[Owasp-leaders] Indemnity

mark curphey mark at curphey.com
Wed Aug 10 23:06:26 EDT 2011


Please forgive what maybe a naive message. Having been away form OWASP for a number of years I just don't recognize the project I left or understand how things work these days. 

This list seems to be focus on beuraucracy and administivia (neither of which I personally have any interest in). Is there a "leaders" list where project leaders focus on improving the state of application security, discussing ways to make OWASP have more impact or share ideas on how individual projects can be better? If so I would like to unsubscribe for this list and join that one. 

I look forward to hearing from you. 

Cheers!

Mark



On Aug 10, 2011, at 6:28 PM, Christian Heinrich wrote:

> Abraham,
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:
> Most companies have an indemnity clause in their bylaws because officers and directors have a fiduciary duty to the company.  A fiduciary duty entails a Duty of Loyalty and Duty of Care.  
> 
> What is the difference between a "Company" and a "Not for Profit Foundation" i.e. OWASP as defined by USA Law?
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote: 
> A duty of loyalty requires officers and directors to place the interests of the organization above their own.  This implies that officers and directors cannot usurp opportunities for themselves which could have be taken by the organization unless notifying non-interested directors and getting approval or if the organization would not be able to avail itself of the opportunity.  If an officer or director breaches this duty they can be sued.  However, the indemnity will only apply when the officer or director does not have an adverse ruling against him/her in the proceeding.  If the officer or director is found to have acted in bad faith they, individually, he/she will be responsible for paying their attorney's fees (no indemnity and accountability). 
> 
> On a slight tangent, does the above paragraph infer that OWASP Board Members have to declare all commercial opportunities, i.e. webappsec product or professional service, delivered by their respective employer?
> 
> I am very much in favor of reducing perceived conflict of interests within the OWASP Board.
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote: 
> Members do not have a fiduciary duty to the organization per se.  However, if a member is acting as an agent of the organization and the organization has held the agent out as representing the organization or acknowledged the agency relationship then the organization will be liable for the member's actions (indemnity).  An example of agency would be were members set up conferences like AppSec USA and sign contracts for the venue, food, services, etc. on behalf of OWASP.  So there is indemnity of members in certain cases.
> 
> I believe this addresses my request and is therefore similar to my experience in NSW, Australia i.e. http://www.fairtrading.nsw.gov.au/Cooperatives_and_associations/Associations/Incorporated_associations.html#What_is_the_associations_liability
> 
> Does this indemnity extend to:
> 1. Libel/slander on OWASP Mailing Lists and Chapter Meetings or Conferences?
> 2. Lack of OH&S, such as an attendee breaking their arm in a fall at an OWASP Chapter Meeting or Conference?   
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:  
> But requiring OWASP to indemnify all of its members would be a tremendous legal burden. Especially if the member is not acting as an agent for OWASP.  This would open OWASP to potential liability for actions that any member partakes (hacking government institutions, negligence, as well as other criminal and civil torts).
> 
> The above would then be addressed by their employer's indemnity insurance - correct?
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:   
> I have to say this is an unreasonable request and it is not related to Americans trying to control everything.  
> 
> I deliberately avoided making reference to this - rather I am interested in the difference between the USA and Australian (State) Laws regarding "Not For Profits". 
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:    
> I attended this year's OWASP leadership conference in Lisbon, Portugal.  This conference was not held in the states.  And although it was a pain flying to Europe from the US I think we had good representation of members outside of the US for leadership purposes.  This shows that OWASP is globally centric and not US centric.
> 
> I might address the Summit in a separate thread.  However, the OWASP Community has extended beyond Europe and USA.
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:    
> Come guys, OWASP wants to support and reach out to the world.
> 
> Thanks for taking the time to clarify this in detail.
> 
> 
> -- 
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110810/cd94a61b/attachment-0001.html 


More information about the OWASP-Leaders mailing list