[Owasp-leaders] [Owasp-board] Project money

Fabio Cerullo fcerullo at owasp.org
Thu Jul 17 16:09:56 UTC 2014


I would like to see projects with sufficient budget sponsoring a Projects
Summit for example.

However, I wouldn't enforce a single pot for projects as it might affect
the perception by sponsors/leaders.

Regards
Fabio


On Thu, Jul 17, 2014 at 5:02 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Simon,
> I fully agree with you. Projects are attractive elements for sponsors. And
> sponsors can directly see the tangible results from their support. So it is
> important that we continue allowing people to sponsor projects. It is also
> very good that projects can try to raise some finance through this
> directly, as project leaders may know best how to approach sponsors for
> their particular project.
> Cheers, Tobias
>
>
> Tobias Gondrom
> OWASP Global Board Member
>
>
>
> On 17/07/14 13:49, psiinon wrote:
>
>   Right now people can explicitly donate money to individual projects,
> would this no longer be the case?
> What will happen to funds already allocated to projects?
>
>  I must admit I'm not so happy with this suggestion, but I guess thats not
> surprising given that it looks like ZAP has the most funds of any project.
>  Having said that we have a proposal which may exceed these funds, so I
> might actually want to dip into a large shared pot!
>
>  Cheers,
>
> Simon
>
>
>  On Thu, Jul 17, 2014 at 1:27 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>>  My view is keep it simple.
>>
>>  Funds should be allocated to a large shared owasp projects fund.
>> Project leaders should be able to propose a drawdown of funds where
>> required. Small amounts should not need board approval (up to $3k).
>>
>>  All funding requests need to be followed by receipts and invoices such
>> that we can keep track of funds and what the spend was on.
>>
>>  If this is abused we may need to tighten up but I don't feel it will
>> from past experience.
>>
>>  -ek
>>
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988 <%2B353%2087%20977%202988>
>>
>>
>> On 17 Jul 2014, at 11:59, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>>   Hi Larry,
>>
>> thank you very much for your idea and I agree with you. Proper spending
>> and management of our funds is essential for our organisation. So this
>> would be a general "up" from me.
>>
>> Maybe some additional thoughts on your points:
>>
>> "I am proposing the following change. Purpose here is to create a
>> two-person authorization to pay expenses and to create transparency of
>> project expenses."
>>
>> A: In my understanding the current procedure is a two-person
>> authorization: the project leader and the OWASP Projects Manager being the
>> two person to authorise the spending. (note: in general project leaders can
>> not spend funds on themselves.) Do you think we need more controls?
>>
>> Regarding your specific suggestions:
>>
>> "Monies to be paid must meet the following criteria:
>> 1. A description of the expenses on how this relates to the project.
>> 2. Expense must be published on OWASP wiki project page prior to being
>> paid.
>> 3. OWASP staff member and a project leader/project support person or a
>> designated OWASP project person must validate and prove the expense."
>>
>> #1: I believe, when you submit requests for reimbursements today you
>> already have to fill in the description in the reimbursement form.
>> #2: I am a bit concerned with administrative overhead for the project
>> leads to do that. As they already filled out the reimbursement form with
>> all that information, maybe we could try to use automated reports that
>> document all expenses (instead of manually adding content to the wiki). And
>> considering that our staff is currently over-busy, I would not want to put
>> the admin burden on staff to verify for each transaction that the expenses
>> have been published on the project wiki page.
>> #3: I agree with that. And my understanding is that that is already the
>> case in practice. Project Lead submitting the request (first authorisation
>> step) and project manager (which was staff) validating request (2nd
>> authorisation step)
>>
>> As I have the feeling, that we are already doing #1 and #3, I am not
>> quite sure where to go from here. I would see the benefit of looking into
>> how we can produce automatic spending reports and publishing them to the
>> projects.
>>
>> Am I missing something?
>>
>> All the best, Tobias
>>
>>
>> Ps.: small question: may I ask, why you would want to exclude OWASP broad
>> member or elect OWASP board member from being a project designate? Do you
>> see a conflict of interest here? (Just fyi: today, individual board members
>> do not have any special authority to sign-off in this chain, except for
>> Michael who has been designated as interim ED for a while for the time
>> after Sarah's departure, so only in his executive function, but not his
>> role as board member.). Equally board members are not forbidden to take
>> part in normal OWASP activities or lead projects or chapters as any other
>> OWASP leader. E.g. I am for example helping out on the London chapter
>> board, and as in any other chapter with such co-leader roles, I sometimes
>> review and agree with my chapter leaders requests for funding for chapter
>> expenses for local events.... (two-person review and authorization). Do you
>> see this as a problem?
>>
>>
>>
>> On 13/07/14 03:37, Larry Conklin wrote:
>>
>> Because of previous email(s) the subject of project money has come up. I
>> want to let everyone know to the best of my knowledge the money for the
>> Code Review project has been spent correctly and nothing is amiss.
>>
>>  I do believe there is an opportunity to improve the expense payment
>> process of project expenses. Please feel free to change to text(add,
>> delete, change). A discussion on actual policy is much better then a
>> useless email(s) discussion that does not make any change(s) to improve
>> OWASP. Our mission is to important.
>>
>>  The current URL for OWASP policy grant spending:
>> https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>>
>>
>>
>> I would like to see the board make an up or down vote to on the following
>> change to the policy and have this change be made part of the actual policy
>> instead of being a guideline.
>>
>>
>>
>> Here is the guideline I want to be made as actual policy….
>>
>> 3. *All expenses to be made using grant awarded funds must be
>> pre-approved by the OWASP Projects Manager.*
>>
>>
>>
>> I am proposing the following change. Purpose here is to create a
>> two-person authorization to pay expenses and to create transparency of
>> project expenses.
>>
>>
>>
>> Item 3: Expenses to be paid out of project funds (grant and non-grant
>> funds) should be submitted to OWASP staff to be paid. The submitter will be
>> the  project designate with a complete description of the expenses (project
>> designate cannot be a OWASP broad member or elect OWASP board member).
>>  Prior to submitting the expense to be paid the expense must be published
>> on the project wiki page. Monies to be paid must meet the following
>> criteria.
>>
>>
>>
>>    1. A description of the expenses on how this relates to the project.
>>     2. Expense must be published on OWASP wiki project page prior to
>>    being paid.
>>     3. OWASP staff member and a project leader/project support person or
>>    a designated OWSP project person must validate and prove the expense.
>>
>>
>>        Larry Conklin, CISSP (Co-Leader for Code Review Project)
>>
>>  L
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140717/8e1a71b3/attachment-0001.html>


More information about the OWASP-Leaders mailing list