[Owasp-leaders] OWASP Board, Rebooted

Jim Manico jim.manico at owasp.org
Tue Jan 11 07:19:45 EST 2011


Eoin,

These are great questions. The purpose of my email was to "get the
conversation started" and I appreciate your and everyone elses
participation and opinions.

We are definitely going to have an OWASP Governance entire TRACK at the
summit with several working sessions. I'm one of the folks managing the
summit schedule, so I promise it will happen. :)

http://www.owasp.org/index.php/Category:Summit_2011_Tracks#Category:_Summit_2011_OWASP_Governance_Track

> if a request gets enough signatures
> (from OWASP leaders in good standing) it should just be the board's
> task to
> simply signoff? Problem is there is only so much money available so
> we need
> to do this at the start of every quarter or every 6 months in order to
> appoint budget.

My thinking is that committees should be given a budget and set loose.
Committees should be able to rock and roll without having to get
approval from the board. The board should step in when responsibilities
are not met.

Again my main conjecture is that the board (which I feel is a
responsibility, not an "award") should be one step removed from the
operations of the organization. Most of the board members are active in
operational and committee issues, which is pretty unique for a
non-profit and is often considered to be a conflict of interest.

I feel we need a smaller board of fundraising centric, guidance centric
folks who delegate responsibility to the committees. I WANT most of the
board to stay active in committee!

This is not right or wrong, just one individuals subjective opinion.

Again, my goal here is not to push my agenda, but to stoke conversation
over OWASP governance issues in preparation for the summit.

With Respect,
Jim




> I have to agree with the idea of empowering committee members more.....
> 
> Committee members "put it out there" try to take responsibility for driving
> goals. Industry and Conference committees are great examples and of vital
> importance to OWASP if we want to grow.
> 
> Regarding fundraising, the majority of it is from conferences. Private
> organisations can either donate via membership or sponsorship of projects,
> events.
> 
> As a board member I don't believe the board should be the final decision
> makers on many issues such as budget. We need to develop mechanics wherein
> we can leave these decisions to the committees but trust needs to be
> developed for obvious reasons.....how do we do this? Do the individuals need
> to be established leaders with a proven track record of delivery and
> leadership? The boards role is more of a governance role and they should
> have the right to decline a request but that needs to be based on a core set
> of principles.
> The board are currently developing core values which should feed into said
> principles.
> 
> Should we have a decision tree where; if a request gets enough signatures
> (from OWASP leaders in good standing) it should just be the board's task to
> simply signoff? Problem is there is only so much money available so we need
> to do this at the start of every quarter or every 6 months in order to
> appoint budget. Is this decision a joint task of the committee leads so
> there is a cross-approval process which shall lend itself to transparency
> and openness?
> 
> Do we need a session with the committee leads to discuss governance at the
> summit, methinks we do.
> 
> Looking forward to meeting you all at the summit.
> -ek
> On 9 January 2011 17:09, Jim Manico <jim.manico at owasp.org> wrote:
> 
>>  One of the things I do at OWASP is poke my nose into several committees
>> to see what they are up to. J
>>
>>
>>
>> Lately, there has been a great deal of anger directed at the board, and I
>> think it’s time for a board policy reboot.
>>
>>
>>
>> I have experience working in non-profits prior to OWASP. Board/volunteer
>> conflict is very common in non-profits, and it’s easier to fix these kinds
>> of problems from the top-down.
>>
>>
>>
>> First of all, what is the primary role of any non-profit board member?
>> Fundraising and more fundraising. At least 80% of board members time, by my
>> estimate, should be dedicated to fundraising.  Second, board members should
>> not be involved in the operations of a non-profit. They should set policy
>> and guidance (fiduciary oversight), but should let the volunteers and staff
>> run the day to day operations.
>>
>>
>>
>> What I see is the exact opposite. We have board members getting deeply
>> involved with operations, often over-riding committee decisions or dictating
>> operational decisions without consulting with the appropriate committees.
>>  This is very harmful to the organization.  But we also have a history where
>> some committees do not fully execute or take responsibility – in these
>> situations the board has no choice but to step in.
>>
>>
>>
>> I invite you to read http://www.idea.org/board.html - it mirrors some of
>> my (and others) thoughts about how a non-profit board should run.
>>
>>
>>
>> Although I’m stating that we need to reboot the board, we also need to
>> reboot clarifying committee responsibilities. This goes for me and my
>> contributions to OWASP as well.
>>
>>
>>
>> The summit is coming up soon – I’m sure this topic will come up in a
>> working session. Conflict can and will be converted into solutions there.  I
>> hope you can make it, it’s going to be a great show.
>>
>>
>>
>> Regards,
>>
>> Jim Manico
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> 
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list