[Owasp-leaders] (Why the need to enable the use of OWASP chapter funds) Re: Membership funds

Dinis Cruz dinis.cruz at owasp.org
Fri Jun 7 10:33:55 UTC 2013

Tim's solution (see below) is great and we should apply it now (using data
from the last year). The only thing I would change is to remove the C (soft
cap) and  P (hard cap). This would have a net positive result for all
chapters (and not move the money to the 'OWASP mothership' which is a very
sensitive topic).

For the ones really interested in this thread/topic, you should read the
amazing Seth Godin's post Non-profits have a charter to be
really explains why OWASP (as an organisation) as the DUTY and moral
responsibility to spend its available funds, to experiment, to get things
done, etc....)

The other very important question is *WHY!  *(as explained by the also
amazing 'Why how what' presentation by Simon

Why does OWASP need money?
Why do chapters need money?
Why should owasp leaders use their political/business/personal capital in
becoming a 'vendor' for OWASP?

In my view, OWASP needs money to *Get Stuff Done!*
And although there is always an idea that OWASP funds will be massively
wasted, the reality (just look back at History) is that *It is very hard to
spend OWASP Money*
The best examples are the dormant funds in the Chapters, the Project Reboot
funds that have barely been used and (my failed attempt) at the GSD project
(Get Stuff Done) <https://www.owasp.org/index.php/OWASP_GSD_Project> which
has *3k USD that any of you could spend TODAY*

As I mentioned in my OWASP Revenue Splits and the "Non-profits have a
charter to be innovators"<http://blog.diniscruz.com/2012/12/owasp-revenue-splits-and-non-profits.html>
OWASP has a* 'How to spend the money' *problem and in the 160k USD
available to OWASP Chapters and
in April 2012 hence the smaller amount) I wrote:

*In fact, the 160k USD currently available, shows that the model is not
working as well as it should, i.e. OWASP leaders are not spending (i.e.
investing) the money make available to them!*
*I think there are two reasons for it:*

   - *spending money in an organization like OWASP is not easy*
   - *there is an idea that 'money should be kept' in the bank since it is
   not wise to spend it all (i.e. be fiscally conservative)*

*The problem here is that the amount of missed opportunities caused by the
non-spending on these funds ie enormous, but because that is very hard to
measure (how do you quantify missed opportunities?), it is hard to
visualize the solutions and ideas we have not executed on.*
*I think that one way to help the chapters to spend the $ allocated to them
is for them to 'invest' in OWASP Projects under a program like the one I
present at OWASP Project Reboot 2012 - Here is a better model

What is great about such* 'owasp chapters global fund' *is that:

   - It moves the discussion from '*how much money do I have*' to '*what
   should I do with the funds available*'
   - It really supports the chapters that don't have a lot of funds today
   - It can also also benefit chapters with substancial funds today, since
   there is no reason why they can't also access those resources
   - it promotes accountability and ownership of funds allocated
   - it puts an 'artificial' timeline on the use of funds allocated (i.e.
   there is a 'pressure' to deliver)
   - it helps to find the OWASP leaders who know how to spend OWASP funds
   and make magic happen (like Fabio with the Latam and EU tours)
   - It empowers action, and promotes the idea that '*we trust our chapter
   leaders to do the right thing'*
   - it documents the places where OWASP funds are used (making those
   ideas/actions easy to replicated)
   - it also documents the failed experiments (which are healthy, but don't
   need to be repeated :)  ).
   - it stops the 'ownership of funds' and 'lets keep it in a safe place'
   that we currently have
   - It can dramatically simplify how the funds are accessed since there
   will be a central point of contact and pot (with better/faster processes
   that world worldwide)
   - it turns up the volume/pressure on the '*% of OWASP funds used',  *since
   everytime *something that could happen, doesn't happen, *OWASP misses
   an opportunity (and we need some 'urgency' and focus on 'not lossing
   those opportunities).

See the rules I wrote down at the GSD
project<https://www.owasp.org/index.php/OWASP_GSD_Project> for
how this could work in practice.

Like I mentioned before, I don't really care about where the money is, and
what percentages there are in place (in fact history is showing us how
divisive those splits can be). The point is that *OWASP Funds MUST be
available to Who wants to use them!*
And as I listed in I wish that OWASP in 2014
it would be great that one day we will have at OWASP:

   - *....*
   - *a model where OWASP leaders are empowered to make financial
   decisions/commitments and spend the available OWASP funds in the way they
   believe is best, with no (very little) questions asked and very fast
   approval cycles (see the GSD project for details)
   - *....*

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2

On 6 June 2013 17:35, Tim <tim.morgan at owasp.org> wrote:

> Yes, this is what came to my mind as well.  Incorporating Dinis
> suggestion and some of my own ideas, what about this:
> Individual membership dues: 75% to chapter, 25% to foundation
> Corporate membership dues: 25% to chapter, 75% to foundation
> Conference/event profits: 25% to chapter, 75% to foundation
> Let C be the chapter funds "soft" cap
> Let P be the shared chapter pool "hard" cap
> Once per year, do the following:
>  For any chapter with funds greater than C, move %50 of any excess
>  funds C into a shared chapter pool
>  If the the chapter pool is greater than P, move all excess funds to
>  the global foundation
> Any chapters can "overdraw" their chapter account and pull from the
> chapter pool.  Perhaps some kind of limit should be put on how much
> any given chapter pulls from the shared pool in a year.
> Reasoning:
> I think individual membership dues are important to keep with the
> chapter.  It encourages contribution and participation at the local
> level.  Corporate membership is probably not quite the same in that
> way.  Also, I'm guessing individual membership dues are not the
> biggest contributor to chapter funds right now (whereas conferences
> and corporate contributions probably are), so it isn't going to cause
> a big lockup of funds by putting more of the individual dues toward a
> chapter.
> In this system, the shared chapter pool is not so much different than
> what we are doing this year in 2013 where a $500 overdraw was offered
> to poor chapters.  I think this overdraw ability is *very* useful to
> new chapters.
> Of course all suggested numbers above are negotiable, it's just a
> framework for more fairly unlocking excess funds.
> tim
> On Thu, Jun 06, 2013 at 03:38:50PM +0100, Daniel Turner wrote:
> > What about if the split was left the same as it is now so chapters can
> > access funds as needed, but after a period of time, say the financial
> year,
> > unspent funds were lost and used for OWASP as a whole?
> >
> >
> > On Thu, Jun 6, 2013 at 3:21 PM, Eoin <eoin.keary at owasp.org> wrote:
> >
> > > Hello leaders,
> > >
> > > There is a foundation proposal to remove the split 60/40 from the
> > > individual membership dues. 100% if the funding goes to the foundation.
> > > The funds are to be used to hire additional staff but also what prompts
> > > this is the lack of spending.....
> > >
> > > Chapters simply are not spending their funds and we have 0000's
> building
> > > up in owasp bank accounts, all ring fenced and going nowhere!!
> > >
> > > Please share your thoughts with myself and the board.
> > >
> > >
> > >
> > > Eoin Keary
> > > Owasp Global Board
> > > +353 87 977 2988
> > >
> > > _______________________________________________
> > > OWASP-Leaders mailing list
> > > OWASP-Leaders at lists.owasp.org
> > > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130607/4d2214a2/attachment.html>

More information about the OWASP-Leaders mailing list