[Owasp-leaders] [Owasp-community] Project and Chapter Funding Proposal

Josh Sokol josh.sokol at owasp.org
Thu Oct 8 14:24:26 UTC 2015

If you don't submit a budget, then the money COULD be reallocated to other
chapters, projects, or initiatives.  In all likelihood, what WOULD happen
is the staff would become more active in touching base with you and
encouraging you to spend the money as that is really the goal here.  Nobody
wants to take the money from you.  We just want it spending rather than
sitting in an account not furthering the OWASP mission.

If you submit a budget, but don't stick to it, NOTHING happens.  Hopefully
we learn and improve for the next budget cycle.

No, you don't have to spend it all in one year.  There is a "future
spending" clause in the proposal that allows you to designate expenses over
a year out.  That said, we shouldn't be saving money just because.  If we
are saving, its because we have some future initiative that we want to
accomplish.  There is no cap.  We trust you to have a plan.

Sure, you can reserve some money for unanticipated events.  I would call it
"Miscellaneous Expenses" in my budget, but its all the same.  No cap, but
it shouldn't be used as a coverall either.

As I said, the goal here is to get money moving at OWASP.  There are
obviously ways to game this system.  We are all hackers and can see that.
We are also all responsible adults with OWASPs mission in mind.  If we can
use the process to identify stale funds and get them moving to further our
mission, then OWASP wins.  All I would ask is that you use your best
judgement when performing the budget exercise and consider donating back
what you won't use.  The Austin Chapter sent $10k back to the Foundation in
2014 because it was outside its budget and they felt that others could use
it.  That is the kind of thinking that I would like to see from all of our

On Oct 8, 2015 8:32 AM, "psiinon" <psiinon at gmail.com> wrote:

> Just to double check I understand this correctly....
> There are over $7000 in the ZAP funds.
> If I dont submit a budget for 2016 what could happen to that money?
> If I do submit a budget for 2016 but dont completely stick to it, what
> could happen to that money?
> Do I have to spend all of the ZAP funds in one year, or can I carry some
> over? If so, how much?
> Can I reserve some of that money for 'unanticipated events', and if so how
> much?
> Cheers,
> Simon
> On Thu, Oct 8, 2015 at 2:14 PM, psiinon <psiinon at gmail.com> wrote:
>> Thanks for clarifying that for me Josh :)
>> On Thu, Oct 8, 2015 at 2:12 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> Simon,
>>> It is the latter.  Solely for money allocated from the general
>>> Foundation funds so that we can recoup what is allocated, but not spent.
>>> On Oct 8, 2015 3:48 AM, "psiinon" <psiinon at gmail.com> wrote:
>>>> I dont think its that clear cut.
>>>> In many cases the money has not been allocated by the Foundation -
>>>> people have decided to donate to a specific project or chapter, and I think
>>>> we should be very careful before arbitrarily moving money away from them.
>>>> In the case of projects, if we take money away that has been donated to
>>>> them then we run the risk of those projects leaving OWASP so that money
>>>> donated to them is protected, or putting off new projects from joining
>>>> OWASP because of the danger of having their funds removed.
>>>> Having said that, I'm generally in favour of this proposal - I think
>>>> its a very good idea for projects and chapters with significant funds to be
>>>> required to produce a budget.
>>>> However we should be looking to support and encourage projects and
>>>> chapters to use their funds effectively rather than threatening to take
>>>> their funds away.
>>>> I'm still not completely happy with the current proposal, in particular
>>>> the phrase in the revised section 9: "Money that is budgeted in this
>>>> manner, that wasn’t spent during the calendar year, would be returned back
>>>> to the OWASP Foundation general funds."
>>>> Does this section apply to general chapter/project funds or funds
>>>> allocated from Foundation general funds for a specific purpose? If its the
>>>> latter then thats fine :)
>>>> If its for general chapter/project funds then I think its should be
>>>> reconsidered. Situations change, and there may be very good reasons why
>>>> money allocated to a specific task wasnt spent in a specific calendar year.
>>>> It should be possible to carry these funds over to the next year if
>>>> appropriate.
>>>> Cheers,
>>>> Simon
>>>> On Wed, Oct 7, 2015 at 2:45 PM, Tony Turner <tony.turner at owasp.org>
>>>> wrote:
>>>>> If you aren't spending money, why do you need it? It's not yours, it's
>>>>> the Foundations allocated for your chapter or project usage. If funds are
>>>>> not needed they should be reallocated. Create a multi-year budget if you
>>>>> need to. Submit additional budget requests if you identify additional needs
>>>>> later. This concept of money ownership is not conducive to the overall
>>>>> goals of OWASP. We have a singular mission, executed in many different ways
>>>>> by many different people but at the end of it all, there's no reason for
>>>>> anyone to feel they need to stake a claim on "their" funds. If your
>>>>> objectives at the chapter or project level are being met, why does it
>>>>> matter how much is sitting in your "account"?
>>>>> On Oct 7, 2015 9:27 AM, "Azzeddine Ramrami" <
>>>>> azzeddine.ramrami at owasp.org> wrote:
>>>>>> Hi Jim, Hi Josh,
>>>>>> Thanks for the proposal Josh and Jim. Very good initiative.
>>>>>> I agree with all points except this one (I joind Richard):
>>>>>> "Budgeted money that wasn’t spent during the calendar year would be
>>>>>> returned back to the OWASP Foundation general funds."
>>>>>> Chapter's budget are very critical for meeting, events and more.
>>>>>> Why? It is really difficult to collect found (for my Chapter it is
>>>>>> impossible now) and for my project (CSRFGuard) I received a thousand
>>>>>> of support request without any donation or help.
>>>>>> Thanks.
>>>>>> Azzeddine
>>>>>> On Thu, Oct 1, 2015 at 9:23 AM, Jim Manico <jim.manico at owasp.org>
>>>>>> wrote:
>>>>>>> Richard, if you remove that one aspect of the proposal, what do you
>>>>>>> think about the other 9 points?
>>>>>>> - Jim
>>>>>>> On 9/30/15 8:40 PM, Richard Greenberg wrote:
>>>>>>> Thanks for the proposal Josh and Jim. Sadly, I cannot support this. "Budgeted
>>>>>>> money that wasn’t spent during the calendar year would be returned back to
>>>>>>> the OWASP Foundation general funds." No, that will not work. Our chapter
>>>>>>> meeting attendance shot up to 80-120 once we started providing a catered
>>>>>>> dinner, paid for by vendor support and our yearly conference. We loose our
>>>>>>> money to the Foundation, and we are moving month to month without any
>>>>>>> backup funding. This is no way to run a chapter. We have reserves for the
>>>>>>> months we cannot get a sponsor.
>>>>>>> Please do not lecture me about attendees should want to attend even
>>>>>>> if we don't provide food. That is a bad statement. We want attendees, and
>>>>>>> if have to entice them, so be it. Getting the word out about secure
>>>>>>> development trumps any philosophical differences anyone may have.
>>>>>>> Basically, in an attempt to manage the finances, you risk alienating
>>>>>>> the very essence of who OWASP is: the Chapters. Chapters need control of
>>>>>>> their own budgets. We do all the heavy lifting to generate our own income.
>>>>>>> We deserve to manage it.
>>>>>>> You want to see a budget? That is reasonable. You threaten to take
>>>>>>> away our money? Absolutely the wrong approach. Terrible proposal!!
>>>>>>> Richard Greenberg, CISSP
>>>>>>> President, OWASP Los Angeles, <http://www.appsecusa.org/>
>>>>>>> www.owaspla.org
>>>>>>> ISSA Fellow
>>>>>>> VP, ISSA Los Angeles, www.issa-la.org <http://www.appsecusa.org/>
>>>>>>> LinkedIn:  http://www.linkedin.com/in/richardagreenberg
>>>>>>> (424) 261-8111
>>>>>>> On Tue, Sep 29, 2015 at 10:41 AM, Jim Manico <jim.manico at owasp.org>
>>>>>>> wrote:
>>>>>>>> Hello all,
>>>>>>>> If you have a moment, please take a look at the funding proposal
>>>>>>>> below. The board is going to vote on this soon. I'd be grateful if you had
>>>>>>>> time to review and provide comments.
>>>>>>>> Cheers,
>>>>>>>> --
>>>>>>>> Jim Manico
>>>>>>>> Global Board Member
>>>>>>>> OWASP Foundation
>>>>>>>> https://www.owasp.org
>>>>>>>> Join me at AppSecUSA 2015!
>>>>>>>> On 9/25/15 10:20 PM, Jim Manico wrote:
>>>>>>>>> OWASP Community,
>>>>>>>>> Josh Sokol proposed a major funding initiative for projects and
>>>>>>>>> chapters at the OWASP global board meeting earlier today.
>>>>>>>>> https://www.owasp.org/index.php/Proposal_for_2015-09-25_OWASP_Board_Meeting
>>>>>>>>> I personally think this is an excellent proposal and would like to
>>>>>>>>> call for a board vote early next week so our staff can prep for this for
>>>>>>>>> 2016.
>>>>>>>>> In the spirit of transparency and even more important - getting
>>>>>>>>> valuable feedback from the community - we are publishing this proposal to
>>>>>>>>> the community at large.
>>>>>>>>> Please read this carefully and let us know what you think
>>>>>>>>> https://www.owasp.org/index.php/Proposal_for_2015-09-25_OWASP_Board_Meeting
>>>>>>>>> Aloha,
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-community mailing list
>>>>>>>> Owasp-community at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>>> --
>>>>>>> Jim Manico
>>>>>>> Global Board Member
>>>>>>> OWASP Foundationhttps://www.owasp.org
>>>>>>> Join me at AppSecUSA 2015!
>>>>>>> _______________________________________________
>>>>>>> Owasp-community mailing list
>>>>>>> Owasp-community at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>> --
>>>>>> Azzeddine RAMRAMI
>>>>>> +33 6 65 48 90 04.
>>>>>> Enterprise Security Architect
>>>>>> OWASP Leader (Morocco Chapter)
>>>>>> Mozilla Security Projects Mentor
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> _______________________________________________
>>>>> Owasp-community mailing list
>>>>> Owasp-community at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>> _______________________________________________
>>>> Owasp-community mailing list
>>>> Owasp-community at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151008/c777e4f2/attachment-0001.html>

More information about the OWASP-Leaders mailing list