[Owasp-leaders] [Governance] Request - Survey - Implementation process on higher decisions

Matt Tesauro matt.tesauro at owasp.org
Wed Aug 19 13:28:46 UTC 2015

Actually, when I was on the Board, Kate and I were working on cleaning up /
optimizing some of the accounts during my time as treasurer.  Housekeeping
things like making sure all accounts were Foundation accts and had more
then one person with signature authority, etc.

Anyway, Kate had looked into a 'corporate credit card'  for the Foundation
which could create sub-accounts with limited credit and spending

The board at that time didn't want to proceed with that but I liked the
idea.  For example, a mini-summit could get a card with $1,000 USD limit
for the organizing team to cover last minute expenses/problems.  The
Foundation would get the bill and review the expenses to ensure they were
spent appropriately.  We could do the same for conference teams but with a
higher balance.

The program Kate investigated even allowed restricting classifications of
spending like don't let the card be used to buy fuel or dining, etc.

It seems like a great way to get the community spending but with the
necessary checks and balances to ensure the charity status and mission is
faithfully fulfilled.

Kate, Paul and the staff would have to revisit the implementation details
but I believe extending a bit of trust via limited credit card would help
get funds moving for our mission.

Matt's 2 cents.

-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
On Aug 18, 2015 4:15 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

> How about giving debit cards to project leaders with credit limits set to
> their budgets - when needed?
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me at AppSecUSA <http://appsecusa.org/> 2015!
> On Aug 18, 2015, at 10:58 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> For liability reasons, I don't see OWASP issuing credit cards to our
> leaders.  That said, we do have an OWASP credit card that the staff has the
> ability to use.  If there's something that you need, and you don't have the
> ability to have the cost expensed back to you, just fill out the Contact Us
> form and request assistance with payment from the staff.  If they have an
> issue with it (which I highly doubt they would), let me know, and I'll put
> it on my personal card and request the reimbursement myself.  ;-)
> ~josh
> On Tue, Aug 18, 2015 at 3:28 PM, Steven van der Baan <steven at vdbaan.net>
> wrote:
>> >
>> >> The limit of USD2,000- for supporting a project leader a year is for
>> most leaders not enough. If a leader outside US or EU is invited to
>> blackhat , that amount is not enough to cover his traveling expenses.  And
>> thats the maximum he can have in a year after filling on forms and going
>> through some back-and-forth emails with the staff...
>> >
>> >
>> > Ahhhhh, finally we get to the root of the issue.  The issue isn't that
>> money isn't available, because, frankly, we had a significant amount of
>> money budgeted last year that wasn't used.  The issue is that there is a
>> cap on what any one project leader can request/spend.  My personal opinion
>> here is that this $2k cap should be treated as a guideline, not a rule.  It
>> is likely in place to prevent abuse by having a significant amount of money
>> from the pool go to any one individual.  But, that cap certainly should not
>> prevent the OWASP Foundation from investing in the projects, and people
>> behind the projects, to make them better.  The Board entrusts Paul, as
>> Executive Director, and the OWASP staff to handle the day-to-day operations
>> of the OWASP Foundation.  Part of their job is to review these types of
>> requests in order to determine whether they make sense and there are funds
>> available.  That said, if you get to a point where you feel that they are
>> being unreasonable, the Board can certainly step in and try to determine if
>> an exception should be made.  So, net-net, maybe that $2k cap is too low.
>> Should we raise it?  If so, what should it be?  What amount would be
>> reasonable for any one individual to consume from that shared pool of
>> funds?  Guidelines can be changed.  Guidelines can even be overruled for
>> the right reasons.  This is a relatively minor issue that it sounds like
>> should be re-evaluated given rising costs, bigger budget pools, unused
>> funds, etc.  Can you please come up with a reasonable proposal here and I
>> will take that to the Board for approval to change this guideline?
>> >
>> I don't think that the monetary cap is the issue, I believe it's the (not
>> so) ease of access to said funds. Not everybody can afford to have their
>> project costs expensed back to them, there should be a possibility
>> (hopefully there is one) to have a "OWASP Credit card" that can be used.
>> Cheers,
>> Steven.
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150819/10f84a6d/attachment.html>

More information about the OWASP-Leaders mailing list