[Owasp-leaders] #x Re: Help and Pray for Nepal

Jim Manico jim.manico at owasp.org
Mon May 4 01:08:36 UTC 2015


Noreen, very well said. I think your astute suggestion is the perfect union
between honoring the laws that govern our charity while still helping those
in need.

If anyone wants to take this and turn it into a project so we are prepared
to spread this message anytime disaster strikes, please consider doing so.

Ideally we should make a clear announcement to be weary of donation fraud
much closer to the actual incident. This will help direct funds to the
right charities and help protect consumers.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

On May 3, 2015, at 5:59 PM, Noreen Whysel <noreen.whysel at owasp.org> wrote:

In my most recent emails and in the news flash I indicated that one of the
best ways the AppSec Community can help is by reminding our friends, family
and networks to be cautious and give only via known relief agencies. Many
unsavory people tragedies like this to prey on our feelings of grief. Let's
use our knowledge and expertise in security to ensure that our response to
this tragedy is safe and effective.

OWASP has a specific mission to fund application security projects, which
is governed by US nonprofit law. If OWASP members wish to give privately or
band together to raise funds outside of OWASP allocations, that would be a
good way to help. If you want to create a project that involves developing
an AppSec solution for relief/recovery support even better (though I am
honestly not sure what that would look like, maybe someone is creative
enough to figure that out).

There is no question that Nepal and other areas affected by tragedy are in
dire need of support. We can help the most by preaching safe, secure giving
through trusted relief organizations.

Noreen Whysel
Community Manager
OWASP Foundation

On May 3, 2015, at 6:58 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>
wrote:

(modded the subject to not to interfere with Larry's message)

I strongly oppose contributing OWASP funds to Nepal disaster or any other
of many suffering places on the Earth. There are organizations and
communities created for that purpose. (And I guess unfortunately a number
of such organizations are just exploiting the scheme of getting the money
for emotionally moving causes and simply stealing it enroute or at the
place.)

I personally also oppose abstract help by OWASP community to Nepal even by
selling tshirts and transfering that money to credible aid channels. Why
not selling tshirts that we help homeless persons in our cities or fight
with any day-to-day tragedies at our location that we comfortably live with
as with something none-of-our-business?!

As OWASP we can only help the guys of Nepal chapter if they need it -- that
(they) would be our responsibility if any.

Regards,

Timur


On Mon, May 4, 2015 at 12:11 AM, Larry Conklin <larry.conklin at owasp.org>
wrote:

> Hello Everyone, I wanted to add my thoughts to this conversation...
>
> I like that Eoin wants OWASP to contribute to Nepal but I am not
> convenience that using foundation money is the best way forward. It is the
> most easy and quickest way to get funding to Nepal but I have reservations
> about giving money to Nepal chapter or a large sum of money to any relief
> organization on a short notice.
>
>
>
> While I am confident they wont do any thing wrong and am also feel that
> someone at sometime will make it an issue.
>
>
>
> My biggest objection is not to make Nepal a one-off situation. In 2014
> natural disasters claimed the lives of more than 2,700 people and caused
> about US $42 billion in damage worldwide in 2014. In any month we can
> expect natural disaster to claim lives and unfortunately countries like
> Nepal with high poverty and large low-incomes have more of their citizens
> at risk when a natural disaster hits.
>
>
>
> I do totally agree with Eoin that OWASP should not just stand by and do
> nothing or act as separate individuals. OWASP is a community and as a
> community we are much stronger then any individual.
>
>
>
> I would like to see three things happen.
>
>
>
>    1. Have the OWASP foundation support in creating some kind of tee
>    shirt that we can sell at all OWASP conferences and at chapter meetings
>    where profit proceeds at year-end are given to a recognized relief
>    organization(s). I hope someone can come up with something better but
>    it would be something like “OWASP helps in protecting both cyber and
>    physical space”. Foundation would cover the startup cost only and be
>    repaid. There is some risk to the foundation in not being repaid.
>    2. Second is something we do here in Oklahoma with two of our large
>    user conferences as part of or a discount of the conference fee is to
>    accept can food items which goes to the local communities food bank. It’s
>    not only people on the other side of the world that needs help but also
>    people in our own communities.
>    3. Last we could offer pen testing/security vulnerabilities bug hunts
>    for relief organizations at our conferences with their permission. Maybe
>    free or reduce fee for qualified IT folks at relief organizations to our
>    conferences.
>
>
>
> This way Nepal isn’t a one off situation and OWASP is actively involved
> all year long. I realize that Eoin’s idea is a much faster approach that
> meets an immediate need and my ideas are a much longer approach but I think
> they are also a more sustainable approach.
>
>
> Tobias and everyone can we see if my ideas will fit within the OWASP
> community?
>
>
> Thank you.
>
> Larry Conklin
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Fri, May 1, 2015 at 5:33 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  Dear Eoin,
>>
>> I can inquire with our operations team and can ask for legal advise on
>> that matter, but I am afraid and quite certain that things are not that
>> simple. In fact, I am quite certain that by law all our funds are bound to
>> our mission purpose as defined in our charity's bylaws.
>>
>> Let me explain a bit:
>> If we were a for-profit organisation, we would have more freedom. But
>> OWASP is a charity and the foundation has a specified mission and purpose.
>> We can spend money on things within that purpose, but not outside of it.
>> And giving to a disaster relieve fund would be outside of the OWASP mission
>> as stated in our bylaws. (btw. that is also the reason why you basically
>> never see any charity give to another that is not directly within its
>> mission scope....)
>> Further, even if individual income is not explicitly dedicated to a
>> project or single chapter, all money OWASP receives is for the purpose of
>> our mission as our income is taxed under our status as a charity and the
>> funds are mixed with donations etc. And furthermore, we have a fiduciary
>> duty to make sure that all donations and money received are used for the
>> designated purpose.
>>
>> If an officer or a board member would redirect funds for purposes that
>> are not in line with the OWASP mission, that person would indeed be
>> personally liable for misappropriation, to the community, to our donors, to
>> the state, to audits, etc.
>>
>> As I said, I think it is commendable to donate for a good cause. And I do
>> donate from my own money for such causes and btw. also for OWASP, which is
>> also a good cause.
>>
>> So my suggestion is that we, you, I and everyone who wants, donate from
>> our own personal money for such good causes. That has two benefits: 1. we
>> give more for good causes (because we are not attempting to redirect money
>> from one charity to another, but give from our own money) and 2. we do not
>> misappropriate funds away from the OWASP charity and risk loosing our
>> designation or that we could face serious charges of fraud and
>> misappropriation of funds for the organisation and the responsible officers
>> and staff.
>>
>> I hope this explanation is clear enough. I am not a lawyer, but I have
>> encountered this question before and I try to recite the reasoning as good
>> as it has been explained to me in the past.
>>
>> Hope that helps. And please feel encouraged to donate to other charities
>> for disaster relief and more to help our friends in Nepal and many other
>> places around the world. I definitely will do so. And hopefully others
>> will, too. There is still so much to be done.
>>
>> With warm regards,
>>
>> Tobias
>>
>>
>>
>>
>>
>> On 01/05/15 12:25, Eoin Keary wrote:
>>
>> Tobias, I'm certainly happy for OWASP to donate edgescans 2015 corporate
>> membership funds and also Appsec 2015 silver sponsorship funds to a good
>> cause like Nepal. I don't think such funds are ring-fenced in any way.
>>
>>
>> Eoin Keary
>> BCC Risk Advisory - edgescan
>> CTO
>>
>>
>> On 1 May 2015, at 00:46, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>>   Hi Eoin,
>>
>> my heart and thoughts go out to the victims of this tragic disaster and
>> their families. And I will donate from my own money to the relieve programs
>> and encourage others to follow that example.
>>
>> But I do not believe, we as OWASP can use money donated to OWASP for the
>> purpose of the OWASP mission and re-donate for another purpose. The funds
>> we receive have been given to us for the sole purpose of the OWASP mission
>> and it can create serious legal problems if we would attempt to re-purpose
>> funds donated to OWASP for another task.
>>
>> So my suggestion is that people should donate to the helping charity
>> organisations individually. Maybe you like to do so, too?
>>
>> And if there are OWASP activities that are in line with our OWASP mission
>> that could help our friends in Nepal through that, we should consider doing
>> them. Maybe you have some practical ideas. Maybe there is an open source
>> team that can help with some ideas or code a project for the rebuild. Or in
>> a couple of months when Nepal is rebuilding, we host an OWASP chapter event
>> and send a speaker to help rebuild activity in the Nepal security
>> communities. Open for ideas.
>>
>> Best regards, Tobias
>>
>>
>>
>> On 30/04/15 22:01, Eoin Keary wrote:
>>
>> Whatever works. I believe money travels faster but helping is what is
>> most important..
>> I'd like to see if we can get approval first from the foundation?
>>
>> Eoin Keary
>> BCC Risk Advisory - edgescan
>> CTO
>>
>>
>> On 30 Apr 2015, at 18:42, John Patrick Lita <john.patrick.lita at owasp.org>
>> wrote:
>>
>>   Eion i agree +1, but if we Directly Buy Food and Water and Send them
>> Directly to Nepal? we can Address the Goods one of our chapter in Nepal?
>>
>> On Thu, Apr 30, 2015 at 10:14 AM, Matthew Parsons <
>> mparsons at parsonsisconsulting.com> wrote:
>>
>>>  +1 I agree with donating the money.
>>> Matt
>>>
>>> Sent from my iPhone
>>>
>>> On Apr 30, 2015, at 11:50 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>
>>>   I'd suggest the foundation donate €10,000 to the Red Cross. I'm sure
>>> from memory the foundation has the funds.
>>> Who's with me!!??
>>>
>>> Eoin Keary
>>> BCC Risk Advisory - edgescan
>>> CTO
>>>
>>>
>>> On 29 Apr 2015, at 17:47, Riotaro OKADA <riotaro.okada at owasp.org> wrote:
>>>
>>>  Hello Leaders,
>>>
>>> The Nepal chapter lead Gaurab Raj Pant has contacted me today,
>>> and told me their situation.
>>>
>>> ================================
>>> As I’m sure you already know, a devastating 7.6 Richter scale
>>> earthquake hit Nepal on the 25th April 2015, at 11: 58 AM, destroying
>>> many historical landmarks, houses, roads and killing approx. 3725
>>> people in 48 of 75 districts in Nepal while the death toll still
>>> continues to rise.
>>>
>>> Continued tremors are still being felt, meaning everyone is out on the
>>> open area where ever they can find. Should tremors continue (which has
>>> stopped for the last few hours) and if people are out like this, we
>>> are likely to see huge challenge of basic supplies like water and also
>>> major public health disaster. If tremors stop and people can go to
>>> their homes and their life, Kathmandu, for the most part, should be
>>> fine. Outside Kathmandu, the situation is severe. Thousands are now
>>> homeless, have lost all supplies to the quakes, students have passed
>>> away, and community members continue to cry out for help but to no
>>> avail. From what we have seen in our attempt to provide relief, there
>>> has been no effort from the government or other agencies in rural
>>> Nepal.
>>>
>>> Please help Nepalese.
>>> ================================
>>>
>>> And he and his family are safe so far, but living at tents in open space.
>>> People need Medical, Tents, Cloths, water purifier continuously, though
>>>  Red Cross has fed these. As for chapter members, some could be
>>>  connected safe but still some are not still connected, Gaurab said.
>>>
>>> I do not have enough information to help them but I strongly encourage
>>> all of you chapter leads to find how to help Nepal's people and society
>>> from various ways.
>>>
>>> Thanks,
>>>
>>> Rio
>>>
>>> --
>>> Riotaro OKADA
>>> OWASP Japan Chapter
>>> Leader
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>   _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>>      Best Regrads
>> John Patrick Lita
>>  *Chapter Leader OWASP Manila*
>> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
>> https://www.owasp.org/index.php/Manila
>> https://lists.owasp.org/mailman/listinfo/owasp-manila
>>  <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

This message may contain confidential information - you should handle it
accordingly.

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150503/0379d328/attachment-0001.html>


More information about the OWASP-Leaders mailing list