<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>I'm unsure of the context here but retro fitting rules is generally bad. Changing rules going forward via vote is different. </div><div><br><br>Eoin Keary<div>OWASP Volunteer</div><div>@eoinkeary</div><div><span style="font-size: 13pt;"><br></span></div><div><br></div></div><div><br>On 18 Aug 2015, at 19:10, Jim Manico <<a href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div>
  
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  
  
    Eoin,<br>
    <br>
    The board is scattered all over the world right now. Some of our
    meetings were in the middle of the night for other board members. So
    while we have board attendance rules, we have to vote to remove a
    board member due to lack of attendance.  I think it's reasonable,
    even if we disagree. We are also considering changing the
    participation rules. <br>
    <br>
    Is that acceptable to you?<br>
    <br>
    Aloha,<br>
    Jim<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 8/18/15 8:04 AM, Eoin Keary wrote:<br>
    </div>
    <blockquote cite="mid:0C3F284E-30CD-4D92-BE9A-29879EA25FF6@owasp.org" type="cite">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <div>Sorry I have to write this email....but...</div>
      <div><br>
      </div>
      <div>I hope you don't change the rules just because certain
        members have not complied by them....</div>
      <div><br>
      </div>
      <div>I was forwarded some emails regarding board attendance today
        which appear that the 75% rule of board meeting attendance is
        now going to be changed because some folks on the board have
        issue with it. </div>
      <div><br>
      </div>
      <div>This is like turkeys voting for Christmas.</div>
      <div><br>
      </div>
      <div>I respectfully hope the board abides by its owen guidelines,
        if not I have great issue with the foundations governance.</div>
      <div><br>
      </div>
      <div>Respect, for the good guys in OWASP. </div>
      <div><br>
        <br>
        Eoin Keary
        <div>OWASP Volunteer</div>
        <div>@eoinkeary</div>
        <div><span style="font-size: 13pt;"><br>
          </span></div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 18 Aug 2015, at 17:08, Josh Sokol <<a moz-do-not-send="true" href="mailto:josh.sokol@owasp.org"></a><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <div dir="ltr">
            <div>
              <div>
                <div>
                  <div>
                    <div>Johanna,<br>
                      <br>
                      <blockquote style="margin:0px 0px 0px
                        0.8ex;border-left:1px solid
                        rgb(204,204,204);padding-left:1ex" class="gmail_quote">So far I remember , the idea
                        was proposed to the board by you and the board
                        took the decision to implement Committee 2.0. I
                        believe this was done with all good intentions
                        but is not working.<br>
                      </blockquote>
                      <br>
                    </div>
                    Actually, I would argue that even though there's
                    only a single committee right now, it is working
                    exactly as intended.  The truth is that OWASP's
                    leadership sits somewhere in-between an Oligarchy
                    (as you describe it) and an Anarchy.  We're
                    currently somewhere between Democracy and Ochlocracy
                    depending on the topic if you really want to get
                    technical.  In any case, what you need to realize is
                    that somebody needs to have the power to make
                    decisions or decisions will never get made and we
                    veer into Anarchy.  What Committees 2.0 did is
                    specify that decision making power starts with the
                    Board as they have the fiduciary responsibility for
                    the OWASP Foundation in all legal sense.  What it
                    also did is allow any of our leaders to carve out a
                    piece of that power that they are passionate about
                    and run with it, just as you did with projects.  I
                    really thought that we would see some other
                    committees pop up similar to what we had before in
                    other core areas of OWASP like Governance or
                    Chapters, but the fact that there isn't just tells
                    me that as of yet, no leader is passionate enough
                    about it to carve out that power.  Maybe it's
                    because of time commitments or because of some
                    perceived "red tape" or even (I hope) because most
                    people think the Board is doing an OK job making
                    decisions, but the fact is that the ability is there
                    and you are an example of it being used.  So, as I
                    said, the system is working.  Where this is a void
                    in the community wanting to take the power to make
                    decisions, the Board fills that void.  In other
                    words, if the community really thinks that they can
                    do something better than the Board, they can form a
                    Committee (or "Action Team" or "Initiative" or
                    whatever they want to call it), and do it.<br>
                    <br>
                    <blockquote style="margin:0px 0px 0px
                      0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex" class="gmail_quote">Projects are global. They
                      promote owasp at a global level. What is OWASP
                      known for? for its chapters? Its conferences? I
                      strongly believe OWASP is know for its projects,
                      Code Review, Testing guide, the Cheat Sheets,
                      ASVS, ZAP... Many references in major publications
                      refer to OWASP top ten and respect them because of
                      its projects.PCI  and major vendors use them as
                      reference and guidelines.<br>
                    </blockquote>
                    <br>
                  </div>
                  There is no doubt in my mind that Projects are
                  important for OWASP.  They spread our mission in
                  places where even our Chapters cannot go.  But, if you
                  want to talk about where most people interface with
                  OWASP, it's not projects, it's Chapters.  You won't
                  find a reference in a major publication to the OWASP
                  Austin Chapter, for example, but we held a CryptoParty
                  in January and invited members of our community, the
                  media, etc to participate because we wanted to educate
                  others on the importance of privacy.  You're
                  passionate about OWASP Projects, I get that, and I
                  love it.  I'm passionate about OWASP Chapters. 
                  Neither should be trivialized as they both play a very
                  important role within OWASP.<br>
                  <br>
                  <blockquote style="margin:0px 0px 0px
                    0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex" class="gmail_quote">I would like to see is a better
                    schema for them to get more awareness, especially
                    people doing great things and because of lack of
                    funds cannot promote their projects. Chapters are
                    rich ,projects are poor. That is in my opinion a
                    huge misbalance.<br>
                  </blockquote>
                  <br>
                </div>
                We have many chapters with small bank accounts, some
                even negative, and a few with quite large accounts. 
                Total it all up and it's a pretty decent sum of money. 
                But, what you're arguing for here is effectively
                Socialism.  You're saying that it doesn't matter that
                the OWASP chapter in Denver busted their ass (it is over
                a year's worth of effort by a team of people) to put on
                last year's AppSecUSA Conference.  It doesn't matter
                that it can cost a chapter hundreds if not thousands of
                dollars to rent meeting space, bring in food, fly in
                speakers, etc.  You only see that they have money, you
                do not, and you want it.  Not because you have a plan to
                spend it either, because if you did you could simply ask
                the Foundation for it, but because it is perceived as
                being disproportionate.  There is no payoff for OWASP's
                mission if we rob from the rich, give to the poor, and
                at the end of the day still just have money sitting in a
                savings account.  This highlights the underlying issue
                here.  The issue is not that Chapters or Projects HAVE
                money.  The issue is that they have money and are NOT
                SPENDING IT to further the OWASP Mission.  Thus, the
                approach to fix this issue (and I agree that it's an
                issue) shouldn't be to take away their money, it should
                be to get them to spend it.<br>
                <br>
                <blockquote style="margin:0px 0px 0px
                  0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex" class="gmail_quote">The
                  limit of USD2,000- for supporting a project leader a
                  year is for most leaders not enough. If a leader
                  outside US or EU is invited to blackhat , that amount
                  is not enough to cover his traveling expenses.  And
                  thats the maximum he can have in a year after filling
                  on forms and going through some back-and-forth emails
                  with the staff...<br>
                </blockquote>
                <br>
              </div>
              Ahhhhh, finally we get to the root of the issue.  The
              issue isn't that money isn't available, because, frankly,
              we had a significant amount of money budgeted last year
              that wasn't used.  The issue is that there is a cap on
              what any one project leader can request/spend.  My
              personal opinion here is that this $2k cap should be
              treated as a guideline, not a rule.  It is likely in place
              to prevent abuse by having a significant amount of money
              from the pool go to any one individual.  But, that cap
              certainly should not prevent the OWASP Foundation from
              investing in the projects, and people behind the projects,
              to make them better.  The Board entrusts Paul, as
              Executive Director, and the OWASP staff to handle the
              day-to-day operations of the OWASP Foundation.  Part of
              their job is to review these types of requests in order to
              determine whether they make sense and there are funds
              available.  That said, if you get to a point where you
              feel that they are being unreasonable, the Board can
              certainly step in and try to determine if an exception
              should be made.  So, net-net, maybe that $2k cap is too
              low.  Should we raise it?  If so, what should it be?  What
              amount would be reasonable for any one individual to
              consume from that shared pool of funds?  Guidelines can be
              changed.  Guidelines can even be overruled for the right
              reasons.  This is a relatively minor issue that it sounds
              like should be re-evaluated given rising costs, bigger
              budget pools, unused funds, etc.  Can you please come up
              with a reasonable proposal here and I will take that to
              the Board for approval to change this guideline?<br>
              <br>
              <blockquote style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex" class="gmail_quote">Should
                we scrap projects and focus to be a dedicated conference
                organisation?...thats what  I see is happening whether
                consciously or not. <br>
              </blockquote>
              <br>
            </div>
            Your perception is VERY far from the truth.  I've spent the
            past 8.5 years working with the OWASP Austin chapter and
            I've seen it grow from literally 3 people in a monthly
            meeting to around 70.  You, yourself, even said that OWASP
            is being referenced in major publications and our tools are
            being used around the globe.  That said, keep in mind that
            the OWASP mission is one of education, and conferences
            address that mission directly.  They are also the main
            fundraiser that helps to make sure that our chapters and
            projects have the money that they need in order to be
            successful.<br>
            <br>
            <blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px
              solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">Should we scrap conferences and focus
              to gather those funds to create a better platforms for
              projects and become the next Apache foundation?<br>
            </blockquote>
            <div><br>
            </div>
            <div>Where do you think those funds would come from?  By
              far, the majority of OWASP's annual revenue comes from
              AppSecUSA and AppSecEU.  To be frank, OWASP would be VERY
              different if it weren't for our conferences. <br>
              <br>
              <blockquote style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex" class="gmail_quote">Should
                we use crowdsource for gathering funds for projects
                through the OWASP foundation?<br>
              </blockquote>
              <br>
            </div>
            <div>This is not a mutually exclusive solution.  Yes,
              absolutely, use crowdfunding to gather funds for
              projects.  Please prove out this model of bringing another
              revenue source to OWASP.  I would imagine that this is a
              way that projects would be able to get funds that a
              chapter never could.  <br>
              <br>
              <blockquote style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex" class="gmail_quote">Project
                summits = events . Thats what I'm proposing. That
                Summits are treated like events to generate money for
                projects so they have also a fair way to generate money
                as chapters do. They will depend less from sponsors with
                commercial intentions.<br>
              </blockquote>
              <br>
            </div>
            <div>OK, but every project summit that we have had thus far
              has cost OWASP money, not made it.  Speaking as the former
              Co-Chair of LASCON and AppSecUSA, I can tell you that
              these types of events are a lot of work and that it is
              difficult to attract attendees.  Attendees actually barely
              end up covering their own costs (food, schwag, etc). 
              Sponsors and trainings are usually the ones who generate
              the profit for these events.  So, let's say you do a
              project summit.  How would you intend to attract attendees
              who are willing to pay for the content?  If not, how would
              you intend to attract sponsors whose sole purpose in being
              there is to sell product to the attendees?  Especially if
              you don't want sponsors with commercial intentions.  You
              would be lucky if you get enough sponsors to cover costs. 
              Or, in the situation of every past project summit that
              we've had, the Foundation ends up covering the
              difference.  I'm not saying that you shouldn't try to
              prove out this model.  I'm saying that it hasn't been
              proven to date.  Also, it's a bit naive to say that
              chapters leveraging their members and holding a conference
              isn't "fair".  We should be encouraging as many endeavors
              as we can at OWASP that spread our mission.  Even more so
              if they generate additional revenue because that helps to
              further our mission even more after the conference is
              over.  Nothing is stopping a project from having a
              conference.  This isn't a matter of "fair" or "unfair". 
              It's a matter of a team of people putting in the effort
              and making it happen.  Please don't trivialize those
              efforts.<br>
              <br>
              <blockquote style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex" class="gmail_quote">Also
                more focus on crowdsourcing projects. If people finds it
                a great idea they will sponsor it.<br>
              </blockquote>
              <br>
            </div>
            <div>As I said above, I think this is a great idea.  Let's
              do it!<br>
              <br>
              <blockquote style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex" class="gmail_quote">I
                will ask the staff to create a survey and ask the
                community about it.  This is my proposal and based on
                those results I hope and expect the board to take
                actions.</blockquote>
              <br>
            </div>
            <div>Ask the staff to create a survey?  Why not make the
              survey yourself?  What exactly are we surveying and why? 
              The only thing that I think you've identified as an actual
              issue preventing projects from operating efficiently is a
              cap on the amount of funding availing.  That doesn't
              require a survey to get changed, just a plan and an
              approval.  I can't guarantee support or action as it
              depends on the varying opinions of 7 unique individuals,
              but the Board would certainly evaluate any proposal that
              is put on the table.<br>
              <br>
            </div>
            <div>~josh<br>
            </div>
          </div>
          <div class="gmail_extra"><br>
            <div class="gmail_quote">On Mon, Aug 17, 2015 at 8:31 PM,
              johanna curiel curiel <span dir="ltr"><<a moz-do-not-send="true" href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a>></span>
              wrote:<br>
              <blockquote class="gmail_quote" style="margin:0 0 0
                .8ex;border-left:1px #ccc solid;padding-left:1ex">
                <div dir="ltr">Josh,
                  <div><br>
                  </div>
                  <div>
                    <div>So far I remember , the idea was proposed to
                      the board by you and the board took the decision
                      to implement Committee 2.0. I believe this was
                      done with all good intentions but is not working.</div>
                    <div><a moz-do-not-send="true" href="http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html" target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html</a><br>
                    </div>
                    <div><br>
                    </div>
                    <div>In this same email Sarah mentions:</div>
                    <div>
                      <pre style="white-space:pre-wrap;color:rgb(0,0,0)">The 2008 committees worked, for the most part, independently of each other.
This often created duplicate or even conflicting efforts leading to frustration.</pre>
                    </div>
                    <div>Results now: I'm the only committee called the
                      Project Task Force.Maybe thats why none wants to
                      create anymore committees.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>Projects are global. They promote owasp at a
                      global level. What is OWASP known for? for its
                      chapters? Its conferences? I strongly believe
                      OWASP is know for its projects, Code Review,
                      Testing guide, the Cheat Sheets, ASVS, ZAP... Many
                      references in major publications refer to OWASP
                      top ten and respect them because of its
                      projects.PCI  and major vendors use them as
                      reference and guidelines.</div>
                    <div><br>
                    </div>
                    <div>I would like to see is a better schema for them
                      to get more awareness, especially people doing
                      great things and because of lack of funds cannot
                      promote their projects. Chapters are rich
                      ,projects are poor. That is in my opinion a huge
                      misbalance. </div>
                    <div><br>
                    </div>
                    <div>The limit of USD2,000- for supporting a project
                      leader a year is for most leaders not enough. If a
                      leader outside US or EU is invited to blackhat ,
                      that amount is not enough to cover his traveling
                      expenses.  And thats the maximum he can have in a
                      year after filling on forms and going through some
                      back-and-forth emails with the staff...</div>
                    <div><br>
                    </div>
                    <div>
                      <ul>
                        <li>Should we scrap projects and focus to be a
                          dedicated conference organisation?...thats
                          what  I see is happening whether consciously
                          or not. <br>
                        </li>
                        <li>Should we scrap conferences and focus to
                          gather those funds to create a better
                          platforms for projects and become the next
                          Apache foundation?<br>
                        </li>
                        <li>Should we use crowdsource for gathering
                          funds for projects through the OWASP
                          foundation?<br>
                        </li>
                      </ul>
                    </div>
                    <div><br>
                    </div>
                    <div>I would like to see a solution to this or an
                      action.</div>
                    <div><br>
                    </div>
                    <div>
                      <div>Project summits = events . Thats what I'm
                        proposing. That Summits are treated like events
                        to generate money for projects so they have also
                        a fair way to generate money as chapters do.
                        They will depend less from sponsors with
                        commercial intentions.(easier to avoid  Logogate
                        issues and projects with the intention to
                        promote apssec companies). Also more focus on
                        crowdsourcing projects. If people finds it a
                        great idea they will sponsor it.</div>
                    </div>
                    <div><br>
                    </div>
                    <div>I will ask the staff to create a survey and ask
                      the community about it. This is my proposal and
                      based on those results I hope and expect the board
                      to take actions.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>regards</div>
                    <span class="HOEnZb"><font color="#888888">
                        <div><br>
                        </div>
                        <div>Johanna</div>
                        <div><br>
                        </div>
                        <div><br>
                        </div>
                      </font></span></div>
                </div>
                <div class="HOEnZb">
                  <div class="h5">
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Aug 17, 2015 at
                        7:41 PM, Mario Robles <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mario.robles@owasp.org" target="_blank"></a><a class="moz-txt-link-abbreviated" href="mailto:mario.robles@owasp.org">mario.robles@owasp.org</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000"> Hey
                            Josh,<br>
                            <br>
                            I could be wrong but the term Committee is
                            commonly associated with "bureaucracy" even
                            if it's not what you meant, at least it was
                            the first thing on top of my head, I'm sure
                            if you change the word Committee to
                            something like "Action Team" it would be
                            better accepted<br>
                            <br>
                            Just my point view,<br>
                            <br>
                            Mario
                            <div>
                              <div><br>
                                <div>
                                  <table style="font-size:12px">
                                    <tbody>
                                      <tr>
                                        <td><br>
                                        </td>
                                        <td> <br>
                                        </td>
                                      </tr>
                                    </tbody>
                                  </table>
                                </div>
                                <div>On 17/08/2015 04:21 p.m., Josh
                                  Sokol wrote:<br>
                                </div>
                              </div>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">
                                    <div>
                                      <div>
                                        <div>
                                          <div>
                                            <blockquote style="margin:0px 0px 0px
                                              0.8ex;border-left:1px
                                              solid
                                              rgb(204,204,204);padding-left:1ex" class="gmail_quote">I
                                              think we need to create
                                              Project Summits in the
                                              form of events with the
                                              whole purpose to gather
                                              funds for projects<br>
                                            </blockquote>
                                            <br>
                                          </div>
                                          Please forgive my ignorance. 
                                          How does a Project Summit
                                          generate funds for project? 
                                          Every Project Summit that we
                                          have had to date has cost the
                                          Foundation money, hasn't it? 
                                          Can you please elaborate?<br>
                                          <br>
                                          <blockquote style="margin:0px
                                            0px 0px
                                            0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex" class="gmail_quote">Look, Denver
                                            chapter has around 50K in
                                            their bucket. The richest
                                            Project is ZAP with 10k...
                                            but thats is the exception.
                                            Even worse when you look at
                                            chapters outside US or EU,
                                            mine has only USD40 dollars.
                                            Most projects have Zero
                                            Dollars.<br>
                                          </blockquote>
                                          <br>
                                        </div>
                                        I'm not sure I understand the
                                        fixation on what other chapters
                                        have in their bucket.  They have
                                        these funds because they worked
                                        hard to obtain them.  In the
                                        case of Denver, they ran last
                                        year's AppSecUSA Conference. 
                                        Just because they have money in
                                        their account, it doesn't mean
                                        that you aren't able to do
                                        things with the $40 you have in
                                        your account.  It just means
                                        that they have to use their
                                        account funds first before being
                                        able to use money from the
                                        Foundation pool while you would
                                        need to request funds from that
                                        pool for anything over $40.  Any
                                        sort of reallocation just moves
                                        the "ring fenced funds" issue to
                                        another account.  The model of
                                        chapters and projects having
                                        accounts is not what's broken
                                        here.  It's the model of
                                        chapters and projects saving
                                        their funds instead of spending
                                        them.  This is why I voted "no"
                                        on the Summer of Code
                                        initiative.  It was giving money
                                        to those who already had it and
                                        not forcing them to spend their
                                        funds first.  In any case, I'm
                                        not sure I understand why the
                                        amount of money Denver has in
                                        their account has any impact on
                                        any other chapter or project
                                        other than themselves.  We have
                                        tens of thousands of dollars
                                        allocated by the Foundation to
                                        project and chapters on an
                                        annual basis, much of which goes
                                        completely unused.  There is
                                        money available at OWASP for
                                        those who need it and I have yet
                                        to hear of a situation where
                                        someone was told otherwise.<br>
                                        <br>
                                        <blockquote style="margin:0px
                                          0px 0px 0.8ex;border-left:1px
                                          solid
                                          rgb(204,204,204);padding-left:1ex" class="gmail_quote">Yes but
                                          how do they know where to go,
                                          that's why the survey. The
                                          survey is the compass. And the
                                          leaders are elected to listed
                                          to the community.<br>
                                        </blockquote>
                                        <br>
                                      </div>
                                      I agree with this notion.  The
                                      OWASP Board should act in
                                      accordance with the desires of the
                                      community and should be doing
                                      frequent checks to confirm that
                                      initiatives are aligned.<br>
                                      <br>
                                      <blockquote style="margin:0px 0px
                                        0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex" class="gmail_quote">So the committee
                                        concept in theory seemed like a
                                        great idea but in practice is
                                        not working because in my eyes,
                                        creating a committee is creating
                                        a mini board inside OWASP.<br>
                                      </blockquote>
                                      <br>
                                    </div>
                                    To be honest, I have been surprised
                                    by the lack of desire to participate
                                    in OWASP Committees.  The community
                                    has said that they want empowerment
                                    and the goal of the committees was
                                    to do that.  But, now that it's
                                    there, nobody wants it?  Your
                                    example with John Lita follows the
                                    Committees 2.0 process almost
                                    verbatim.  The only difference is
                                    that it provides scoping to ensure
                                    that we don't have competing, or
                                    even worse, conflicting initiatives
                                    and it specifies that the
                                    individuals involved need to work
                                    within that scope.  Without it, you
                                    have a loosely knit group of people
                                    running around with their own
                                    individual initiatives.  At that
                                    level, OWASP is just a funding
                                    source for experimentation, not a
                                    Foundation.  There is no
                                    accountability, but the liability on
                                    the Foundation is still there. 
                                    Legally, we can't just have people
                                    running around spending money
                                    without any form of guidance.  <br>
                                    <br>
                                    <blockquote style="margin:0px 0px
                                      0px 0.8ex;border-left:1px solid
                                      rgb(204,204,204);padding-left:1ex" class="gmail_quote">
                                      <div> Allow me  and let the staff
                                        know that they should support me
                                        and any other volunteers seeking
                                        for implementing their ideas
                                        ;-). </div>
                                      <div>Lets cut the red tape with
                                        committees and let people know
                                        that if they want to do
                                        something,</div>
                                      <ul>
                                        <li>Contact the staff. <br>
                                        </li>
                                        <li>Set a survey and gather
                                          support<br>
                                        </li>
                                        <li>Need more money? Set a crowd
                                          funding project @ <a moz-do-not-send="true" href="https://www.kickstarter.com" target="_blank"></a><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a>
                                          under OWASP</li>
                                        <li>Volunteers implement idea or
                                          project with the support of
                                          owasp staff and other
                                          volunteers</li>
                                      </ul>
                                    </blockquote>
                                    <p>I'm not sure how this is that
                                      much different from a Committee. 
                                      Contact the community via the
                                      mailing list and gather support,
                                      scope the activities (ie. define
                                      the project), Board ensures that
                                      there's no conflict, do your
                                      thing.  The "red tape" that you
                                      keep referring to is just a
                                      process document that walks you
                                      through how to set up a
                                      committee.  After that's done, the
                                      idea was to empower you to act
                                      within the defined scope without
                                      going to the Board.  If we're
                                      talking specifically about
                                      projects, which it sounds like
                                      this is geared towards, then it's
                                      even easier.  Register as a
                                      project (so that staff knows you
                                      exist and can support you) and do
                                      your thing.  If you need money,
                                      ask for it.  I'm not sure I see
                                      the problem here.  I'm also not
                                      sure what you're asking for as it
                                      doesn't seem that different to me
                                      than how the status quo is
                                      supposed to operate.  Is it
                                      operating differently in practice
                                      than it should in theory?  I don't
                                      have an OWASP project and so
                                      perhaps I'm blind to the
                                      realities.  If so, then the
                                      specific issues need to be
                                      addressed by bylaw change, policy
                                      change, staff engagement, etc.  So
                                      far, all you've said is "projects
                                      need money", which you have access
                                      to, and "cut the red tape", of
                                      which I don't see anything more
                                      than a step to say "Hey, I want to
                                      be a project".  Please help me to
                                      understand.<br>
                                    </p>
                                    ~josh<br>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Mon, Aug
                                      17, 2015 at 12:04 PM, johanna
                                      curiel curiel <span dir="ltr"><<a moz-do-not-send="true" href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote" style="margin:0 0 0
                                        .8ex;border-left:1px #ccc
                                        solid;padding-left:1ex">
                                        <div dir="ltr"><span>
                                            <div> >I don't think
                                              there is anything
                                              preventing a project from
                                              doing the same, but I
                                              haven't seen it done at
                                              this point.</div>
                                            <div><br>
                                            </div>
                                          </span>
                                          <div>I think we need to create
                                            Project Summits in the form
                                            of events with the whole
                                            purpose to gather funds for
                                            projects .Open samm has done
                                            this and I think we can try
                                            that. Fo that we need the
                                            support of the staff
                                            Business liaison, Event
                                            manager, just as they put
                                            their work and efforts in
                                            Events and appsecs. Here cut
                                            share between OWASp staff
                                            time and projects can also
                                            be done.</div>
                                          <span>
                                            <div><br>
                                            </div>
                                            <div> >OWASP has a
                                              project funding bucket.</div>
                                          </span>
                                          <div>Look, Denver chapter has
                                            around 50K in their bucket.
                                            The richest Project is ZAP
                                            with 10k... but thats is the
                                            exception. Even worse when
                                            you look at chapters outside
                                            US or EU, mine has only
                                            USD40 dollars. Most projects
                                            have Zero Dollars.</div>
                                          <div>And the limits right now
                                            are a support but do not
                                            help to get important things
                                            moving like OWASP Academy
                                            portal, Leaders like
                                            Azzedine assist and show
                                            case his chapter or project
                                            or other more complex
                                            initiatives. Or major
                                            improvements or promotions
                                            to their projects. <br>
                                          </div>
                                          <span>
                                            <div><br>
                                            </div>
                                            <div>  >Remember that the
                                              Board is just a handful of
                                              leaders who were elected
                                              to set the compass.</div>
                                          </span>
                                          <div>  Yes but how do they
                                            know where to go, that's why
                                            the survey. The survey is
                                            the compass. And the leaders
                                            are elected to listed to the
                                            community.</div>
                                          <div><br>
                                          </div>
                                          <div>And About committees...</div>
                                          <div>The only existing active
                                            committee right now is the
                                            Project Review (which I
                                            still call myself a
                                            taskforce). I haven't see
                                            much initiatives or
                                            participation from other
                                            committees. So the committee
                                            concept in theory seemed
                                            like a great idea but in
                                            practice is not working
                                            because in my eyes, creating
                                            a committee is creating a
                                            mini board inside OWASP. We
                                            do not want to create
                                            oligarchies in the end.</div>
                                          <div><br>
                                          </div>
                                          <div>  I thik we should cut
                                            off that comitee idea and be
                                            more practical. More like
                                            this</div>
                                          <div><br>
                                          </div>
                                          <div>  Example:</div>
                                          <div><br>
                                          </div>
                                          <div>
                                            <ul>
                                              <li>John Lita wants to
                                                create an academy portal
                                                but developing it costs
                                                money and resources that
                                                volunteers alone cannot
                                                be easy pull off(owaspa
                                                project was the same and
                                                died, just like many
                                                educational initiatives)<br>
                                              </li>
                                              <li>John must create a
                                                proposal with defined
                                                goals and how to reach
                                                them. He joins other
                                                volunteers in this
                                                effort. No need to be a
                                                commitee.<br>
                                              </li>
                                              <li> John & Claudia
                                                create a survey and seek
                                                support of the community<br>
                                              </li>
                                              <li>  If the idea has
                                                major feedback and
                                                volunteers, then John
                                                has the support from the
                                                staff to execute
                                                including looking for
                                                sponsors using
                                                crowdsource funding
                                                portals<br>
                                              </li>
                                              <li>Staff monitors
                                                development and results
                                                of the actions taken<br>
                                              </li>
                                              <li>Staff reports results
                                                to the community back</li>
                                            </ul>
                                          </div>
                                          <div>This is in my eyes how I
                                            have been working in the
                                            end, because , as
                                            volunteers, available time
                                            mostly depends on one or 2
                                            passionate individuals like
                                            John-Lita, which are more
                                            dedicated and the rest
                                            follows...<br>
                                          </div>
                                          <div><br>
                                          </div>
                                          <div>Now if we want to change
                                            things, don't tell me to set
                                            a committee, because Josh ,
                                            this has not work so far. </div>
                                          <div><br>
                                          </div>
                                          <div> Allow me  and let the
                                            staff know that they should
                                            support me and any other
                                            volunteers seeking for
                                            implementing their ideas
                                            ;-). </div>
                                          <div>Lets cut the red tape
                                            with committees and let
                                            people know that if they
                                            want to do something,</div>
                                          <div>
                                            <ul>
                                              <li>Contact the staff. <br>
                                              </li>
                                              <li>Set a survey and
                                                gather support<br>
                                              </li>
                                              <li>Need more money? Set a
                                                crowd funding project @ <a moz-do-not-send="true" href="https://www.kickstarter.com" target="_blank"></a><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a>
                                                under OWASP</li>
                                              <li>Volunteers implement
                                                idea or project with the
                                                support of owasp staff
                                                and other volunteers</li>
                                            </ul>
                                            <div>How do we get this idea
                                              to action? </div>
                                            <div>Shall we create a
                                              survey? </div>
                                            <div>Do you need to discuss
                                              this on a board meeting?</div>
                                          </div>
                                          <div>How do I get empowered
                                            and let the staff know that
                                            as a volunteer I have your
                                            support for this?(if I do? </div>
                                          <div><br>
                                          </div>
                                          <div>You see...how dependable
                                            I'm from the board to be
                                            able to execute?</div>
                                          <div><br>
                                          </div>
                                          <div>Off course I can always
                                            do this on my own but them I
                                            better do it without
                                            OWASP...</div>
                                          <div><br>
                                          </div>
                                          <div>Regards</div>
                                          <span><font color="#888888">
                                              <div><br>
                                              </div>
                                              <div>Johanna</div>
                                            </font></span></div>
                                        <div>
                                          <div>
                                            <div class="gmail_extra"><br>
                                              <div class="gmail_quote">On
                                                Mon, Aug 17, 2015 at
                                                10:55 AM, Josh Sokol <span dir="ltr"><<a moz-do-not-send="true" href="mailto:josh.sokol@owasp.org" target="_blank"></a><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a>></span>
                                                wrote:<br>
                                                <blockquote class="gmail_quote" style="margin:0 0 0
                                                  .8ex;border-left:1px
                                                  #ccc
                                                  solid;padding-left:1ex">
                                                  <div dir="ltr">
                                                    <div>
                                                      <div>
                                                        <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>Johanna,<br>
                                                          <br>
                                                          </div>
                                                          Thank you for
                                                          putting your
                                                          thoughts out
                                                          there for
                                                          everyone. 
                                                          Silence is not
                                                          good for
                                                          anyone and
                                                          OWASP will be
                                                          far more
                                                          successful if
                                                          we know what
                                                          our leaders
                                                          are struggling
                                                          with and make
                                                          a conscious
                                                          effort to
                                                          improve it.  I
                                                          think that
                                                          many of your
                                                          points are
                                                          very valid and
                                                          strongly
                                                          support the
                                                          idea of polls
                                                          to gauge
                                                          community
                                                          support for
                                                          actions being
                                                          taken.  I also
                                                          support the
                                                          idea that the
                                                          Board should
                                                          be making as
                                                          few of these
                                                          decisions as
                                                          possible and
                                                          putting the
                                                          power back in
                                                          the hands of
                                                          the community
                                                          with support
                                                          from the
                                                          staff.  The
                                                          Board should
                                                          be the
                                                          "compass"
                                                          making sure
                                                          that we are
                                                          moving in the
                                                          right
                                                          direction with
                                                          the community
                                                          and staff
                                                          being the ones
                                                          actually
                                                          pushing us
                                                          forward. 
                                                          That's not to
                                                          say that
                                                          members of the
                                                          Board won't
                                                          have their own
                                                          projects or
                                                          initiatives,
                                                          but they do so
                                                          as part of the
                                                          community, not
                                                          because of
                                                          their roles on
                                                          the Board. 
                                                          The Committees
                                                          2.0 framework
                                                          was a first
                                                          step in
                                                          driving this
                                                          level of
                                                          empowerment
                                                          back to the
                                                          community
                                                          while
                                                          maintaining
                                                          accountability
                                                          and providing
                                                          appropriately
                                                          scoped
                                                          actions.  My
                                                          impression was
                                                          that the
                                                          Projects
                                                          Committee was
                                                          rolling
                                                          forward quite
                                                          well under
                                                          this guidance,
                                                          but it sounds
                                                          like maybe I
                                                          was wrong. 
                                                          Are there
                                                          specific
                                                          actions that
                                                          you have tried
                                                          to take on the
                                                          committee that
                                                          got blocked by
                                                          the Board or
                                                          hung up in
                                                          "red tape"? 
                                                          Are there
                                                          needs for
                                                          funding that
                                                          haven't been
                                                          met?<br>
                                                          <br>
                                                          </div>
                                                          Regarding the
                                                          project vs
                                                          chapter
                                                          funding
                                                          schemas, I'm
                                                          not sure that
                                                          there is a
                                                          good answer. 
                                                          Projects are
                                                          typically made
                                                          up of a pocket
                                                          of
                                                          individuals. 
                                                          Typically one
                                                          leader with
                                                          sometimes one
                                                          or two others
                                                          assisting. 
                                                          Chapters are
                                                          typically
                                                          anywhere from
                                                          20 people to
                                                          hundreds.  We
                                                          provide
                                                          members with
                                                          the ability to
                                                          allocate their
                                                          funds to
                                                          either, but
                                                          most associate
                                                          themselves
                                                          with a chapter
                                                          rather than a
                                                          project
                                                          because that's
                                                          where they
                                                          participate. 
                                                          We also have
                                                          chapters
                                                          putting on
                                                          conferences
                                                          with the goal
                                                          of raising
                                                          funds.  I
                                                          don't think
                                                          there is
                                                          anything
                                                          preventing a
                                                          project from
                                                          doing the
                                                          same, but I
                                                          haven't seen
                                                          it done at
                                                          this point. 
                                                          Those are the
                                                          two main ways
                                                          that I see
                                                          chapters
                                                          raising
                                                          money.  Yes,
                                                          there is
                                                          certainly a
                                                          difference in
                                                          schemas and
                                                          projects will
                                                          have a more
                                                          difficult
                                                          time, but
                                                          that's also
                                                          why OWASP has
                                                          a project
                                                          funding
                                                          bucket.  Money
                                                          from these
                                                          local events
                                                          as well as
                                                          funds raised
                                                          by our AppSec
                                                          conferences
                                                          gets budgeted
                                                          specifically
                                                          for this
                                                          purpose.  To
                                                          my knowledge,
                                                          no reasonable
                                                          request for
                                                          funds by
                                                          projects has
                                                          been denied. 
                                                          Just because
                                                          there isn't
                                                          money sitting
                                                          "ring fenced"
                                                          in an account
                                                          for the
                                                          projects,
                                                          doesn't mean
                                                          that there
                                                          isn't money
                                                          that can be
                                                          spent.  It
                                                          just means
                                                          that it needs
                                                          to be
                                                          requested from
                                                          the pool. 
                                                          Yes, it's a
                                                          different
                                                          model of
                                                          funding, but
                                                          the end result
                                                          is the same. 
                                                          There are
                                                          funds
                                                          available at
                                                          OWASP for
                                                          everyone who
                                                          needs them.<br>
                                                          <br>
                                                          </div>
                                                          There are
                                                          obviously many
                                                          things that
                                                          need to be
                                                          improved at
                                                          OWASP and,
                                                          unfortunately,
                                                          the Board has
                                                          been tied up
                                                          in rules,
                                                          events,
                                                          bylaws, etc
                                                          for a while
                                                          now.  It's
                                                          definitely not
                                                          the "fun" part
                                                          of the job and
                                                          it is very
                                                          time
                                                          consuming. 
                                                          That said, I
                                                          would argue
                                                          that these are
                                                          the things
                                                          that need to
                                                          be changed in
                                                          order for
                                                          everyone else
                                                          (staff,
                                                          community,
                                                          etc) to be
                                                          able to be
                                                          better
                                                          served.  We've
                                                          made several
                                                          changes to the
                                                          Bylaws and are
                                                          working on
                                                          more.  We've
                                                          hired an
                                                          Executive
                                                          Director
                                                          (Paul), an
                                                          Event Manager
                                                          (Laura), a
                                                          Community
                                                          Manager
                                                          (Noreen), and
                                                          a Project
                                                          Coordinator
                                                          (Claudia) just
                                                          in the almost
                                                          two years that
                                                          I've been on
                                                          the Board. 
                                                          The needle on
                                                          the compass is
                                                          set and, while
                                                          it takes some
                                                          time to right
                                                          the ship, we
                                                          are getting
                                                          there by
                                                          giving our
                                                          community the
                                                          support it
                                                          requires to be
                                                          successful. 
                                                          So, here's my
                                                          general
                                                          thought:<br>
                                                          <br>
                                                          </div>
                                                          1) If it's
                                                          within the
                                                          scope of a
                                                          defined
                                                          Committee,
                                                          JUST DO IT!<br>
                                                          <br>
                                                          </div>
                                                          2) If there's
                                                          no Committee
                                                          defined for
                                                          it, CREATE
                                                          ONE, then JUST
                                                          DO IT!<br>
                                                          <br>
                                                          </div>
                                                          3) If a
                                                          Committee
                                                          doesn't make
                                                          sense, ASK THE
                                                          STAFF FOR IT!<br>
                                                          <br>
                                                        </div>
                                                        4) If asking the
                                                        staff isn't
                                                        working or we
                                                        need to change a
                                                        policy to make
                                                        it happen, LET
                                                        THE BOARD KNOW!<br>
                                                        <br>
                                                      </div>
                                                      The Board should
                                                      be the last
                                                      resort, in my
                                                      opinion, not the
                                                      first.  We should
                                                      be the enabler,
                                                      not the
                                                      bottleneck.  I
                                                      think that our
                                                      leaders make too
                                                      many assumptions
                                                      (probably based on
                                                      past Board
                                                      actions) about
                                                      what needs to go
                                                      to the Board and
                                                      we need to get
                                                      away from that. 
                                                      Remember that the
                                                      Board is just a
                                                      handful of leaders
                                                      who were elected
                                                      to set the
                                                      compass.  We have
                                                      a finite number of
                                                      things that we can
                                                      handle and our
                                                      Board meetings are
                                                      typically
                                                      overflowing with
                                                      topics.  So, if
                                                      something is
                                                      bothering you, I
                                                      would encourage
                                                      you to change it. 
                                                      That's why, with
                                                      the David Rook
                                                      situation, I
                                                      encouraged
                                                      creation of a new
                                                      Committee to
                                                      determine a
                                                      reasonable
                                                      solution.  If it
                                                      requires a policy
                                                      change by the
                                                      Board, then we can
                                                      vote on that, but
                                                      asking the Board
                                                      to take action
                                                      just perpetuates
                                                      the oligarchy that
                                                      you mention in
                                                      your e-mail. 
                                                      Instead of pushing
                                                      these issues up to
                                                      the Board for
                                                      action, let's have
                                                      the community
                                                      DECIDE what they
                                                      want and have the
                                                      Board change the
                                                      compass needle via
                                                      bylaws, policies,
                                                      and staff
                                                      discussions,
                                                      accordingly.  At
                                                      least, that's my
                                                      vision for OWASP. 
                                                      Is that something
                                                      that you can get
                                                      on board with?<span><font color="#888888"><br>
                                                          <br>
                                                        </font></span></div>
                                                    <span><font color="#888888">~josh<br>
                                                      </font></span></div>
                                                  <div class="gmail_extra"><br>
                                                    <div class="gmail_quote">
                                                      <div>
                                                        <div>On Mon, Aug
                                                          17, 2015 at
                                                          8:11 AM,
                                                          johanna curiel
                                                          curiel <span dir="ltr"><<a moz-do-not-send="true" href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a>></span>
                                                          wrote:<br>
                                                        </div>
                                                      </div>
                                                      <blockquote class="gmail_quote" style="margin:0
                                                        0 0
                                                        .8ex;border-left:1px
                                                        #ccc
                                                        solid;padding-left:1ex">
                                                        <div>
                                                          <div>
                                                          <div dir="ltr">Members
                                                          of the board,
                                                          <div><br>
                                                          </div>
                                                          <div>With the
                                                          recent issue
                                                          regarding
                                                          David Rook,
                                                          and my latest
                                                          experience
                                                          with red-tape,
                                                          I'm proposing
                                                          the following.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>My goals
                                                          is to call
                                                          your attention
                                                          to these
                                                          issues which I
                                                          have been
                                                          observing for
                                                          a years and
                                                          not as a
                                                          critique to
                                                          your work, but
                                                          I think if you
                                                          do not pay
                                                          attention to
                                                          these issues
                                                          and DO
                                                          something
                                                          about them,
                                                          OWASP will
                                                          loose valuable
                                                          community
                                                          participation.</div>
                                                          <div>
                                                          <ul>
                                                          <li>When an
                                                          initiative is
                                                          proposed or
                                                          launched by a
                                                          member of the
                                                          board, this
                                                          should be
                                                          followed up by
                                                          a survey where
                                                          the community
                                                          can
                                                          vote.Wether is
                                                          a rule or
                                                          money, these
                                                          decisions
                                                          should be
                                                          taken based on
                                                          collected data
                                                          and proper
                                                          substantiation
                                                          to avoid
                                                          oligarchy </li>
                                                          <li>When an
                                                          initiative is
                                                          launched by a
                                                          member of the
                                                          community,
                                                          especially
                                                          when this
                                                          initiative
                                                          cost more than
                                                          10k, it should
                                                          be
                                                          substantiated
                                                          with data how
                                                          this
                                                          initiative
                                                          will benefit
                                                          the community.
                                                          Also should be
                                                          followed by a
                                                          survey</li>
                                                          <li>Staff
                                                          should help
                                                          creating the
                                                          survey and
                                                          analyse the
                                                          votes</li>
                                                          <li><b>In
                                                          other words:
                                                          do more survey
                                                          to find out
                                                          what the
                                                          community
                                                          needs and
                                                          wants.</b></li>
                                                          </ul>
                                                          <div>My
                                                          observations
                                                          and where I
                                                          think you need
                                                          to give more
                                                          attention:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <ul>
                                                          <li>Board/Executive
                                                          director
                                                          should work
                                                          closer with
                                                          the staff for
                                                          guidance and
                                                          empowering
                                                          their role. I
                                                          have the
                                                          feeling that
                                                          the staff is
                                                          paralysed
                                                          waiting for
                                                          instructions
                                                          or following
                                                          strict rules.
                                                          The staff
                                                          should be
                                                          motivated to
                                                          take
                                                          initiative and
                                                          implement
                                                          projects on
                                                          their own that
                                                          can help the
                                                          community.
                                                          They should
                                                          not be too
                                                          dependent on
                                                          an Executive
                                                          director or
                                                          member of the
                                                          board for this
                                                          part</li>
                                                          </ul>
                                                          </div>
                                                          </div>
                                                          <div>As I see
                                                          it ,OWASP is
                                                          known for his
                                                          Projects &
                                                          Chapter
                                                          leaders which
                                                          as volunteers
                                                          have
                                                          contributed
                                                          the most to
                                                          set OWASP on
                                                          the spotlight.
                                                          Therefore:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <ul>
                                                          <li>You should
                                                          determine and
                                                          implement
                                                          better ways
                                                           to provide
                                                          better funding
                                                          schemas for
                                                          projects .
                                                          This is
                                                          something a
                                                          volunteer
                                                          cannot do. And
                                                          <i>nothing</i>
                                                          has been done
                                                          to help  solve
                                                          this issue</li>
                                                          <li>There is
                                                          an unfair
                                                          inequality in
                                                          the way
                                                          chapters can
                                                          generate funds
                                                          vs Projects.</li>
                                                          <li>Money is
                                                          locked down in
                                                          the chapters
                                                          budget</li>
                                                          <li>Chapters
                                                          outside US
                                                          & EU have
                                                          more struggles
                                                          to find
                                                          support. You
                                                          should
                                                          consider a way
                                                          to support
                                                          better these
                                                          ones since
                                                          their
                                                          countries are
                                                          not developed
                                                          in the area of
                                                          security as
                                                          countries in
                                                          EU and US.<br>
                                                          </li>
                                                          <li>Follow up:
                                                          when issues
                                                          like David
                                                          Rook or a
                                                          volunteer
                                                          rants(like me
                                                          or others )
                                                          out of
                                                          frustation,
                                                          take action.
                                                          Put it in the
                                                          agenda and try
                                                          to solve and
                                                          discuss the
                                                          issues to
                                                          improve the
                                                          actual
                                                          problems. So
                                                          far I have
                                                          seen very
                                                          little follow
                                                          up on major
                                                          issues and
                                                          discussions
                                                          raised in the
                                                          mailing lists</li>
                                                          <li>Way to
                                                          much attention
                                                          to rules, <i>events</i>
                                                          and bylaws
                                                          etc. Time to
                                                          take action
                                                          and take
                                                          decisions and
                                                          propose plans
                                                          for
                                                          improvements
                                                          of the actual
                                                          situation
                                                          above
                                                          mentioned</li>
                                                          </ul>
                                                          <div>Being
                                                          that said, and
                                                          with all due
                                                          respect to
                                                          you, I hope
                                                          that you can
                                                          take actions
                                                          and <i>execute</i>
                                                          improvements
                                                          that have been
                                                          an issue since
                                                          I joined OWASP
                                                          3 years ago.</div>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards</div>
                                                          <span><font color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </font></span></div>
                                                          <br>
                                                          </div>
                                                        </div>
                                                        <span>_______________________________________________<br>
                                                          Governance
                                                          mailing list<br>
                                                          <a moz-do-not-send="true" href="mailto:Governance@lists.owasp.org" target="_blank"></a><a class="moz-txt-link-abbreviated" href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a><br>
                                                          <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/governance" rel="noreferrer" target="_blank"></a><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a><br>
                                                          <br>
                                                        </span></blockquote>
                                                    </div>
                                                    <br>
                                                  </div>
                                                </blockquote>
                                              </div>
                                              <br>
                                            </div>
                                          </div>
                                        </div>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                  <br>
                                  <fieldset></fieldset>
                                  <br>
                                </div>
                              </div>
                              <pre>_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
                            </blockquote>
                            <br>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </div>
                </div>
              </blockquote>
            </div>
            <br>
          </div>
        </div>
      </blockquote>
      <blockquote type="cite">
        <div><span>_______________________________________________</span><br>
          <span>Governance mailing list</span><br>
          <span><a moz-do-not-send="true" href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a></span><br>
          <span><a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a></span><br>
        </div>
      </blockquote>
      -- <br>
      You received this message because you are subscribed to the Google
      Groups "OWASP Projects Task Force" group.<br>
      To unsubscribe from this group and stop receiving emails from it,
      send an email to <a moz-do-not-send="true" href="mailto:projects-task-force+unsubscribe@owasp.org">projects-task-force+unsubscribe@owasp.org</a>.<br>
      To post to this group, send email to <a moz-do-not-send="true" href="mailto:projects-task-force@owasp.org">projects-task-force@owasp.org</a>.<br>
      To view this discussion on the web visit <a moz-do-not-send="true" href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/0C3F284E-30CD-4D92-BE9A-29879EA25FF6%40owasp.org?utm_medium=email&utm_source=footer"></a><a class="moz-txt-link-freetext" href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/0C3F284E-30CD-4D92-BE9A-29879EA25FF6%40owasp.org">https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/0C3F284E-30CD-4D92-BE9A-29879EA25FF6%40owasp.org</a>.<br>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  

</div></blockquote></body></html>