[Owasp-leaders] Indemnity
Christian Heinrich
christian.heinrich at owasp.org
Wed Aug 10 21:28:53 EDT 2011
Abraham,
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>wrote:
> Most companies have an indemnity clause in their bylaws because officers
> and directors have a fiduciary duty to the company. A fiduciary duty
> entails a Duty of Loyalty and Duty of Care.
>
What is the difference between a "Company" and a "Not for Profit Foundation"
i.e. OWASP as defined by USA Law?
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>
wrote:
> A duty of loyalty requires officers and directors to place the interests of
> the organization above their own. This implies that officers and directors
> cannot usurp opportunities for themselves which could have be taken by the
> organization unless notifying non-interested directors and getting approval
> or if the organization would not be able to avail itself of the opportunity.
> If an officer or director breaches this duty they can be sued. However,
> the indemnity will only apply when the officer or director does not have an
> adverse ruling against him/her in the proceeding. If the officer or
> director is found to have acted in bad faith they, individually, he/she will
> be responsible for paying their attorney's fees (no indemnity and
> accountability).
>
On a slight tangent, does the above paragraph infer that OWASP Board Members
have to declare all commercial opportunities, i.e. webappsec product or
professional service, delivered by their respective employer?
I am very much in favor of reducing perceived conflict of interests within
the OWASP Board.
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>
wrote:
> Members do not have a fiduciary duty to the organization per se. However,
> if a member is acting as an agent of the organization and the organization
> has held the agent out as representing the organization or acknowledged the
> agency relationship then the organization will be liable for the member's
> actions (indemnity). An example of agency would be were members set up
> conferences like AppSec USA and sign contracts for the venue, food,
> services, etc. on behalf of OWASP. So there is indemnity of members in
> certain cases.
>
I believe this addresses my request and is therefore similar to my
experience in NSW, Australia i.e.
http://www.fairtrading.nsw.gov.au/Cooperatives_and_associations/Associations/Incorporated_associations.html#What_is_the_associations_liability
Does this indemnity extend to:
1. Libel/slander on OWASP Mailing Lists and Chapter Meetings or Conferences?
2. Lack of OH&S, such as an attendee breaking their arm in a fall at an
OWASP Chapter Meeting or Conference?
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org>
wrote:
> But requiring OWASP to indemnify all of its members would be a tremendous
> legal burden. Especially if the member is not acting as an agent for OWASP.
> This would open OWASP to potential liability for actions that any member
> partakes (hacking government institutions, negligence, as well as other
> criminal and civil torts).
>
The above would then be addressed by their employer's indemnity insurance -
correct?
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:
> I have to say this is an unreasonable request and it is not related to
> Americans trying to control everything.
>
I deliberately avoided making reference to this - rather I am interested in
the difference between the USA and Australian (State) Laws regarding "Not
For Profits".
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:
> I attended this year's OWASP leadership conference in Lisbon, Portugal.
> This conference was not held in the states. And although it was a pain
> flying to Europe from the US I think we had good representation of members
> outside of the US for leadership purposes. This shows that OWASP is
> globally centric and not US centric.
>
I might address the Summit in a separate thread. However, the OWASP
Community has extended beyond Europe and USA.
On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:
> Come guys, OWASP wants to support and reach out to the world.
>
Thanks for taking the time to clarify this in detail.
--
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110811/b73861ce/attachment.html
More information about the OWASP-Leaders
mailing list