[Owasp-leaders] Project money

psiinon psiinon at gmail.com
Thu Jul 17 12:49:55 UTC 2014


Right now people can explicitly donate money to individual projects, would
this no longer be the case?
What will happen to funds already allocated to projects?

I must admit I'm not so happy with this suggestion, but I guess thats not
surprising given that it looks like ZAP has the most funds of any project.
Having said that we have a proposal which may exceed these funds, so I
might actually want to dip into a large shared pot!

Cheers,

Simon


On Thu, Jul 17, 2014 at 1:27 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> My view is keep it simple.
>
> Funds should be allocated to a large shared owasp projects fund. Project
> leaders should be able to propose a drawdown of funds where required. Small
> amounts should not need board approval (up to $3k).
>
> All funding requests need to be followed by receipts and invoices such
> that we can keep track of funds and what the spend was on.
>
> If this is abused we may need to tighten up but I don't feel it will from
> past experience.
>
> -ek
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 17 Jul 2014, at 11:59, Tobias <tobias.gondrom at owasp.org> wrote:
>
> Hi Larry,
>
> thank you very much for your idea and I agree with you. Proper spending
> and management of our funds is essential for our organisation. So this
> would be a general "up" from me.
>
> Maybe some additional thoughts on your points:
>
> "I am proposing the following change. Purpose here is to create a
> two-person authorization to pay expenses and to create transparency of
> project expenses."
>
> A: In my understanding the current procedure is a two-person
> authorization: the project leader and the OWASP Projects Manager being the
> two person to authorise the spending. (note: in general project leaders can
> not spend funds on themselves.) Do you think we need more controls?
>
> Regarding your specific suggestions:
>
> "Monies to be paid must meet the following criteria:
> 1. A description of the expenses on how this relates to the project.
> 2. Expense must be published on OWASP wiki project page prior to being
> paid.
> 3. OWASP staff member and a project leader/project support person or a
> designated OWASP project person must validate and prove the expense."
>
> #1: I believe, when you submit requests for reimbursements today you
> already have to fill in the description in the reimbursement form.
> #2: I am a bit concerned with administrative overhead for the project
> leads to do that. As they already filled out the reimbursement form with
> all that information, maybe we could try to use automated reports that
> document all expenses (instead of manually adding content to the wiki). And
> considering that our staff is currently over-busy, I would not want to put
> the admin burden on staff to verify for each transaction that the expenses
> have been published on the project wiki page.
> #3: I agree with that. And my understanding is that that is already the
> case in practice. Project Lead submitting the request (first authorisation
> step) and project manager (which was staff) validating request (2nd
> authorisation step)
>
> As I have the feeling, that we are already doing #1 and #3, I am not quite
> sure where to go from here. I would see the benefit of looking into how we
> can produce automatic spending reports and publishing them to the projects.
>
> Am I missing something?
>
> All the best, Tobias
>
>
> Ps.: small question: may I ask, why you would want to exclude OWASP broad
> member or elect OWASP board member from being a project designate? Do you
> see a conflict of interest here? (Just fyi: today, individual board members
> do not have any special authority to sign-off in this chain, except for
> Michael who has been designated as interim ED for a while for the time
> after Sarah's departure, so only in his executive function, but not his
> role as board member.). Equally board members are not forbidden to take
> part in normal OWASP activities or lead projects or chapters as any other
> OWASP leader. E.g. I am for example helping out on the London chapter
> board, and as in any other chapter with such co-leader roles, I sometimes
> review and agree with my chapter leaders requests for funding for chapter
> expenses for local events.... (two-person review and authorization). Do you
> see this as a problem?
>
>
>
> On 13/07/14 03:37, Larry Conklin wrote:
>
> Because of previous email(s) the subject of project money has come up. I
> want to let everyone know to the best of my knowledge the money for the
> Code Review project has been spent correctly and nothing is amiss.
>
>  I do believe there is an opportunity to improve the expense payment
> process of project expenses. Please feel free to change to text(add,
> delete, change). A discussion on actual policy is much better then a
> useless email(s) discussion that does not make any change(s) to improve
> OWASP. Our mission is to important.
>
>  The current URL for OWASP policy grant spending:
> https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>
>
>
> I would like to see the board make an up or down vote to on the following
> change to the policy and have this change be made part of the actual policy
> instead of being a guideline.
>
>
>
> Here is the guideline I want to be made as actual policy….
>
> 3. *All expenses to be made using grant awarded funds must be
> pre-approved by the OWASP Projects Manager.*
>
>
>
> I am proposing the following change. Purpose here is to create a
> two-person authorization to pay expenses and to create transparency of
> project expenses.
>
>
>
> Item 3: Expenses to be paid out of project funds (grant and non-grant
> funds) should be submitted to OWASP staff to be paid. The submitter will be
> the  project designate with a complete description of the expenses (project
> designate cannot be a OWASP broad member or elect OWASP board member).
>  Prior to submitting the expense to be paid the expense must be published
> on the project wiki page. Monies to be paid must meet the following
> criteria.
>
>
>
>    1. A description of the expenses on how this relates to the project.
>     2. Expense must be published on OWASP wiki project page prior to
>    being paid.
>     3. OWASP staff member and a project leader/project support person or
>    a designated OWSP project person must validate and prove the expense.
>
>
>        Larry Conklin, CISSP (Co-Leader for Code Review Project)
>
>  L
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140717/574536a4/attachment-0001.html>


More information about the OWASP-Leaders mailing list