[Owasp-leaders] Indemnity

mark curphey mark at curphey.com
Thu Aug 11 00:17:43 EDT 2011


Great response, advice and noted. Thanks. 

On Aug 10, 2011, at 8:34 PM, Jeff Williams wrote:

> Hi Mark,
>  
> I appreciate the sentiment, but recognize that in a community with over 300 project and chapter leaders we need rules, and that means discussion about rules.  Some of these discussions have been very interesting and immensely important for OWASP.  Frankly, most leaders ignore these messages except when they’re really passionate about something.  And of course there are a few leaders who seem driven to make a big deal about nothing at all.
>  
> All of this, including your message and my response here have already happened countless times in countless other communities.  Despite your message, I know that you have a strong interest in the creation of community.  You’ve proven that you have the ability to get people focused and motivated.  I hope you’ll use those skills to keep OWASP going strong and attract new leaders.
>  
> Everyone please, don’t get sucked into discussions that are not productive.  Refuse to be terrorized.
>  
> --Jeff
>  
>  
> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of mark curphey
> Sent: Wednesday, August 10, 2011 11:06 PM
> To: Christian Heinrich
> Cc: <global_membership_committee at lists.owasp.org>; OWASP Leaders
> Subject: Re: [Owasp-leaders] Indemnity
>  
> Please forgive what maybe a naive message. Having been away form OWASP for a number of years I just don't recognize the project I left or understand how things work these days. 
>  
> This list seems to be focus on beuraucracy and administivia (neither of which I personally have any interest in). Is there a "leaders" list where project leaders focus on improving the state of application security, discussing ways to make OWASP have more impact or share ideas on how individual projects can be better? If so I would like to unsubscribe for this list and join that one. 
>  
> I look forward to hearing from you. 
>  
> Cheers!
>  
> Mark
>  
>  
>  
> On Aug 10, 2011, at 6:28 PM, Christian Heinrich wrote:
> 
> 
> Abraham,
> 
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:
> Most companies have an indemnity clause in their bylaws because officers and directors have a fiduciary duty to the company.  A fiduciary duty entails a Duty of Loyalty and Duty of Care.  
>  
> What is the difference between a "Company" and a "Not for Profit Foundation" i.e. OWASP as defined by USA Law?
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote: 
> A duty of loyalty requires officers and directors to place the interests of the organization above their own.  This implies that officers and directors cannot usurp opportunities for themselves which could have be taken by the organization unless notifying non-interested directors and getting approval or if the organization would not be able to avail itself of the opportunity.  If an officer or director breaches this duty they can be sued.  However, the indemnity will only apply when the officer or director does not have an adverse ruling against him/her in the proceeding.  If the officer or director is found to have acted in bad faith they, individually, he/she will be responsible for paying their attorney's fees (no indemnity and accountability). 
>  
> On a slight tangent, does the above paragraph infer that OWASP Board Members have to declare all commercial opportunities, i.e. webappsec product or professional service, delivered by their respective employer?
>  
> I am very much in favor of reducing perceived conflict of interests within the OWASP Board.
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote: 
> Members do not have a fiduciary duty to the organization per se.  However, if a member is acting as an agent of the organization and the organization has held the agent out as representing the organization or acknowledged the agency relationship then the organization will be liable for the member's actions (indemnity).  An example of agency would be were members set up conferences like AppSec USA and sign contracts for the venue, food, services, etc. on behalf of OWASP.  So there is indemnity of members in certain cases.
>  
> I believe this addresses my request and is therefore similar to my experience in NSW, Australia i.e. http://www.fairtrading.nsw.gov.au/Cooperatives_and_associations/Associations/Incorporated_associations.html#What_is_the_associations_liability
>  
> Does this indemnity extend to:
> 1. Libel/slander on OWASP Mailing Lists and Chapter Meetings or Conferences?
> 2. Lack of OH&S, such as an attendee breaking their arm in a fall at an OWASP Chapter Meeting or Conference?   
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:  
> But requiring OWASP to indemnify all of its members would be a tremendous legal burden. Especially if the member is not acting as an agent for OWASP.  This would open OWASP to potential liability for actions that any member partakes (hacking government institutions, negligence, as well as other criminal and civil torts).
>  
> The above would then be addressed by their employer's indemnity insurance - correct?
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:   
> I have to say this is an unreasonable request and it is not related to Americans trying to control everything.  
>  
> I deliberately avoided making reference to this - rather I am interested in the difference between the USA and Australian (State) Laws regarding "Not For Profits". 
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:    
> I attended this year's OWASP leadership conference in Lisbon, Portugal.  This conference was not held in the states.  And although it was a pain flying to Europe from the US I think we had good representation of members outside of the US for leadership purposes.  This shows that OWASP is globally centric and not US centric.
>  
> I might address the Summit in a separate thread.  However, the OWASP Community has extended beyond Europe and USA.
>  
> On Thu, Aug 11, 2011 at 1:04 AM, Abraham Kang <abraham.kang at owasp.org> wrote:    
> Come guys, OWASP wants to support and reach out to the world.
>  
> Thanks for taking the time to clarify this in detail.
> 
> -- 
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110810/1266567d/attachment-0001.html 


More information about the OWASP-Leaders mailing list