[Owasp-leaders] [Owasp-board] Please provide a status update to the membership

Bev Corwin bev.corwin at owasp.org
Tue Oct 28 19:50:49 UTC 2014


Thanks Helen, Yes, our staff are awesome, we should help them when we can.
Best wishes, Bev

On Tue, Oct 28, 2014 at 3:01 PM, Helen Gao <helen.gao at owasp.org> wrote:

> Hi Bev.
>
> I agree with you and others that the staffs are doing their best, and
> often beyond expectation. Glad you brought up honorary membership. A link
> seems to be broken.See below from the election page
> <https://www.owasp.org/index.php/2014_Board_Elections>.I will report this
> to OWASP separately just in case. There is always an honorary membership
> program even before I chaired the membership committee around 2011 &2012.
>
> *ALL* qualified individuals *MUST* apply for Honorary Membership in order
> to vote by completing the Honorary Membership Form
> <http://www.tfaforms.com/330146>
> Regards,
>
> Helen Gao
>
> On Thu, Oct 16, 2014 at 12:13 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> Hello again,
>>
>> I think that there should be some reasonable response time expectations
>> from OWASP staff (and members) regarding issues related to honorary
>> membership, governance, events, most things in general, etc. I realize that
>> staff are often overwhelmed, and going above and beyond any reasonable
>> expectation, most of the time, however, we should have some kind of
>> "resilience" volunteer system to back them up when they are not able to
>> respond in a "reasonable" amount of time, yet to be determined. A few years
>> ago I also completed an OWASP honorary membership form and never received
>> any recognition that it was ever received or under consideration. It was
>> during a time when I was volunteering quite a bit for OWASP, and as a "dues
>> paying" member of several other professional associations, decided to give
>> it a try. I gave up and eventually moved OWASP to a higher priority level
>> in my "professional associations" hierarchy, therefore giving it standing
>> in my "memberships" budget. There are so many excellent OWASP volunteers,
>> it would make sense to use them for organizational resiliency in important
>> times of governance special needs.
>>
>> Bev
>>
>>
>> On Wed, Oct 15, 2014 at 10:18 PM, Andrew van der Stock <
>> vanderaj at owasp.org> wrote:
>>
>>> Thanks Kate, I really appreciate your efforts in assisting me with my
>>> membership this year.
>>>
>>> Thanks Josh for organising this.
>>>
>>> I believe once we know the magnitude of the issue, Bev's idea of an
>>> extension to voting for a period after the official close is the best way
>>> forward. That will give expired members a chance to renew and participate
>>> once the ED knows how many are affected.
>>>
>>> Can the ED please keep us informed, I will leave this for a period of
>>> time to allow the team to figure out how many are affected and to put
>>> resolutions in place, but we need to know some answers before voting closes
>>> next week.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>> Sent from my iPad
>>>
>>> On 16 Oct 2014, at 1:11 pm, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>> Andrew,
>>>
>>> It is viewable now thanks to super-Kate and her late night efforts to
>>> support us!  Unfortunately, I'm honestly not sure why this document was
>>> included in the Bylaws.  It is very specific to the 2012 elections, but
>>> does illustrate that this is not a process either run or moderated by the
>>> Board.  This process is firmly in the hands of our ED and Operations Team
>>> in order to maintain objectivity.
>>>
>>> ~josh
>>>
>>> On Wed, Oct 15, 2014 at 8:52 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>>
>>>> Andrew,
>>>>
>>>> Action by the Board to "determine if any candidates are not in good
>>>> standing and make a decision as to how to deal with that" could be
>>>> misconstrued as the Board tampering with the election and is not part of
>>>> the Board role in this process.  The Executive Director and Operations Team
>>>> is responsible for our elections process.  This includes every single one
>>>> of the bullet points that you mention in your e-mail.  Our staff is
>>>> actively seeking to do these things and being technical or non-technical is
>>>> irrelevant.  As Eoin pointed out, it is NOT the Board's job to manage the
>>>> election process.  This is not in the bylaws (
>>>> https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf).
>>>> Honestly, I'm not sure about the election policy and procedure referenced
>>>> in Section 3.02 as I do not have access to it either.  I have requested
>>>> access and will send an inquiry to the operations team to get it publicly
>>>> viewable ASAP.  Hopefully that document will help to address some of your
>>>> assertions regarding who is responsible for what.
>>>>
>>>> ~josh
>>>>
>>>> On Wed, Oct 15, 2014 at 4:09 PM, Andrew van der Stock <
>>>> vanderaj at owasp.org> wrote:
>>>>
>>>>> Eoin
>>>>>
>>>>> I am not asking the Board to get in there and deal with the technical
>>>>> stuff, I *am* asking the Board to
>>>>>
>>>>> * Determine what will happen if there is a significant number of
>>>>> disenfranchised members
>>>>> * Determine if any candidates are not in good standing and make a
>>>>> decision as to how to deal with that that complies with the by laws
>>>>> * Determine if there needs to be a delay or a re-do
>>>>> * Determine what will happen if there are challenges to the election
>>>>> or its process
>>>>> * Communicate with us
>>>>>
>>>>> None of those things are technical. None of those things stop the
>>>>> technical folks fixing the glitch. That should be happening in
>>>>> parallel, which it appears to be so. Let's let them do their job.
>>>>>
>>>>> At the same time, the Board needs to do their job, which is to manage
>>>>> the election process as per the by laws and providing advice or
>>>>> guidance around the election by laws when asked.
>>>>>
>>>>> I would ask that the election by laws be put into anonymous read only
>>>>> mode as it's in the PDF of the official OWASP by laws, but no one can
>>>>> see it right now without being granted permission:
>>>>>
>>>>>
>>>>> https://docs.google.com/a/owasp.org/document/d/1A16CEWCebTC_vadzSsaGFsuvBD94HhkbgHKBZr6shII/edit
>>>>>
>>>>> thanks
>>>>> Andrew
>>>>>
>>>>> On Thu, Oct 16, 2014 at 3:21 AM, Eoin Keary <eoin.keary at owasp.org>
>>>>> wrote:
>>>>> > Please Board, do not get involved in this process!!
>>>>> > Stay away and let our great staff deal with this.
>>>>> >
>>>>> >
>>>>> > Eoin Keary
>>>>> > Owasp Global Board
>>>>> > +353 87 977 2988
>>>>> >
>>>>> >
>>>>> > On 15 Oct 2014, at 15:26, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>> >
>>>>> > +1 for Josh.
>>>>> > I can fully support Josh's statements.
>>>>> >
>>>>> > I know things may look calm on the outside, but let me assure you
>>>>> the whole
>>>>> > team (incl. the board) takes this as the highest priority and there
>>>>> is very
>>>>> > high activity on the inside by everyone pulling together to get this
>>>>> > analysed and fixed ASAP.
>>>>> >
>>>>> > As you know the election is still open for another 9 days until
>>>>> Oct-24
>>>>> > (https://www.owasp.org/index.php/2014_Board_Elections), so please
>>>>> have a
>>>>> > little more patience and give our team a chance to fix it. And based
>>>>> on the
>>>>> > findings we will decide on what to do in addition - hopefully we
>>>>> know more
>>>>> > in a few hours.
>>>>> >
>>>>> > Best wishes, Tobias
>>>>> >
>>>>> >
>>>>> > Tobias Gondrom
>>>>> > OWASP Global Board Member
>>>>> >
>>>>> >
>>>>> > On 15/10/14 15:10, Josh Sokol wrote:
>>>>> >
>>>>> > Andrew,
>>>>> >
>>>>> > I had at least half a dozen emails back and forth yesterday related
>>>>> to my
>>>>> > issue with not receiving the voting email and Kelly was well engaged
>>>>> with me
>>>>> > and SimplyVoting.  They tracked my particular issue down to having
>>>>> > unsubscribed to a SimplyVoting email during the WASPY awards
>>>>> process.  My
>>>>> > issue was just one of many reported and being worked on.  Kate, who
>>>>> was in
>>>>> > training this week, was pulled from it in order to work on these
>>>>> issues.
>>>>> > This is item #1 on the ops team's plate and they are laser focused
>>>>> on making
>>>>> > sure this process is being handled professionally and without
>>>>> missing votes.
>>>>> > Your concerns are very valid and are all being investigated.   If
>>>>> there is
>>>>> > cause to pause the election process, I assure you that it will be
>>>>> done.  I
>>>>> > do want to say, however, that this is an operations issue and Board
>>>>> > involvement beyond supporting the ops team could constitute
>>>>> tampering with
>>>>> > the election process.  We need to work diligently, yet judiciously,
>>>>> in order
>>>>> > to ensure the process is fair for everyone involved.  There were
>>>>> several
>>>>> > emails on this topic yesterday along with a TON of ops team
>>>>> activity, and an
>>>>> > update is planned for today.  Keep in mind that its early morning on
>>>>> day 2
>>>>> > here in the US where the ops team is based.  I'm not saying that
>>>>> there isn't
>>>>> > a problem, but patience is definitely a virtue when you want to make
>>>>> sure
>>>>> > that things are handled properly.  Please give the ops team a chance
>>>>> to
>>>>> > research what happened and communicate it out before assuming that
>>>>> the issue
>>>>> > is just being ignored.  Thank you.
>>>>> >
>>>>> > Sincerely,
>>>>> >
>>>>> > Josh Sokol
>>>>> >
>>>>> > On Oct 15, 2014 7:16 AM, "Andrew van der Stock" <vanderaj at owasp.org>
>>>>> wrote:
>>>>> >>
>>>>> >> Michael and the Board,
>>>>> >>
>>>>> >> I write to you formally to request a status update on the global
>>>>> OWASP
>>>>> >> Board of Directors election process, in particular, I implore the
>>>>> >> current Board to take affirmative action to investigate and manage a
>>>>> >> resolution to the technical hitches in membership and balloting, and
>>>>> >> if necessary delay the election, so that all eligible members can
>>>>> >> vote. There is no activity on the Board list to address this issue,
>>>>> >> and this, too, needs to be addressed.
>>>>> >>
>>>>> >> Members need to have trust of the integrity of the balloting
>>>>> >> (enfranchisement) and voting processes. There are rules posted
>>>>> >> regarding the process and deadlines, and for at least some (and
>>>>> >> possibly many) members, these deadlines have been missed by the
>>>>> OWASP
>>>>> >> Foundation. There is no current membership list. Members have
>>>>> expired
>>>>> >> and not been renewed or processed and have missed out on receiving
>>>>> >> their vote to the election. It is entirely possible that some of the
>>>>> >> candidates, through no fault of their own, are not in good standing.
>>>>> >> We just don't know.
>>>>> >>
>>>>> >> The only semi-official message in relation to my queries so far is
>>>>> >> "please don't be inflammatory". That is simply not good enough. I am
>>>>> >> not sledging the ops team - that is not my intent - but I am saying
>>>>> >> there is an critical issue and it is not being managed or
>>>>> communicated
>>>>> >> properly, and that requires Board oversight.
>>>>> >>
>>>>> >> In Australia, we recently had to send an entire state back to
>>>>> re-vote
>>>>> >> their senate because our electoral commission lost 1300 votes, which
>>>>> >> was more votes than the winning margin. I don't ever recall any open
>>>>> >> source project or Foundation ever having this type of problem
>>>>> before.
>>>>> >> I hope that it's a small issue that can be addressed in a timely and
>>>>> >> comprehensive fashion.
>>>>> >>
>>>>> >> Please as a matter of urgency, please work out and communicate with
>>>>> >> all the members, (and not just those on the leaders list):
>>>>> >>
>>>>> >> * What is the Board's position on challenges to the election,
>>>>> >> postponing or delaying the vote to get the membership and balloting
>>>>> >> right, or doing a re-run?
>>>>> >>
>>>>> >> * Were renewal notices sent out to expiring and expired members in a
>>>>> >> timely fashion to make the September 30 renewal eligibility
>>>>> deadline?
>>>>> >>
>>>>> >> * If not, will OWASP be e-mailing or making contact with all expired
>>>>> >> members to see if they wanted to renew and give them a vote in the
>>>>> >> election? If so, when will this occur? Will it occur by the time
>>>>> >> voting closes?
>>>>> >>
>>>>> >> * Are all current Board candidates in good standing? If not, will
>>>>> the
>>>>> >> Board reach out to the candidates in question, and offer them back
>>>>> >> dated honorary membership to comply with the bylaws? Or will they be
>>>>> >> ineligible to stand?
>>>>> >>
>>>>> >> * Are all membership renewals (paid, lifetime, and honorary)
>>>>> submitted
>>>>> >> prior to September 30 now processed?
>>>>> >>
>>>>> >> * If so, is there an up to date membership list that does not date
>>>>> >> back to April 8, 2014? Can this be added to the OWASP Board 2014
>>>>> >> elections page?
>>>>> >>
>>>>> >> * As the CRM process wasn't working for some time, what steps are
>>>>> the
>>>>> >> Board putting into place to ensure that it is fixed and monitored
>>>>> for
>>>>> >> the next election?
>>>>> >>
>>>>> >>
>>>>> >> These questions have to be answered. No answer is simply not an
>>>>> >> option. I don't mind if you take these on notice and reply in
>>>>> pieces,
>>>>> >> but please communicate frequently, openly and honestly with us.
>>>>> >>
>>>>> >> I know the vote is open until next week, but I feel that even if
>>>>> there
>>>>> >> are only a handful of members piping up on the Leaders mailing list
>>>>> >> today, the CRM process has been broken for at least two months,
>>>>> which
>>>>> >> covers about 15% of members. It may have been broken as far back as
>>>>> >> April 8 when the membership list was seemingly last generated, which
>>>>> >> covers around 45-50% of the members.
>>>>> >>
>>>>> >> Simply enrolling those who pipe up in one venue misses those who
>>>>> don't
>>>>> >> hang out on the Leaders list and disenfranchises those who might
>>>>> have
>>>>> >> wanted a say in OWASP's future. If this is actually a small issue,
>>>>> it
>>>>> >> should be easy to determine: compare July, August's and September's
>>>>> >> membership totals with that from the year before. If the totals are
>>>>> >> reduced, then there is a problem of a known magnitude. But without
>>>>> an
>>>>> >> accurate and up to date membership list, we cannot determine if
>>>>> there
>>>>> >> are disenfranchised members or how many have been potentially
>>>>> >> disenfranchised.
>>>>> >>
>>>>> >> I gave the ops team nearly two month's notice that something wasn't
>>>>> >> right, and stayed in fairly constant communication during that
>>>>> time. I
>>>>> >> even gave a heads up about my fellow candidates, who I sincerely
>>>>> hope
>>>>> >> have their membership sorted so OWASP members have a geographically
>>>>> >> varied and interesting selection of candidates to choose from.
>>>>> >>
>>>>> >> I've been here since very nearly the beginning, I don't think I've
>>>>> >> ever seen such disarray in our internal processes, especially such
>>>>> key
>>>>> >> processes that directly elect the Board.
>>>>> >>
>>>>> >> I implore the Board to take this very seriously. Please communicate
>>>>> >> clearly and frequently with us on next steps. If the Board or the
>>>>> >> Foundation needs time - more time than there exists until the end of
>>>>> >> voting, I am more than willing to give the benefit of the doubt to
>>>>> >> ensure that we have an open, transparent membership and voting
>>>>> system
>>>>> >> with integrity for a vote to be open to all members, not just those
>>>>> >> unaffected by the technical glitches. I can't speak for the other
>>>>> >> candidates, but please ask them too. I'd rather this be done right.
>>>>> >>
>>>>> >> I am reachable on +61 451 057 580 if you want a chat, but I am
>>>>> UTC+11,
>>>>> >> which makes it tricky during US business hours.
>>>>> >>
>>>>> >> thanks,
>>>>> >> Andrew
>>>>> >> _______________________________________________
>>>>> >> Owasp-board mailing list
>>>>> >> Owasp-board at lists.owasp.org
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> >
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > Owasp-board mailing list
>>>>> > Owasp-board at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > Owasp-board mailing list
>>>>> > Owasp-board at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Helen Gao, CISSP
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141028/b82deb0a/attachment-0001.html>


More information about the OWASP-Leaders mailing list