[Owasp-leaders] #x Re: Help and Pray for Nepal

Noreen Whysel noreen.whysel at owasp.org
Mon May 4 00:58:17 UTC 2015


In my most recent emails and in the news flash I indicated that one of the best ways the AppSec Community can help is by reminding our friends, family and networks to be cautious and give only via known relief agencies. Many unsavory people tragedies like this to prey on our feelings of grief. Let's use our knowledge and expertise in security to ensure that our response to this tragedy is safe and effective.

OWASP has a specific mission to fund application security projects, which is governed by US nonprofit law. If OWASP members wish to give privately or band together to raise funds outside of OWASP allocations, that would be a good way to help. If you want to create a project that involves developing an AppSec solution for relief/recovery support even better (though I am honestly not sure what that would look like, maybe someone is creative enough to figure that out).

There is no question that Nepal and other areas affected by tragedy are in dire need of support. We can help the most by preaching safe, secure giving through trusted relief organizations.

Noreen Whysel
Community Manager
OWASP Foundation

> On May 3, 2015, at 6:58 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org> wrote:
> 
> (modded the subject to not to interfere with Larry's message)
> 
> I strongly oppose contributing OWASP funds to Nepal disaster or any other of many suffering places on the Earth. There are organizations and communities created for that purpose. (And I guess unfortunately a number of such organizations are just exploiting the scheme of getting the money for emotionally moving causes and simply stealing it enroute or at the place.)
> 
> I personally also oppose abstract help by OWASP community to Nepal even by selling tshirts and transfering that money to credible aid channels. Why not selling tshirts that we help homeless persons in our cities or fight with any day-to-day tragedies at our location that we comfortably live with as with something none-of-our-business?! 
> 
> As OWASP we can only help the guys of Nepal chapter if they need it -- that (they) would be our responsibility if any. 
> 
> Regards,
> 
> Timur
> 
> 
>> On Mon, May 4, 2015 at 12:11 AM, Larry Conklin <larry.conklin at owasp.org> wrote:
>> Hello Everyone, I wanted to add my thoughts to this conversation...
>> 
>> I like that Eoin wants OWASP to contribute to Nepal but I am not convenience that using foundation money is the best way forward. It is the most easy and quickest way to get funding to Nepal but I have reservations about giving money to Nepal chapter or a large sum of money to any relief organization on a short notice. 
>> 
>>  
>> 
>> While I am confident they wont do any thing wrong and am also feel that someone at sometime will make it an issue.
>> 
>>  
>> 
>> My biggest objection is not to make Nepal a one-off situation. In 2014 natural disasters claimed the lives of more than 2,700 people and caused about US $42 billion in damage worldwide in 2014. In any month we can expect natural disaster to claim lives and unfortunately countries like Nepal with high poverty and large low-incomes have more of their citizens at risk when a natural disaster hits.
>> 
>>  
>> 
>> I do totally agree with Eoin that OWASP should not just stand by and do nothing or act as separate individuals. OWASP is a community and as a community we are much stronger then any individual.
>> 
>>  
>> 
>> I would like to see three things happen.
>> 
>> 
>> 
>> Have the OWASP foundation support in creating some kind of tee shirt that we can sell at all OWASP conferences and at chapter meetings where profit proceeds at year-end are given to a recognized relief organization(s). I hope someone can come up with something better but it would be something like “OWASP helps in protecting both cyber and physical space”. Foundation would cover the startup cost only and be repaid. There is some risk to the foundation in not being repaid.
>> Second is something we do here in Oklahoma with two of our large user conferences as part of or a discount of the conference fee is to accept can food items which goes to the local communities food bank. It’s not only people on the other side of the world that needs help but also people in our own communities.
>> Last we could offer pen testing/security vulnerabilities bug hunts for relief organizations at our conferences with their permission. Maybe free or reduce fee for qualified IT folks at relief organizations to our conferences.
>>  
>> 
>> This way Nepal isn’t a one off situation and OWASP is actively involved all year long. I realize that Eoin’s idea is a much faster approach that meets an immediate need and my ideas are a much longer approach but I think they are also a more sustainable approach.
>> 
>> 
>> 
>> Tobias and everyone can we see if my ideas will fit within the OWASP community?
>> 
>> 
>> 
>> Thank you.
>> 
>> Larry Conklin
>> 
>> 
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>> 
>>> On Fri, May 1, 2015 at 5:33 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> Dear Eoin, 
>>> 
>>> I can inquire with our operations team and can ask for legal advise on that matter, but I am afraid and quite certain that things are not that simple. In fact, I am quite certain that by law all our funds are bound to our mission purpose as defined in our charity's bylaws. 
>>> 
>>> Let me explain a bit: 
>>> If we were a for-profit organisation, we would have more freedom. But OWASP is a charity and the foundation has a specified mission and purpose. We can spend money on things within that purpose, but not outside of it. And giving to a disaster relieve fund would be outside of the OWASP mission as stated in our bylaws. (btw. that is also the reason why you basically never see any charity give to another that is not directly within its mission scope....) 
>>> Further, even if individual income is not explicitly dedicated to a project or single chapter, all money OWASP receives is for the purpose of our mission as our income is taxed under our status as a charity and the funds are mixed with donations etc. And furthermore, we have a fiduciary duty to make sure that all donations and money received are used for the designated purpose. 
>>> 
>>> If an officer or a board member would redirect funds for purposes that are not in line with the OWASP mission, that person would indeed be personally liable for misappropriation, to the community, to our donors, to the state, to audits, etc. 
>>> 
>>> As I said, I think it is commendable to donate for a good cause. And I do donate from my own money for such causes and btw. also for OWASP, which is also a good cause. 
>>> 
>>> So my suggestion is that we, you, I and everyone who wants, donate from our own personal money for such good causes. That has two benefits: 1. we give more for good causes (because we are not attempting to redirect money from one charity to another, but give from our own money) and 2. we do not misappropriate funds away from the OWASP charity and risk loosing our designation or that we could face serious charges of fraud and misappropriation of funds for the organisation and the responsible officers and staff. 
>>> 
>>> I hope this explanation is clear enough. I am not a lawyer, but I have encountered this question before and I try to recite the reasoning as good as it has been explained to me in the past. 
>>> 
>>> Hope that helps. And please feel encouraged to donate to other charities for disaster relief and more to help our friends in Nepal and many other places around the world. I definitely will do so. And hopefully others will, too. There is still so much to be done. 
>>> 
>>> With warm regards, 
>>> 
>>> Tobias
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On 01/05/15 12:25, Eoin Keary wrote:
>>>> Tobias, I'm certainly happy for OWASP to donate edgescans 2015 corporate membership funds and also Appsec 2015 silver sponsorship funds to a good cause like Nepal. I don't think such funds are ring-fenced in any way. 
>>>> 
>>>> 
>>>> Eoin Keary
>>>> BCC Risk Advisory - edgescan
>>>> CTO
>>>> 
>>>> 
>>>> On 1 May 2015, at 00:46, Tobias <tobias.gondrom at owasp.org> wrote:
>>>> 
>>>>> Hi Eoin, 
>>>>> 
>>>>> my heart and thoughts go out to the victims of this tragic disaster and their families. And I will donate from my own money to the relieve programs and encourage others to follow that example. 
>>>>> 
>>>>> But I do not believe, we as OWASP can use money donated to OWASP for the purpose of the OWASP mission and re-donate for another purpose. The funds we receive have been given to us for the sole purpose of the OWASP mission and it can create serious legal problems if we would attempt to re-purpose funds donated to OWASP for another task. 
>>>>> 
>>>>> So my suggestion is that people should donate to the helping charity organisations individually. Maybe you like to do so, too? 
>>>>> 
>>>>> And if there are OWASP activities that are in line with our OWASP mission that could help our friends in Nepal through that, we should consider doing them. Maybe you have some             practical ideas. Maybe there is an open source team that can help with some ideas or code a project for the rebuild. Or in a couple of months when Nepal is rebuilding, we host an OWASP chapter event and send a speaker to help rebuild activity in the Nepal security communities. Open for ideas.
>>>>> 
>>>>> Best regards, Tobias
>>>>> 
>>>>> 
>>>>> 
>>>>>> On 30/04/15 22:01, Eoin Keary wrote:
>>>>>> Whatever works. I believe money travels faster but helping is what is most important..
>>>>>> I'd like to see if we can get approval first from the foundation?
>>>>>> 
>>>>>> Eoin Keary
>>>>>> BCC Risk Advisory - edgescan
>>>>>> CTO
>>>>>> 
>>>>>> 
>>>>>> On 30 Apr 2015, at 18:42, John Patrick Lita <john.patrick.lita at owasp.org> wrote:
>>>>>> 
>>>>>>> Eion i agree +1, but if we Directly Buy Food and Water and Send them Directly to Nepal? we can Address the Goods one of our chapter in Nepal?
>>>>>>> 
>>>>>>>> On Thu, Apr 30, 2015 at 10:14 AM, Matthew Parsons <mparsons at parsonsisconsulting.com> wrote:
>>>>>>>> +1 I agree with donating the money. 
>>>>>>>> Matt 
>>>>>>>> 
>>>>>>>> Sent from my iPhone
>>>>>>>> 
>>>>>>>> On Apr 30, 2015, at 11:50 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>>>>>> 
>>>>>>>>> I'd suggest the foundation donate €10,000 to the Red Cross. I'm sure from memory the foundation has the funds.
>>>>>>>>> Who's with me!!??
>>>>>>>>> 
>>>>>>>>> Eoin Keary
>>>>>>>>> BCC Risk Advisory - edgescan
>>>>>>>>> CTO
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> On 29 Apr 2015, at 17:47, Riotaro OKADA <riotaro.okada at owasp.org> wrote:
>>>>>>>>> 
>>>>>>>>>> Hello Leaders,
>>>>>>>>>> 
>>>>>>>>>> The Nepal chapter lead Gaurab Raj Pant has contacted me today,
>>>>>>>>>> and told me their situation.
>>>>>>>>>> 
>>>>>>>>>> ================================
>>>>>>>>>> As I’m sure you already know, a devastating 7.6 Richter scale
>>>>>>>>>> earthquake hit Nepal on the 25th April 2015, at 11: 58 AM, destroying
>>>>>>>>>> many historical landmarks, houses, roads and killing approx. 3725
>>>>>>>>>> people in 48 of 75 districts in Nepal while the death toll still
>>>>>>>>>> continues to rise.
>>>>>>>>>> 
>>>>>>>>>> Continued tremors are still being felt, meaning everyone is out on the
>>>>>>>>>> open area where ever they can find. Should tremors continue (which has
>>>>>>>>>> stopped for the last few hours) and if people are out like this, we
>>>>>>>>>> are likely to see huge challenge of basic supplies like water and also
>>>>>>>>>> major public health disaster. If tremors stop and people can go to
>>>>>>>>>> their homes and their life, Kathmandu, for the most part, should be
>>>>>>>>>> fine. Outside Kathmandu, the situation is severe. Thousands are now
>>>>>>>>>> homeless, have lost all supplies to the quakes, students have passed
>>>>>>>>>> away, and community members continue to cry out for help but to no
>>>>>>>>>> avail. From what we have seen in our attempt to provide relief, there
>>>>>>>>>> has been no effort from the government or other agencies in rural
>>>>>>>>>> Nepal.
>>>>>>>>>> 
>>>>>>>>>> Please help Nepalese.
>>>>>>>>>> ================================
>>>>>>>>>> 
>>>>>>>>>> And he and his family are safe so far, but living at tents in open space.
>>>>>>>>>> People need Medical, Tents, Cloths, water purifier continuously, though
>>>>>>>>>> Red Cross has fed these. As for chapter members, some could be
>>>>>>>>>> connected safe but still some are not still connected, Gaurab said.
>>>>>>>>>> 
>>>>>>>>>> I do not have enough information to help them but I strongly encourage
>>>>>>>>>> all of you chapter leads to find how to help Nepal's people and society
>>>>>>>>>> from various ways.
>>>>>>>>>> 
>>>>>>>>>> Thanks,
>>>>>>>>>> 
>>>>>>>>>> Rio
>>>>>>>>>> 
>>>>>>>>>> -- 
>>>>>>>>>> Riotaro OKADA
>>>>>>>>>> OWASP Japan Chapter
>>>>>>>>>> Leader
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> -- 
>>>>>>> Best Regrads
>>>>>>> John Patrick Lita
>>>>>>> Chapter Leader OWASP Manila
>>>>>>> FB Page @OwaspManila
>>>>>>> https://www.owasp.org/index.php/Manila
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-manila
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> 
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> 
> 
> This message may contain confidential information - you should handle it accordingly.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150503/cd1a5e2f/attachment-0001.html>


More information about the OWASP-Leaders mailing list