[Owasp-leaders] Project money

Tobias tobias.gondrom at owasp.org
Thu Jul 17 16:02:29 UTC 2014


Simon,
I fully agree with you. Projects are attractive elements for sponsors.
And sponsors can directly see the tangible results from their support.
So it is important that we continue allowing people to sponsor projects.
It is also very good that projects can try to raise some finance through
this directly, as project leaders may know best how to approach sponsors
for their particular project.
Cheers, Tobias


Tobias Gondrom
OWASP Global Board Member


On 17/07/14 13:49, psiinon wrote:
> Right now people can explicitly donate money to individual projects,
> would this no longer be the case?
> What will happen to funds already allocated to projects?
>
> I must admit I'm not so happy with this suggestion, but I guess thats
> not surprising given that it looks like ZAP has the most funds of any
> project.
> Having said that we have a proposal which may exceed these funds, so I
> might actually want to dip into a large shared pot!
>
> Cheers,
>
> Simon
>
>
> On Thu, Jul 17, 2014 at 1:27 PM, Eoin Keary <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
>     My view is keep it simple. 
>
>     Funds should be allocated to a large shared owasp projects fund.
>     Project leaders should be able to propose a drawdown of funds
>     where required. Small amounts should not need board approval (up
>     to $3k). 
>
>     All funding requests need to be followed by receipts and invoices
>     such that we can keep track of funds and what the spend was on.
>
>     If this is abused we may need to tighten up but I don't feel it
>     will from past experience.
>
>     -ek
>
>
>
>     Eoin Keary
>     Owasp Global Board
>     +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>
>
>     On 17 Jul 2014, at 11:59, Tobias <tobias.gondrom at owasp.org
>     <mailto:tobias.gondrom at owasp.org>> wrote:
>
>>     Hi Larry,
>>
>>     thank you very much for your idea and I agree with you. Proper
>>     spending and management of our funds is essential for our
>>     organisation. So this would be a general "up" from me.
>>
>>     Maybe some additional thoughts on your points:
>>
>>     "I am proposing the following change. Purpose here is to create a
>>     two-person authorization to pay expenses and to create
>>     transparency of project expenses."
>>
>>     A: In my understanding the current procedure is a two-person
>>     authorization: the project leader and the OWASP Projects Manager
>>     being the two person to authorise the spending. (note: in general
>>     project leaders can not spend funds on themselves.) Do you think
>>     we need more controls?
>>
>>     Regarding your specific suggestions:
>>
>>     "Monies to be paid must meet the following criteria:
>>     1. A description of the expenses on how this relates to the project.
>>     2. Expense must be published on OWASP wiki project page prior to
>>     being paid.
>>     3. OWASP staff member and a project leader/project support person
>>     or a designated OWASP project person must validate and prove the
>>     expense."
>>
>>     #1: I believe, when you submit requests for reimbursements today
>>     you already have to fill in the description in the reimbursement
>>     form.
>>     #2: I am a bit concerned with administrative overhead for the
>>     project leads to do that. As they already filled out the
>>     reimbursement form with all that information, maybe we could try
>>     to use automated reports that document all expenses (instead of
>>     manually adding content to the wiki). And considering that our
>>     staff is currently over-busy, I would not want to put the admin
>>     burden on staff to verify for each transaction that the expenses
>>     have been published on the project wiki page.
>>     #3: I agree with that. And my understanding is that that is
>>     already the case in practice. Project Lead submitting the request
>>     (first authorisation step) and project manager (which was staff)
>>     validating request (2nd authorisation step)
>>
>>     As I have the feeling, that we are already doing #1 and #3, I am
>>     not quite sure where to go from here. I would see the benefit of
>>     looking into how we can produce automatic spending reports and
>>     publishing them to the projects.
>>
>>     Am I missing something?
>>
>>     All the best, Tobias
>>
>>
>>     Ps.: small question: may I ask, why you would want to exclude
>>     OWASP broad member or elect OWASP board member from being a
>>     project designate? Do you see a conflict of interest here? (Just
>>     fyi: today, individual board members do not have any special
>>     authority to sign-off in this chain, except for Michael who has
>>     been designated as interim ED for a while for the time after
>>     Sarah's departure, so only in his executive function, but not his
>>     role as board member.). Equally board members are not forbidden
>>     to take part in normal OWASP activities or lead projects or
>>     chapters as any other OWASP leader. E.g. I am for example helping
>>     out on the London chapter board, and as in any other chapter with
>>     such co-leader roles, I sometimes review and agree with my
>>     chapter leaders requests for funding for chapter expenses for
>>     local events.... (two-person review and authorization). Do you
>>     see this as a problem?
>>
>>
>>
>>     On 13/07/14 03:37, Larry Conklin wrote:
>>>     Because of previous email(s) the subject of project money has
>>>     come up. I want to let everyone know to the best of my knowledge
>>>     the money for the Code Review project has been spent correctly
>>>     and nothing is amiss.
>>>
>>>     I do believe there is an opportunity to improve the expense
>>>     payment process of project expenses. Please feel free to change
>>>     to text(add, delete, change). A discussion on actual policy is
>>>     much better then a useless email(s) discussion that does not
>>>     make any change(s) to improve OWASP. Our mission is to important.
>>>
>>>     The current URL for OWASP policy grant spending:
>>>     https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>>>
>>>      
>>>
>>>     I would like to see the board make an up or down vote to on the
>>>     following change to the policy and have this change be made part
>>>     of the actual policy instead of being a guideline.
>>>
>>>      
>>>
>>>     Here is the guideline I want to be made as actual policy….
>>>
>>>     3. /All expenses to be made using grant awarded funds must be
>>>     pre-approved by the OWASP Projects Manager./ 
>>>
>>>      
>>>
>>>     I am proposing the following change. Purpose here is to create a
>>>     two-person authorization to pay expenses and to create
>>>     transparency of project expenses.
>>>
>>>      
>>>
>>>     Item 3: Expenses to be paid out of project funds (grant and
>>>     non-grant funds) should be submitted to OWASP staff to be paid.
>>>     The submitter will be the  project designate with a complete
>>>     description of the expenses (project designate cannot be a
>>>     OWASP broad member or elect OWASP board member).  Prior to
>>>     submitting the expense to be paid the expense must be published
>>>     on the project wiki page. Monies to be paid must meet the
>>>     following criteria.
>>>
>>>
>>>      1. A description of the expenses on how this relates to the
>>>         project.
>>>      2. Expense must be published on OWASP wiki project page prior
>>>         to being paid.
>>>      3. OWASP staff member and a project leader/project support
>>>         person or a designated OWSP project person must validate
>>>         and prove the expense.
>>>
>>>
>>>           Larry Conklin, CISSP (Co-Leader for Code Review Project)
>>>
>>>     L
>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140717/8d779b0d/attachment.html>


More information about the OWASP-Leaders mailing list