[Owasp-leaders] Indemnity

Christian Heinrich christian.heinrich at owasp.org
Wed Aug 10 21:28:53 EDT 2011


On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>wrote:

> Most companies have an indemnity clause in their bylaws because officers
> and directors have a fiduciary duty to the company.  A fiduciary duty
> entails a Duty of Loyalty and Duty of Care.

What is the difference between a "Company" and a "Not for Profit Foundation"
i.e. OWASP as defined by USA Law?

On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>

> A duty of loyalty requires officers and directors to place the interests of
> the organization above their own.  This implies that officers and directors
> cannot usurp opportunities for themselves which could have be taken by the
> organization unless notifying non-interested directors and getting approval
> or if the organization would not be able to avail itself of the opportunity.
>  If an officer or director breaches this duty they can be sued.  However,
> the indemnity will only apply when the officer or director does not have an
> adverse ruling against him/her in the proceeding.  If the officer or
> director is found to have acted in bad faith they, individually, he/she will
> be responsible for paying their attorney's fees (no indemnity and
> accountability).

On a slight tangent, does the above paragraph infer that OWASP Board Members
have to declare all commercial opportunities, i.e. webappsec product or
professional service, delivered by their respective employer?

I am very much in favor of reducing perceived conflict of interests within
the OWASP Board.

On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>

> Members do not have a fiduciary duty to the organization per se.  However,
> if a member is acting as an agent of the organization and the organization
> has held the agent out as representing the organization or acknowledged the
> agency relationship then the organization will be liable for the member's
> actions (indemnity).  An example of agency would be were members set up
> conferences like AppSec USA and sign contracts for the venue, food,
> services, etc. on behalf of OWASP.  So there is indemnity of members in
> certain cases.

I believe this addresses my request and is therefore similar to my
experience in NSW, Australia i.e.

Does this indemnity extend to:
1. Libel/slander on OWASP Mailing Lists and Chapter Meetings or Conferences?
2. Lack of OH&S, such as an attendee breaking their arm in a fall at an
OWASP Chapter Meeting or Conference?

On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>

> But requiring OWASP to indemnify all of its members would be a tremendous
> legal burden. Especially if the member is not acting as an agent for OWASP.
>  This would open OWASP to potential liability for actions that any member
> partakes (hacking government institutions, negligence, as well as other
> criminal and civil torts).

The above would then be addressed by their employer's indemnity insurance -

On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:

> I have to say this is an unreasonable request and it is not related to
> Americans trying to control everything.

I deliberately avoided making reference to this - rather I am interested in
the difference between the USA and Australian (State) Laws regarding "Not
For Profits".

On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:

> I attended this year's OWASP leadership conference in Lisbon, Portugal.
>  This conference was not held in the states.  And although it was a pain
> flying to Europe from the US I think we had good representation of members
> outside of the US for leadership purposes.  This shows that OWASP is
> globally centric and not US centric.

I might address the Summit in a separate thread.  However, the OWASP
Community has extended beyond Europe and USA.

On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:

> Come guys, OWASP wants to support and reach out to the world.

Thanks for taking the time to clarify this in detail.

Christian Heinrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110811/b73861ce/attachment.html 

More information about the OWASP-Leaders mailing list