[Owasp-leaders] Help and Pray for Nepal

Timur 'x' Khrotko (owasp) timur at owasp.org
Mon May 4 02:04:25 UTC 2015


Among your three propositions, Larry, I would vote for the last one.

We may create an OWASP promo of action: "OWASP initiative: Special offers
on vulnerability audits / security advise for relief organizations".
We as OWASP can create the guide of action, ad material, probably a site
explaining why we call our auditors/consultants to provide special offers
as our reaction to the drama in Nepal.

Security audits/consulting labeled by this OWASP promo are of course done
by our firms, the lost profit is to be borne by them. Our proprofit
organizations find the clients (relief organizations) and make the proposal
according to the rules of the promo. Or maybe OWASP Foundation can approach
Red Cross or other global organizations of this type, their central offices
to let them know that their local organizations can contact local OWASP
chapters to connect to the local auditors who may provide them more
affordable audits or AppSec consulting.

Many of local aid organisations have CMS based sites, vulnerable for sure:
http://www.nrcs.org/
http://www.redcrescent.tj/
We may help them to maintain those with more security in mind.

Regards,

Timur

On Mon, May 4, 2015 at 12:11 AM, Larry Conklin <larry.conklin at owasp.org>
wrote:

> Hello Everyone, I wanted to add my thoughts to this conversation...
>
> I like that Eoin wants OWASP to contribute to Nepal but I am not
> convenience that using foundation money is the best way forward. It is the
> most easy and quickest way to get funding to Nepal but I have reservations
> about giving money to Nepal chapter or a large sum of money to any relief
> organization on a short notice.
>
>
>
> While I am confident they wont do any thing wrong and am also feel that
> someone at sometime will make it an issue.
>
>
>
> My biggest objection is not to make Nepal a one-off situation. In 2014
> natural disasters claimed the lives of more than 2,700 people and caused
> about US $42 billion in damage worldwide in 2014. In any month we can
> expect natural disaster to claim lives and unfortunately countries like
> Nepal with high poverty and large low-incomes have more of their citizens
> at risk when a natural disaster hits.
>
>
>
> I do totally agree with Eoin that OWASP should not just stand by and do
> nothing or act as separate individuals. OWASP is a community and as a
> community we are much stronger then any individual.
>
>
>
> I would like to see three things happen.
>
>
>
>    1. Have the OWASP foundation support in creating some kind of tee
>    shirt that we can sell at all OWASP conferences and at chapter meetings
>    where profit proceeds at year-end are given to a recognized relief
>    organization(s). I hope someone can come up with something better but
>    it would be something like “OWASP helps in protecting both cyber and
>    physical space”. Foundation would cover the startup cost only and be
>    repaid. There is some risk to the foundation in not being repaid.
>    2. Second is something we do here in Oklahoma with two of our large
>    user conferences as part of or a discount of the conference fee is to
>    accept can food items which goes to the local communities food bank. It’s
>    not only people on the other side of the world that needs help but also
>    people in our own communities.
>    3. Last we could offer pen testing/security vulnerabilities bug hunts
>    for relief organizations at our conferences with their permission. Maybe
>    free or reduce fee for qualified IT folks at relief organizations to our
>    conferences.
>
>
>
> This way Nepal isn’t a one off situation and OWASP is actively involved
> all year long. I realize that Eoin’s idea is a much faster approach that
> meets an immediate need and my ideas are a much longer approach but I think
> they are also a more sustainable approach.
>
>
> Tobias and everyone can we see if my ideas will fit within the OWASP
> community?
>
>
> Thank you.
>
> Larry Conklin
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Fri, May 1, 2015 at 5:33 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  Dear Eoin,
>>
>> I can inquire with our operations team and can ask for legal advise on
>> that matter, but I am afraid and quite certain that things are not that
>> simple. In fact, I am quite certain that by law all our funds are bound to
>> our mission purpose as defined in our charity's bylaws.
>>
>> Let me explain a bit:
>> If we were a for-profit organisation, we would have more freedom. But
>> OWASP is a charity and the foundation has a specified mission and purpose.
>> We can spend money on things within that purpose, but not outside of it.
>> And giving to a disaster relieve fund would be outside of the OWASP mission
>> as stated in our bylaws. (btw. that is also the reason why you basically
>> never see any charity give to another that is not directly within its
>> mission scope....)
>> Further, even if individual income is not explicitly dedicated to a
>> project or single chapter, all money OWASP receives is for the purpose of
>> our mission as our income is taxed under our status as a charity and the
>> funds are mixed with donations etc. And furthermore, we have a fiduciary
>> duty to make sure that all donations and money received are used for the
>> designated purpose.
>>
>> If an officer or a board member would redirect funds for purposes that
>> are not in line with the OWASP mission, that person would indeed be
>> personally liable for misappropriation, to the community, to our donors, to
>> the state, to audits, etc.
>>
>> As I said, I think it is commendable to donate for a good cause. And I do
>> donate from my own money for such causes and btw. also for OWASP, which is
>> also a good cause.
>>
>> So my suggestion is that we, you, I and everyone who wants, donate from
>> our own personal money for such good causes. That has two benefits: 1. we
>> give more for good causes (because we are not attempting to redirect money
>> from one charity to another, but give from our own money) and 2. we do not
>> misappropriate funds away from the OWASP charity and risk loosing our
>> designation or that we could face serious charges of fraud and
>> misappropriation of funds for the organisation and the responsible officers
>> and staff.
>>
>> I hope this explanation is clear enough. I am not a lawyer, but I have
>> encountered this question before and I try to recite the reasoning as good
>> as it has been explained to me in the past.
>>
>> Hope that helps. And please feel encouraged to donate to other charities
>> for disaster relief and more to help our friends in Nepal and many other
>> places around the world. I definitely will do so. And hopefully others
>> will, too. There is still so much to be done.
>>
>> With warm regards,
>>
>> Tobias
>>
>>
>>
>>
>>
>> On 01/05/15 12:25, Eoin Keary wrote:
>>
>> Tobias, I'm certainly happy for OWASP to donate edgescans 2015 corporate
>> membership funds and also Appsec 2015 silver sponsorship funds to a good
>> cause like Nepal. I don't think such funds are ring-fenced in any way.
>>
>>
>> Eoin Keary
>> BCC Risk Advisory - edgescan
>> CTO
>>
>>
>> On 1 May 2015, at 00:46, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>>   Hi Eoin,
>>
>> my heart and thoughts go out to the victims of this tragic disaster and
>> their families. And I will donate from my own money to the relieve programs
>> and encourage others to follow that example.
>>
>> But I do not believe, we as OWASP can use money donated to OWASP for the
>> purpose of the OWASP mission and re-donate for another purpose. The funds
>> we receive have been given to us for the sole purpose of the OWASP mission
>> and it can create serious legal problems if we would attempt to re-purpose
>> funds donated to OWASP for another task.
>>
>> So my suggestion is that people should donate to the helping charity
>> organisations individually. Maybe you like to do so, too?
>>
>> And if there are OWASP activities that are in line with our OWASP mission
>> that could help our friends in Nepal through that, we should consider doing
>> them. Maybe you have some practical ideas. Maybe there is an open source
>> team that can help with some ideas or code a project for the rebuild. Or in
>> a couple of months when Nepal is rebuilding, we host an OWASP chapter event
>> and send a speaker to help rebuild activity in the Nepal security
>> communities. Open for ideas.
>>
>> Best regards, Tobias
>>
>>
>>
>> On 30/04/15 22:01, Eoin Keary wrote:
>>
>> Whatever works. I believe money travels faster but helping is what is
>> most important..
>> I'd like to see if we can get approval first from the foundation?
>>
>> Eoin Keary
>> BCC Risk Advisory - edgescan
>> CTO
>>
>>
>> On 30 Apr 2015, at 18:42, John Patrick Lita <john.patrick.lita at owasp.org>
>> wrote:
>>
>>   Eion i agree +1, but if we Directly Buy Food and Water and Send them
>> Directly to Nepal? we can Address the Goods one of our chapter in Nepal?
>>
>> On Thu, Apr 30, 2015 at 10:14 AM, Matthew Parsons <
>> mparsons at parsonsisconsulting.com> wrote:
>>
>>>  +1 I agree with donating the money.
>>> Matt
>>>
>>> Sent from my iPhone
>>>
>>> On Apr 30, 2015, at 11:50 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>
>>>   I'd suggest the foundation donate €10,000 to the Red Cross. I'm sure
>>> from memory the foundation has the funds.
>>> Who's with me!!??
>>>
>>> Eoin Keary
>>> BCC Risk Advisory - edgescan
>>> CTO
>>>
>>>
>>> On 29 Apr 2015, at 17:47, Riotaro OKADA <riotaro.okada at owasp.org> wrote:
>>>
>>>  Hello Leaders,
>>>
>>> The Nepal chapter lead Gaurab Raj Pant has contacted me today,
>>> and told me their situation.
>>>
>>> ================================
>>> As I’m sure you already know, a devastating 7.6 Richter scale
>>> earthquake hit Nepal on the 25th April 2015, at 11: 58 AM, destroying
>>> many historical landmarks, houses, roads and killing approx. 3725
>>> people in 48 of 75 districts in Nepal while the death toll still
>>> continues to rise.
>>>
>>> Continued tremors are still being felt, meaning everyone is out on the
>>> open area where ever they can find. Should tremors continue (which has
>>> stopped for the last few hours) and if people are out like this, we
>>> are likely to see huge challenge of basic supplies like water and also
>>> major public health disaster. If tremors stop and people can go to
>>> their homes and their life, Kathmandu, for the most part, should be
>>> fine. Outside Kathmandu, the situation is severe. Thousands are now
>>> homeless, have lost all supplies to the quakes, students have passed
>>> away, and community members continue to cry out for help but to no
>>> avail. From what we have seen in our attempt to provide relief, there
>>> has been no effort from the government or other agencies in rural
>>> Nepal.
>>>
>>> Please help Nepalese.
>>> ================================
>>>
>>> And he and his family are safe so far, but living at tents in open space.
>>> People need Medical, Tents, Cloths, water purifier continuously, though
>>>  Red Cross has fed these. As for chapter members, some could be
>>>  connected safe but still some are not still connected, Gaurab said.
>>>
>>> I do not have enough information to help them but I strongly encourage
>>> all of you chapter leads to find how to help Nepal's people and society
>>> from various ways.
>>>
>>> Thanks,
>>>
>>> Rio
>>>
>>> --
>>> Riotaro OKADA
>>> OWASP Japan Chapter
>>> Leader
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>   _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>>      Best Regrads
>> John Patrick Lita
>>  *Chapter Leader OWASP Manila*
>> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
>> https://www.owasp.org/index.php/Manila
>> https://lists.owasp.org/mailman/listinfo/owasp-manila
>>  <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
This message may contain confidential information - you should handle it 
accordingly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150504/4d993571/attachment-0001.html>


More information about the OWASP-Leaders mailing list