[Owasp-leaders] #x Re: Help and Pray for Nepal

Timur 'x' Khrotko (owasp) timur at owasp.org
Mon May 4 01:32:02 UTC 2015


May I suggest, that this thread with the modified subject is a branch for
concerns regarding using, re-donating OWASP money for other good causes.

I am sorry to probably divert attention from the Larry's propositions in
the original thread:

I [Larry] would like to see three things happen.
>
>    - Have the OWASP foundation support in creating some kind of tee shirt
>    that we can sell at all OWASP conferences and at chapter meetings where
>    profit proceeds at year-end are given to a recognized relief
>    organization(s). I hope someone can come up with something better but it
>    would be something like “OWASP helps in protecting both cyber and physical
>    space”. Foundation would cover the startup cost only and be repaid. There
>    is some risk to the foundation in not being repaid.
>
>
>    - Second is something we do here in Oklahoma with two of our large
>    user conferences as part of or a discount of the conference fee is to
>    accept can food items which goes to the local communities food bank. It’s
>    not only people on the other side of the world that needs help but also
>    people in our own communities.
>
>
>    - Last we could offer pen testing/security vulnerabilities bug hunts
>    for relief organizations at our conferences with their permission. Maybe
>    free or reduce fee for qualified IT folks at relief organizations to our
>    conferences.
>
>
On Mon, May 4, 2015 at 3:08 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Noreen, very well said. I think your astute suggestion is the perfect
> union between honoring the laws that govern our charity while still helping
> those in need.
>
> If anyone wants to take this and turn it into a project so we are prepared
> to spread this message anytime disaster strikes, please consider doing so.
>
> Ideally we should make a clear announcement to be weary of donation fraud
> much closer to the actual incident. This will help direct funds to the
> right charities and help protect consumers.
>
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On May 3, 2015, at 5:59 PM, Noreen Whysel <noreen.whysel at owasp.org> wrote:
>
> In my most recent emails and in the news flash I indicated that one of the
> best ways the AppSec Community can help is by reminding our friends, family
> and networks to be cautious and give only via known relief agencies. Many
> unsavory people tragedies like this to prey on our feelings of grief. Let's
> use our knowledge and expertise in security to ensure that our response to
> this tragedy is safe and effective.
>
> OWASP has a specific mission to fund application security projects, which
> is governed by US nonprofit law. If OWASP members wish to give privately or
> band together to raise funds outside of OWASP allocations, that would be a
> good way to help. If you want to create a project that involves developing
> an AppSec solution for relief/recovery support even better (though I am
> honestly not sure what that would look like, maybe someone is creative
> enough to figure that out).
>
> There is no question that Nepal and other areas affected by tragedy are in
> dire need of support. We can help the most by preaching safe, secure giving
> through trusted relief organizations.
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On May 3, 2015, at 6:58 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>
> wrote:
>
> (modded the subject to not to interfere with Larry's message)
>
> I strongly oppose contributing OWASP funds to Nepal disaster or any other
> of many suffering places on the Earth. There are organizations and
> communities created for that purpose. (And I guess unfortunately a number
> of such organizations are just exploiting the scheme of getting the money
> for emotionally moving causes and simply stealing it enroute or at the
> place.)
>
> I personally also oppose abstract help by OWASP community to Nepal even by
> selling tshirts and transfering that money to credible aid channels. Why
> not selling tshirts that we help homeless persons in our cities or fight
> with any day-to-day tragedies at our location that we comfortably live with
> as with something none-of-our-business?!
>
> As OWASP we can only help the guys of Nepal chapter if they need it --
> that (they) would be our responsibility if any.
>
> Regards,
>
> Timur
>
>
> On Mon, May 4, 2015 at 12:11 AM, Larry Conklin <larry.conklin at owasp.org>
> wrote:
>
>> Hello Everyone, I wanted to add my thoughts to this conversation...
>>
>> I like that Eoin wants OWASP to contribute to Nepal but I am not
>> convenience that using foundation money is the best way forward. It is the
>> most easy and quickest way to get funding to Nepal but I have reservations
>> about giving money to Nepal chapter or a large sum of money to any relief
>> organization on a short notice.
>>
>>
>>
>> While I am confident they wont do any thing wrong and am also feel that
>> someone at sometime will make it an issue.
>>
>>
>>
>> My biggest objection is not to make Nepal a one-off situation. In 2014
>> natural disasters claimed the lives of more than 2,700 people and caused
>> about US $42 billion in damage worldwide in 2014. In any month we can
>> expect natural disaster to claim lives and unfortunately countries like
>> Nepal with high poverty and large low-incomes have more of their citizens
>> at risk when a natural disaster hits.
>>
>>
>>
>> I do totally agree with Eoin that OWASP should not just stand by and do
>> nothing or act as separate individuals. OWASP is a community and as a
>> community we are much stronger then any individual.
>>
>>
>>
>> I would like to see three things happen.
>>
>>
>>
>>    1. Have the OWASP foundation support in creating some kind of tee
>>    shirt that we can sell at all OWASP conferences and at chapter meetings
>>    where profit proceeds at year-end are given to a recognized relief
>>    organization(s). I hope someone can come up with something better but
>>    it would be something like “OWASP helps in protecting both cyber and
>>    physical space”. Foundation would cover the startup cost only and be
>>    repaid. There is some risk to the foundation in not being repaid.
>>    2. Second is something we do here in Oklahoma with two of our large
>>    user conferences as part of or a discount of the conference fee is to
>>    accept can food items which goes to the local communities food bank. It’s
>>    not only people on the other side of the world that needs help but also
>>    people in our own communities.
>>    3. Last we could offer pen testing/security vulnerabilities bug hunts
>>    for relief organizations at our conferences with their permission. Maybe
>>    free or reduce fee for qualified IT folks at relief organizations to our
>>    conferences.
>>
>>
>>
>> This way Nepal isn’t a one off situation and OWASP is actively involved
>> all year long. I realize that Eoin’s idea is a much faster approach that
>> meets an immediate need and my ideas are a much longer approach but I think
>> they are also a more sustainable approach.
>>
>>
>> Tobias and everyone can we see if my ideas will fit within the OWASP
>> community?
>>
>>
>> Thank you.
>>
>> Larry Conklin
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Fri, May 1, 2015 at 5:33 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>>>  Dear Eoin,
>>>
>>> I can inquire with our operations team and can ask for legal advise on
>>> that matter, but I am afraid and quite certain that things are not that
>>> simple. In fact, I am quite certain that by law all our funds are bound to
>>> our mission purpose as defined in our charity's bylaws.
>>>
>>> Let me explain a bit:
>>> If we were a for-profit organisation, we would have more freedom. But
>>> OWASP is a charity and the foundation has a specified mission and purpose.
>>> We can spend money on things within that purpose, but not outside of it.
>>> And giving to a disaster relieve fund would be outside of the OWASP mission
>>> as stated in our bylaws. (btw. that is also the reason why you basically
>>> never see any charity give to another that is not directly within its
>>> mission scope....)
>>> Further, even if individual income is not explicitly dedicated to a
>>> project or single chapter, all money OWASP receives is for the purpose of
>>> our mission as our income is taxed under our status as a charity and the
>>> funds are mixed with donations etc. And furthermore, we have a fiduciary
>>> duty to make sure that all donations and money received are used for the
>>> designated purpose.
>>>
>>> If an officer or a board member would redirect funds for purposes that
>>> are not in line with the OWASP mission, that person would indeed be
>>> personally liable for misappropriation, to the community, to our donors, to
>>> the state, to audits, etc.
>>>
>>> As I said, I think it is commendable to donate for a good cause. And I
>>> do donate from my own money for such causes and btw. also for OWASP, which
>>> is also a good cause.
>>>
>>> So my suggestion is that we, you, I and everyone who wants, donate from
>>> our own personal money for such good causes. That has two benefits: 1. we
>>> give more for good causes (because we are not attempting to redirect money
>>> from one charity to another, but give from our own money) and 2. we do not
>>> misappropriate funds away from the OWASP charity and risk loosing our
>>> designation or that we could face serious charges of fraud and
>>> misappropriation of funds for the organisation and the responsible officers
>>> and staff.
>>>
>>> I hope this explanation is clear enough. I am not a lawyer, but I have
>>> encountered this question before and I try to recite the reasoning as good
>>> as it has been explained to me in the past.
>>>
>>> Hope that helps. And please feel encouraged to donate to other charities
>>> for disaster relief and more to help our friends in Nepal and many other
>>> places around the world. I definitely will do so. And hopefully others
>>> will, too. There is still so much to be done.
>>>
>>> With warm regards,
>>>
>>> Tobias
>>>
>>>
>>>
>>>
>>>
>>> On 01/05/15 12:25, Eoin Keary wrote:
>>>
>>> Tobias, I'm certainly happy for OWASP to donate edgescans 2015 corporate
>>> membership funds and also Appsec 2015 silver sponsorship funds to a good
>>> cause like Nepal. I don't think such funds are ring-fenced in any way.
>>>
>>>
>>> Eoin Keary
>>> BCC Risk Advisory - edgescan
>>> CTO
>>>
>>>
>>> On 1 May 2015, at 00:46, Tobias <tobias.gondrom at owasp.org> wrote:
>>>
>>>   Hi Eoin,
>>>
>>> my heart and thoughts go out to the victims of this tragic disaster and
>>> their families. And I will donate from my own money to the relieve programs
>>> and encourage others to follow that example.
>>>
>>> But I do not believe, we as OWASP can use money donated to OWASP for the
>>> purpose of the OWASP mission and re-donate for another purpose. The funds
>>> we receive have been given to us for the sole purpose of the OWASP mission
>>> and it can create serious legal problems if we would attempt to re-purpose
>>> funds donated to OWASP for another task.
>>>
>>> So my suggestion is that people should donate to the helping charity
>>> organisations individually. Maybe you like to do so, too?
>>>
>>> And if there are OWASP activities that are in line with our OWASP
>>> mission that could help our friends in Nepal through that, we should
>>> consider doing them. Maybe you have some practical ideas. Maybe there is an
>>> open source team that can help with some ideas or code a project for the
>>> rebuild. Or in a couple of months when Nepal is rebuilding, we host an
>>> OWASP chapter event and send a speaker to help rebuild activity in the
>>> Nepal security communities. Open for ideas.
>>>
>>> Best regards, Tobias
>>>
>>>
>>>
>>> On 30/04/15 22:01, Eoin Keary wrote:
>>>
>>> Whatever works. I believe money travels faster but helping is what is
>>> most important..
>>> I'd like to see if we can get approval first from the foundation?
>>>
>>> Eoin Keary
>>> BCC Risk Advisory - edgescan
>>> CTO
>>>
>>>
>>> On 30 Apr 2015, at 18:42, John Patrick Lita <john.patrick.lita at owasp.org>
>>> wrote:
>>>
>>>   Eion i agree +1, but if we Directly Buy Food and Water and Send them
>>> Directly to Nepal? we can Address the Goods one of our chapter in Nepal?
>>>
>>> On Thu, Apr 30, 2015 at 10:14 AM, Matthew Parsons <
>>> mparsons at parsonsisconsulting.com> wrote:
>>>
>>>>  +1 I agree with donating the money.
>>>> Matt
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Apr 30, 2015, at 11:50 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>>
>>>>   I'd suggest the foundation donate €10,000 to the Red Cross. I'm sure
>>>> from memory the foundation has the funds.
>>>> Who's with me!!??
>>>>
>>>> Eoin Keary
>>>> BCC Risk Advisory - edgescan
>>>> CTO
>>>>
>>>>
>>>> On 29 Apr 2015, at 17:47, Riotaro OKADA <riotaro.okada at owasp.org>
>>>> wrote:
>>>>
>>>>  Hello Leaders,
>>>>
>>>> The Nepal chapter lead Gaurab Raj Pant has contacted me today,
>>>> and told me their situation.
>>>>
>>>> ================================
>>>> As I’m sure you already know, a devastating 7.6 Richter scale
>>>> earthquake hit Nepal on the 25th April 2015, at 11: 58 AM, destroying
>>>> many historical landmarks, houses, roads and killing approx. 3725
>>>> people in 48 of 75 districts in Nepal while the death toll still
>>>> continues to rise.
>>>>
>>>> Continued tremors are still being felt, meaning everyone is out on the
>>>> open area where ever they can find. Should tremors continue (which has
>>>> stopped for the last few hours) and if people are out like this, we
>>>> are likely to see huge challenge of basic supplies like water and also
>>>> major public health disaster. If tremors stop and people can go to
>>>> their homes and their life, Kathmandu, for the most part, should be
>>>> fine. Outside Kathmandu, the situation is severe. Thousands are now
>>>> homeless, have lost all supplies to the quakes, students have passed
>>>> away, and community members continue to cry out for help but to no
>>>> avail. From what we have seen in our attempt to provide relief, there
>>>> has been no effort from the government or other agencies in rural
>>>> Nepal.
>>>>
>>>> Please help Nepalese.
>>>> ================================
>>>>
>>>> And he and his family are safe so far, but living at tents in open
>>>> space.
>>>> People need Medical, Tents, Cloths, water purifier continuously, though
>>>>  Red Cross has fed these. As for chapter members, some could be
>>>>  connected safe but still some are not still connected, Gaurab said.
>>>>
>>>> I do not have enough information to help them but I strongly encourage
>>>> all of you chapter leads to find how to help Nepal's people and society
>>>> from various ways.
>>>>
>>>> Thanks,
>>>>
>>>> Rio
>>>>
>>>> --
>>>> Riotaro OKADA
>>>> OWASP Japan Chapter
>>>> Leader
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>   _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>>      Best Regrads
>>> John Patrick Lita
>>>  *Chapter Leader OWASP Manila*
>>> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
>>> https://www.owasp.org/index.php/Manila
>>> https://lists.owasp.org/mailman/listinfo/owasp-manila
>>>  <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> This message may contain confidential information - you should handle it
> accordingly.
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
This message may contain confidential information - you should handle it 
accordingly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150504/6d725846/attachment-0001.html>


More information about the OWASP-Leaders mailing list