLKHsuZ5ogB=Nd7w@mail.gmail.com"
      type="cite">
      <div dir="ltr">Josh,
        <div><br>
        </div>
        <div>
          <div>So far I remember , the idea was proposed to the board by
            you and the board took the decision to implement Committee
            2.0. I believe this was done with all good intentions but is
            not working.</div>
          <div><a moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html">http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html</a><br>
          </div>
          <div><br>
          </div>
          <div>In this same email Sarah mentions:</div>
          <div>
            <pre style="white-space:pre-wrap;color:rgb(0,0,0)">The 2008 committees worked, for the most part, independently of each other.
This often created duplicate or even conflicting efforts leading to frustration.</pre>
          </div>
          <div>Results now: I'm the only committee called the Project
            Task Force.Maybe thats why none wants to create anymore
            committees.<br>
          </div>
          <div><br>
          </div>
          <div>Projects are global. They promote owasp at a global
            level. What is OWASP known for? for its chapters? Its
            conferences? I strongly believe OWASP is know for its
            projects, Code Review, Testing guide, the Cheat Sheets,
            ASVS, ZAP... Many references in major publications refer to
            OWASP top ten and respect them because of its projects.PCI
             and major vendors use them as reference and guidelines.</div>
          <div><br>
          </div>
          <div>I would like to see is a better schema for them to get
            more awareness, especially people doing great things and
            because of lack of funds cannot promote their projects.
            Chapters are rich ,projects are poor. That is in my opinion
            a huge misbalance. </div>
          <div><br>
          </div>
          <div>The limit of USD2,000- for supporting a project leader a
            year is for most leaders not enough. If a leader outside US
            or EU is invited to blackhat , that amount is not enough to
            cover his traveling expenses.  And thats the maximum he can
            have in a year after filling on forms and going through some
            back-and-forth emails with the staff...</div>
          <div><br>
          </div>
          <div>
            <ul>
              <li>Should we scrap projects and focus to be a dedicated
                conference organisation?...thats what  I see is
                happening whether consciously or not. <br>
              </li>
              <li>Should we scrap conferences and focus to gather those
                funds to create a better platforms for projects and
                become the next Apache foundation?<br>
              </li>
              <li>Should we use crowdsource for gathering funds for
                projects through the OWASP foundation?<br>
              </li>
            </ul>
          </div>
          <div><br>
          </div>
          <div>I would like to see a solution to this or an action.</div>
          <div><br>
          </div>
          <div>
            <div>Project summits = events . Thats what I'm proposing.
              That Summits are treated like events to generate money for
              projects so they have also a fair way to generate money as
              chapters do. They will depend less from sponsors with
              commercial intentions.(easier to avoid  Logogate issues
              and projects with the intention to promote apssec
              companies). Also more focus on crowdsourcing projects. If
              people finds it a great idea they will sponsor it.</div>
          </div>
          <div><br>
          </div>
          <div>I will ask the staff to create a survey and ask the
            community about it. This is my proposal and based on those
            results I hope and expect the board to take actions.<br>
          </div>
          <div><br>
          </div>
          <div>regards</div>
          <div><br>
          </div>
          <div>Johanna</div>
          <div><br>
          </div>
          <div><br>
          </div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Aug 17, 2015 at 7:41 PM, Mario
          Robles <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:mario.robles@owasp.org" target="_blank">mario.robles@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"> Hey Josh,<br>
              <br>
              I could be wrong but the term Committee is commonly
              associated with "bureaucracy" even if it's not what you
              meant, at least it was the first thing on top of my head,
              I'm sure if you change the word Committee to something
              like "Action Team" it would be better accepted<br>
              <br>
              Just my point view,<br>
              <br>
              Mario
              <div>
                <div class="h5"><br>
                  <div>
                    <table style="font-size:12px">
                      <tbody>
                        <tr>
                          <td><br>
                          </td>
                          <td> <br>
                          </td>
                        </tr>
                      </tbody>
                    </table>
                  </div>
                  <div>On 17/08/2015 04:21 p.m., Josh Sokol wrote:<br>
                  </div>
                </div>
              </div>
              <blockquote type="cite">
                <div>
                  <div class="h5">
                    <div dir="ltr">
                      <div>
                        <div>
                          <div>
                            <div>
                              <blockquote style="margin:0px 0px 0px
                                0.8ex;border-left:1px solid
                                rgb(204,204,204);padding-left:1ex"
                                class="gmail_quote">I think we need to
                                create Project Summits in the form of
                                events with the whole purpose to gather
                                funds for projects<br>
                              </blockquote>
                              <br>
                            </div>
                            Please forgive my ignorance.  How does a
                            Project Summit generate funds for project? 
                            Every Project Summit that we have had to
                            date has cost the Foundation money, hasn't
                            it?  Can you please elaborate?<br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">Look, Denver chapter
                              has around 50K in their bucket. The
                              richest Project is ZAP with 10k... but
                              thats is the exception. Even worse when
                              you look at chapters outside US or EU,
                              mine has only USD40 dollars. Most projects
                              have Zero Dollars.<br>
                            </blockquote>
                            <br>
                          </div>
                          I'm not sure I understand the fixation on what
                          other chapters have in their bucket.  They
                          have these funds because they worked hard to
                          obtain them.  In the case of Denver, they ran
                          last year's AppSecUSA Conference.  Just
                          because they have money in their account, it
                          doesn't mean that you aren't able to do things
                          with the $40 you have in your account.  It
                          just means that they have to use their account
                          funds first before being able to use money
                          from the Foundation pool while you would need
                          to request funds from that pool for anything
                          over $40.  Any sort of reallocation just moves
                          the "ring fenced funds" issue to another
                          account.  The model of chapters and projects
                          having accounts is not what's broken here. 
                          It's the model of chapters and projects saving
                          their funds instead of spending them.  This is
                          why I voted "no" on the Summer of Code
                          initiative.  It was giving money to those who
                          already had it and not forcing them to spend
                          their funds first.  In any case, I'm not sure
                          I understand why the amount of money Denver
                          has in their account has any impact on any
                          other chapter or project other than
                          themselves.  We have tens of thousands of
                          dollars allocated by the Foundation to project
                          and chapters on an annual basis, much of which
                          goes completely unused.  There is money
                          available at OWASP for those who need it and I
                          have yet to hear of a situation where someone
                          was told otherwise.<br>
                          <br>
                          <blockquote style="margin:0px 0px 0px
                            0.8ex;border-left:1px solid
                            rgb(204,204,204);padding-left:1ex"
                            class="gmail_quote">Yes but how do they know
                            where to go, that's why the survey. The
                            survey is the compass. And the leaders are
                            elected to listed to the community.<br>
                          </blockquote>
                          <br>
                        </div>
                        I agree with this notion.  The OWASP Board
                        should act in accordance with the desires of the
                        community and should be doing frequent checks to
                        confirm that initiatives are aligned.<br>
                        <br>
                        <blockquote style="margin:0px 0px 0px
                          0.8ex;border-left:1px solid
                          rgb(204,204,204);padding-left:1ex"
                          class="gmail_quote">So the committee concept
                          in theory seemed like a great idea but in
                          practice is not working because in my eyes,
                          creating a committee is creating a mini board
                          inside OWASP.<br>
                        </blockquote>
                        <br>
                      </div>
                      To be honest, I have been surprised by the lack of
                      desire to participate in OWASP Committees.  The
                      community has said that they want empowerment and
                      the goal of the committees was to do that.  But,
                      now that it's there, nobody wants it?  Your
                      example with John Lita follows the Committees 2.0
                      process almost verbatim.  The only difference is
                      that it provides scoping to ensure that we don't
                      have competing, or even worse, conflicting
                      initiatives and it specifies that the individuals
                      involved need to work within that scope.  Without
                      it, you have a loosely knit group of people
                      running around with their own individual
                      initiatives.  At that level, OWASP is just a
                      funding source for experimentation, not a
                      Foundation.  There is no accountability, but the
                      liability on the Foundation is still there. 
                      Legally, we can't just have people running around
                      spending money without any form of guidance.  <br>
                      <br>
                      <blockquote style="margin:0px 0px 0px
                        0.8ex;border-left:1px solid
                        rgb(204,204,204);padding-left:1ex"
                        class="gmail_quote">
                        <div> Allow me  and let the staff know that they
                          should support me and any other volunteers
                          seeking for implementing their ideas ;-). </div>
                        <div>Lets cut the red tape with committees and
                          let people know that if they want to do
                          something,</div>
                        <ul>
                          <li>Contact the staff. <br>
                          </li>
                          <li>Set a survey and gather support<br>
                          </li>
                          <li>Need more money? Set a crowd funding
                            project @ <a moz-do-not-send="true"
                              href="https://www.kickstarter.com"
                              target="_blank">https://www.kickstarter.com</a>
                            under OWASP</li>
                          <li>Volunteers implement idea or project with
                            the support of owasp staff and other
                            volunteers</li>
                        </ul>
                      </blockquote>
                      <p>I'm not sure how this is that much different
                        from a Committee.  Contact the community via the
                        mailing list and gather support, scope the
                        activities (ie. define the project), Board
                        ensures that there's no conflict, do your
                        thing.  The "red tape" that you keep referring
                        to is just a process document that walks you
                        through how to set up a committee.  After that's
                        done, the idea was to empower you to act within
                        the defined scope without going to the Board. 
                        If we're talking specifically about projects,
                        which it sounds like this is geared towards,
                        then it's even easier.  Register as a project
                        (so that staff knows you exist and can support
                        you) and do your thing.  If you need money, ask
                        for it.  I'm not sure I see the problem here. 
                        I'm also not sure what you're asking for as it
                        doesn't seem that different to me than how the
                        status quo is supposed to operate.  Is it
                        operating differently in practice than it should
                        in theory?  I don't have an OWASP project and so
                        perhaps I'm blind to the realities.  If so, then
                        the specific issues need to be addressed by
                        bylaw change, policy change, staff engagement,
                        etc.  So far, all you've said is "projects need
                        money", which you have access to, and "cut the
                        red tape", of which I don't see anything more
                        than a step to say "Hey, I want to be a
                        project".  Please help me to understand.<br>
                      </p>
                      ~josh<br>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Aug 17, 2015 at
                        12:04 PM, johanna curiel curiel <span dir="ltr"><<a
                            moz-do-not-send="true"
                            href="mailto:johanna.curiel@owasp.org"
                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div dir="ltr"><span>
                              <div> >I don't think there is anything
                                preventing a project from doing the
                                same, but I haven't seen it done at this
                                point.</div>
                              <div><br>
                              </div>
                            </span>
                            <div>I think we need to create Project
                              Summits in the form of events with the
                              whole purpose to gather funds for projects
                              .Open samm has done this and I think we
                              can try that. Fo that we need the support
                              of the staff Business liaison, Event
                              manager, just as they put their work and
                              efforts in Events and appsecs. Here cut
                              share between OWASp staff time and
                              projects can also be done.</div>
                            <span>
                              <div><br>
                              </div>
                              <div> >OWASP has a project funding
                                bucket.</div>
                            </span>
                            <div>Look, Denver chapter has around 50K in
                              their bucket. The richest Project is ZAP
                              with 10k... but thats is the exception.
                              Even worse when you look at chapters
                              outside US or EU, mine has only USD40
                              dollars. Most projects have Zero Dollars.</div>
                            <div>And the limits right now are a support
                              but do not help to get important things
                              moving like OWASP Academy portal, Leaders
                              like Azzedine assist and show case his
                              chapter or project or other more complex
                              initiatives. Or major improvements or
                              promotions to their projects. <br>
                            </div>
                            <span>
                              <div><br>
                              </div>
                              <div>  >Remember that the Board is just
                                a handful of leaders who were elected to
                                set the compass.</div>
                            </span>
                            <div>  Yes but how do they know where to go,
                              that's why the survey. The survey is the
                              compass. And the leaders are elected to
                              listed to the community.</div>
                            <div><br>
                            </div>
                            <div>And About committees...</div>
                            <div>The only existing active committee
                              right now is the Project Review (which I
                              still call myself a taskforce). I haven't
                              see much initiatives or participation from
                              other committees. So the committee concept
                              in theory seemed like a great idea but in
                              practice is not working because in my
                              eyes, creating a committee is creating a
                              mini board inside OWASP. We do not want to
                              create oligarchies in the end.</div>
                            <div><br>
                            </div>
                            <div>  I thik we should cut off that comitee
                              idea and be more practical. More like this</div>
                            <div><br>
                            </div>
                            <div>  Example:</div>
                            <div><br>
                            </div>
                            <div>
                              <ul>
                                <li>John Lita wants to create an academy
                                  portal but developing it costs money
                                  and resources that volunteers alone
                                  cannot be easy pull off(owaspa project
                                  was the same and died, just like many
                                  educational initiatives)<br>
                                </li>
                                <li>John must create a proposal with
                                  defined goals and how to reach them.
                                  He joins other volunteers in this
                                  effort. No need to be a commitee.<br>
                                </li>
                                <li> John & Claudia create a survey
                                  and seek support of the community<br>
                                </li>
                                <li>  If the idea has major feedback and
                                  volunteers, then John has the support
                                  from the staff to execute including
                                  looking for sponsors using crowdsource
                                  funding portals<br>
                                </li>
                                <li>Staff monitors development and
                                  results of the actions taken<br>
                                </li>
                                <li>Staff reports results to the
                                  community back</li>
                              </ul>
                            </div>
                            <div>This is in my eyes how I have been
                              working in the end, because , as
                              volunteers, available time mostly depends
                              on one or 2 passionate individuals like
                              John-Lita, which are more dedicated and
                              the rest follows...<br>
                            </div>
                            <div><br>
                            </div>
                            <div>Now if we want to change things, don't
                              tell me to set a committee, because Josh ,
                              this has not work so far. </div>
                            <div><br>
                            </div>
                            <div> Allow me  and let the staff know that
                              they should support me and any other
                              volunteers seeking for implementing their
                              ideas ;-). </div>
                            <div>Lets cut the red tape with committees
                              and let people know that if they want to
                              do something,</div>
                            <div>
                              <ul>
                                <li>Contact the staff. <br>
                                </li>
                                <li>Set a survey and gather support<br>
                                </li>
                                <li>Need more money? Set a crowd funding
                                  project @ <a moz-do-not-send="true"
                                    href="https://www.kickstarter.com"
                                    target="_blank">https://www.kickstarter.com</a>
                                  under OWASP</li>
                                <li>Volunteers implement idea or project
                                  with the support of owasp staff and
                                  other volunteers</li>
                              </ul>
                              <div>How do we get this idea to action? </div>
                              <div>Shall we create a survey? </div>
                              <div>Do you need to discuss this on a
                                board meeting?</div>
                            </div>
                            <div>How do I get empowered and let the
                              staff know that as a volunteer I have your
                              support for this?(if I do? </div>
                            <div><br>
                            </div>
                            <div>You see...how dependable I'm from the
                              board to be able to execute?</div>
                            <div><br>
                            </div>
                            <div>Off course I can always do this on my
                              own but them I better do it without
                              OWASP...</div>
                            <div><br>
                            </div>
                            <div>Regards</div>
                            <span><font color="#888888">
                                <div><br>
                                </div>
                                <div>Johanna</div>
                              </font></span></div>
                          <div>
                            <div>
                              <div class="gmail_extra"><br>
                                <div class="gmail_quote">On Mon, Aug 17,
                                  2015 at 10:55 AM, Josh Sokol <span
                                    dir="ltr"><<a
                                      moz-do-not-send="true"
                                      href="mailto:josh.sokol@owasp.org"
                                      target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span>
                                  wrote:<br>
                                  <blockquote class="gmail_quote"
                                    style="margin:0 0 0
                                    .8ex;border-left:1px #ccc
                                    solid;padding-left:1ex">
                                    <div dir="ltr">
                                      <div>
                                        <div>
                                          <div>
                                            <div>
                                              <div>
                                                <div>
                                                  <div>
                                                    <div>
                                                      <div>Johanna,<br>
                                                        <br>
                                                      </div>
                                                      Thank you for
                                                      putting your
                                                      thoughts out there
                                                      for everyone. 
                                                      Silence is not
                                                      good for anyone
                                                      and OWASP will be
                                                      far more
                                                      successful if we
                                                      know what our
                                                      leaders are
                                                      struggling with
                                                      and make a
                                                      conscious effort
                                                      to improve it.  I
                                                      think that many of
                                                      your points are
                                                      very valid and
                                                      strongly support
                                                      the idea of polls
                                                      to gauge community
                                                      support for
                                                      actions being
                                                      taken.  I also
                                                      support the idea
                                                      that the Board
                                                      should be making
                                                      as few of these
                                                      decisions as
                                                      possible and
                                                      putting the power
                                                      back in the hands
                                                      of the community
                                                      with support from
                                                      the staff.  The
                                                      Board should be
                                                      the "compass"
                                                      making sure that
                                                      we are moving in
                                                      the right
                                                      direction with the
                                                      community and
                                                      staff being the
                                                      ones actually
                                                      pushing us
                                                      forward.  That's
                                                      not to say that
                                                      members of the
                                                      Board won't have
                                                      their own projects
                                                      or initiatives,
                                                      but they do so as
                                                      part of the
                                                      community, not
                                                      because of their
                                                      roles on the
                                                      Board.  The
                                                      Committees 2.0
                                                      framework was a
                                                      first step in
                                                      driving this level
                                                      of empowerment
                                                      back to the
                                                      community while
                                                      maintaining
                                                      accountability and
                                                      providing
                                                      appropriately
                                                      scoped actions. 
                                                      My impression was
                                                      that the Projects
                                                      Committee was
                                                      rolling forward
                                                      quite well under
                                                      this guidance, but
                                                      it sounds like
                                                      maybe I was
                                                      wrong.  Are there
                                                      specific actions
                                                      that you have
                                                      tried to take on
                                                      the committee that
                                                      got blocked by the
                                                      Board or hung up
                                                      in "red tape"? 
                                                      Are there needs
                                                      for funding that
                                                      haven't been met?<br>
                                                      <br>
                                                    </div>
                                                    Regarding the
                                                    project vs chapter
                                                    funding schemas, I'm
                                                    not sure that there
                                                    is a good answer. 
                                                    Projects are
                                                    typically made up of
                                                    a pocket of
                                                    individuals. 
                                                    Typically one leader
                                                    with sometimes one
                                                    or two others
                                                    assisting.  Chapters
                                                    are typically
                                                    anywhere from 20
                                                    people to hundreds. 
                                                    We provide members
                                                    with the ability to
                                                    allocate their funds
                                                    to either, but most
                                                    associate themselves
                                                    with a chapter
                                                    rather than a
                                                    project because
                                                    that's where they
                                                    participate.  We
                                                    also have chapters
                                                    putting on
                                                    conferences with the
                                                    goal of raising
                                                    funds.  I don't
                                                    think there is
                                                    anything preventing
                                                    a project from doing
                                                    the same, but I
                                                    haven't seen it done
                                                    at this point. 
                                                    Those are the two
                                                    main ways that I see
                                                    chapters raising
                                                    money.  Yes, there
                                                    is certainly a
                                                    difference in
                                                    schemas and projects
                                                    will have a more
                                                    difficult time, but
                                                    that's also why
                                                    OWASP has a project
                                                    funding bucket. 
                                                    Money from these
                                                    local events as well
                                                    as funds raised by
                                                    our AppSec
                                                    conferences gets
                                                    budgeted
                                                    specifically for
                                                    this purpose.  To my
                                                    knowledge, no
                                                    reasonable request
                                                    for funds by
                                                    projects has been
                                                    denied.  Just
                                                    because there isn't
                                                    money sitting "ring
                                                    fenced" in an
                                                    account for the
                                                    projects, doesn't
                                                    mean that there
                                                    isn't money that can
                                                    be spent.  It just
                                                    means that it needs
                                                    to be requested from
                                                    the pool.  Yes, it's
                                                    a different model of
                                                    funding, but the end
                                                    result is the same. 
                                                    There are funds
                                                    available at OWASP
                                                    for everyone who
                                                    needs them.<br>
                                                    <br>
                                                  </div>
                                                  There are obviously
                                                  many things that need
                                                  to be improved at
                                                  OWASP and,
                                                  unfortunately, the
                                                  Board has been tied up
                                                  in rules, events,
                                                  bylaws, etc for a
                                                  while now.  It's
                                                  definitely not the
                                                  "fun" part of the job
                                                  and it is very time
                                                  consuming.  That said,
                                                  I would argue that
                                                  these are the things
                                                  that need to be
                                                  changed in order for
                                                  everyone else (staff,
                                                  community, etc) to be
                                                  able to be better
                                                  served.  We've made
                                                  several changes to the
                                                  Bylaws and are working
                                                  on more.  We've hired
                                                  an Executive Director
                                                  (Paul), an Event
                                                  Manager (Laura), a
                                                  Community Manager
                                                  (Noreen), and a
                                                  Project Coordinator
                                                  (Claudia) just in the
                                                  almost two years that
                                                  I've been on the
                                                  Board.  The needle on
                                                  the compass is set
                                                  and, while it takes
                                                  some time to right the
                                                  ship, we are getting
                                                  there by giving our
                                                  community the support
                                                  it requires to be
                                                  successful.  So,
                                                  here's my general
                                                  thought:<br>
                                                  <br>
                                                </div>
                                                1) If it's within the
                                                scope of a defined
                                                Committee, JUST DO IT!<br>
                                                <br>
                                              </div>
                                              2) If there's no Committee
                                              defined for it, CREATE
                                              ONE, then JUST DO IT!<br>
                                              <br>
                                            </div>
                                            3) If a Committee doesn't
                                            make sense, ASK THE STAFF
                                            FOR IT!<br>
                                            <br>
                                          </div>
                                          4) If asking the staff isn't
                                          working or we need to change a
                                          policy to make it happen, LET
                                          THE BOARD KNOW!<br>
                                          <br>
                                        </div>
                                        The Board should be the last
                                        resort, in my opinion, not the
                                        first.  We should be the
                                        enabler, not the bottleneck.  I
                                        think that our leaders make too
                                        many assumptions (probably based
                                        on past Board actions) about
                                        what needs to go to the Board
                                        and we need to get away from
                                        that.  Remember that the Board
                                        is just a handful of leaders who
                                        were elected to set the
                                        compass.  We have a finite
                                        number of things that we can
                                        handle and our Board meetings
                                        are typically overflowing with
                                        topics.  So, if something is
                                        bothering you, I would encourage
                                        you to change it.  That's why,
                                        with the David Rook situation, I
                                        encouraged creation of a new
                                        Committee to determine a
                                        reasonable solution.  If it
                                        requires a policy change by the
                                        Board, then we can vote on that,
                                        but asking the Board to take
                                        action just perpetuates the
                                        oligarchy that you mention in
                                        your e-mail.  Instead of pushing
                                        these issues up to the Board for
                                        action, let's have the community
                                        DECIDE what they want and have
                                        the Board change the compass
                                        needle via bylaws, policies, and
                                        staff discussions, accordingly. 
                                        At least, that's my vision for
                                        OWASP.  Is that something that
                                        you can get on board with?<span><font
                                            color="#888888"><br>
                                            <br>
                                          </font></span></div>
                                      <span><font color="#888888">~josh<br>
                                        </font></span></div>
                                    <div class="gmail_extra"><br>
                                      <div class="gmail_quote">
                                        <div>
                                          <div>On Mon, Aug 17, 2015 at
                                            8:11 AM, johanna curiel
                                            curiel <span dir="ltr"><<a
                                                moz-do-not-send="true"
                                                href="mailto:johanna.curiel@owasp.org"
                                                target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                            wrote:<br>
                                          </div>
                                        </div>
                                        <blockquote class="gmail_quote"
                                          style="margin:0 0 0
                                          .8ex;border-left:1px #ccc
                                          solid;padding-left:1ex">
                                          <div>
                                            <div>
                                              <div dir="ltr">Members of
                                                the board,
                                                <div><br>
                                                </div>
                                                <div>With the recent
                                                  issue regarding David
                                                  Rook, and my latest
                                                  experience with
                                                  red-tape, I'm
                                                  proposing the
                                                  following.</div>
                                                <div><br>
                                                </div>
                                                <div>My goals is to call
                                                  your attention to
                                                  these issues which I
                                                  have been observing
                                                  for a years and not as
                                                  a critique to your
                                                  work, but I think if
                                                  you do not pay
                                                  attention to these
                                                  issues and DO
                                                  something about them,
                                                  OWASP will loose
                                                  valuable community
                                                  participation.</div>
                                                <div>
                                                  <ul>
                                                    <li>When an
                                                      initiative is
                                                      proposed or
                                                      launched by a
                                                      member of the
                                                      board, this should
                                                      be followed up by
                                                      a survey where the
                                                      community can
                                                      vote.Wether is a
                                                      rule or money,
                                                      these decisions
                                                      should be taken
                                                      based on collected
                                                      data and proper
                                                      substantiation to
                                                      avoid oligarchy </li>
                                                    <li>When an
                                                      initiative is
                                                      launched by a
                                                      member of the
                                                      community,
                                                      especially when
                                                      this initiative
                                                      cost more than
                                                      10k, it should be
                                                      substantiated with
                                                      data how this
                                                      initiative will
                                                      benefit the
                                                      community. Also
                                                      should be followed
                                                      by a survey</li>
                                                    <li>Staff should
                                                      help creating the
                                                      survey and analyse
                                                      the votes</li>
                                                    <li><b>In other
                                                        words: do more
                                                        survey to find
                                                        out what the
                                                        community needs
                                                        and wants.</b></li>
                                                  </ul>
                                                  <div>My observations
                                                    and where I think
                                                    you need to give
                                                    more attention:</div>
                                                  <div><br>
                                                  </div>
                                                  <div>
                                                    <ul>
                                                      <li>Board/Executive
                                                        director should
                                                        work closer with
                                                        the staff for
                                                        guidance and
                                                        empowering their
                                                        role. I have the
                                                        feeling that the
                                                        staff is
                                                        paralysed
                                                        waiting for
                                                        instructions or
                                                        following strict
                                                        rules. The staff
                                                        should be
                                                        motivated to
                                                        take initiative
                                                        and implement
                                                        projects on
                                                        their own that
                                                        can help the
                                                        community. They
                                                        should not be
                                                        too dependent on
                                                        an Executive
                                                        director or
                                                        member of the
                                                        board for this
                                                        part</li>
                                                    </ul>
                                                  </div>
                                                </div>
                                                <div>As I see it ,OWASP
                                                  is known for his
                                                  Projects & Chapter
                                                  leaders which as
                                                  volunteers have
                                                  contributed the most
                                                  to set OWASP on the
                                                  spotlight. Therefore:</div>
                                                <div><br>
                                                </div>
                                                <div>
                                                  <ul>
                                                    <li>You should
                                                      determine and
                                                      implement better
                                                      ways  to provide
                                                      better funding
                                                      schemas for
                                                      projects . This is
                                                      something a
                                                      volunteer cannot
                                                      do. And <i>nothing</i>
                                                      has been done to
                                                      help  solve this
                                                      issue</li>
                                                    <li>There is an
                                                      unfair inequality
                                                      in the way
                                                      chapters can
                                                      generate funds vs
                                                      Projects.</li>
                                                    <li>Money is locked
                                                      down in the
                                                      chapters budget</li>
                                                    <li>Chapters outside
                                                      US & EU have
                                                      more struggles to
                                                      find support. You
                                                      should consider a
                                                      way to support
                                                      better these ones
                                                      since their
                                                      countries are not
                                                      developed in the
                                                      area of security
                                                      as countries in EU
                                                      and US.<br>
                                                    </li>
                                                    <li>Follow up: when
                                                      issues like David
                                                      Rook or a
                                                      volunteer
                                                      rants(like me or
                                                      others ) out of
                                                      frustation, take
                                                      action. Put it in
                                                      the agenda and try
                                                      to solve and
                                                      discuss the issues
                                                      to improve the
                                                      actual problems.
                                                      So far I have seen
                                                      very little follow
                                                      up on major issues
                                                      and discussions
                                                      raised in the
                                                      mailing lists</li>
                                                    <li>Way to much
                                                      attention to
                                                      rules, <i>events</i>
                                                      and bylaws etc.
                                                      Time to take
                                                      action and take
                                                      decisions and
                                                      propose plans for
                                                      improvements of
                                                      the actual
                                                      situation above
                                                      mentioned</li>
                                                  </ul>
                                                  <div>Being that said,
                                                    and with all due
                                                    respect to you, I
                                                    hope that you can
                                                    take actions and <i>execute</i>
                                                    improvements that
                                                    have been an issue
                                                    since I joined OWASP
                                                    3 years ago.</div>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Regards</div>
                                                <span><font
                                                    color="#888888">
                                                    <div><br>
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div>Johanna</div>
                                                    <div><br>
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                  </font></span></div>
                                              <br>
                                            </div>
                                          </div>
                                          <span>_______________________________________________<br>
                                            Governance mailing list<br>
                                            <a moz-do-not-send="true"
                                              href="mailto:Governance@lists.owasp.org"
                                              target="_blank">Governance@lists.owasp.org</a><br>
                                            <a moz-do-not-send="true"
                                              href="https://lists.owasp.org/mailman/listinfo/governance"
                                              rel="noreferrer"
                                              target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a><br>
                                            <br>
                                          </span></blockquote>
                                      </div>
                                      <br>
                                    </div>
                                  </blockquote>
                                </div>
                                <br>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                  </div>
                </div>
                <pre>_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
              </blockquote>
              <br>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      -- <br>
      You received this message because you are subscribed to the Google
      Groups "OWASP Projects Task Force" group.<br>
      To unsubscribe from this group and stop receiving emails from it,
      send an email to <a moz-do-not-send="true"
        href="mailto:projects-task-force+unsubscribe@owasp.org">projects-task-force+unsubscribe@owasp.org</a>.<br>
      To post to this group, send email to <a moz-do-not-send="true"
        href="mailto:projects-task-force@owasp.org">projects-task-force@owasp.org</a>.<br>
      To view this discussion on the web visit <a
        moz-do-not-send="true"
href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_2s%3DM%2BeEDxbGZNj-4ZLtYfxuAwU4wwLKHsuZ5ogB%3DNd7w%40mail.gmail.com?utm_medium=email&utm_source=footer"><a class="moz-txt-link-freetext" href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_2s%3DM%2BeEDxbGZNj-4ZLtYfxuAwU4wwLKHsuZ5ogB%3DNd7w%40mail.gmail.com">https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_2s%3DM%2BeEDxbGZNj-4ZLtYfxuAwU4wwLKHsuZ5ogB%3DNd7w%40mail.gmail.com</a></a>.<br>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">
</pre>
  </body>
</html>