[Owasp-leaders] OWASP charitable status (was: Re: OWASP Election)

Tony Turner tony.turner at owasp.org
Thu Oct 8 18:29:48 UTC 2015


Jim, I'm not suggesting we change. I've mentioned adding a subsidiary to
facilitate lobbying activities if we decide that is warranted, because
that's the only area I feel a (c)(3) has limitations relevant to our
mission. I am not in favor of OWASP giving up charity status, because I
truly feel that is well-mapped to our mission. I just want to see the
problem statement Tom is trying to address by the proposed change. If he
can't produce that, this becomes a nonsensical conversation.

On Thu, Oct 8, 2015 at 2:19 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Tony,
>
> We don't really do any lobbying now. If we wanted to, we could - even as a
> 501(c)3 - so long as we limit the money we spend doing it per current IRS
> regulation.
>
> So why change to a trade association to do "more lobbying" when we don't
> even do it now? I think it's short cited to suggest we change to a trade
> association because there are no positives, we don't really gain anything
> but we lose a lot.
>
> More than the IRS law, for a candidate to even suggest this demonstrates a
> priority over vendors and commerce and things that feel self serving to me
> as opposed to a focus on education and charity. Moving away from a charity
> is something that is very disturbing to me and I feel it jeopardizes
> destroying what makes OWASP great.
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
>
> On Oct 8, 2015, at 7:50 PM, Tony Turner <tony.turner at owasp.org> wrote:
>
> Thanks Tobias, that's exactly what I was getting at in my last email. From
> my perspective, the only thing I've consistently heard that hinders our
> mission somewhat is restrictions around getting involved in
> politics/legislation. While OWASP is referenced by many frameworks around
> the globe, we do appear to be somewhat limited in our ability to
> proactively lobby lawmakers to make more sensible laws. Making laws isn't
> necessarily part of our mission, but making application security visible to
> those that do make laws certainly falls within our objectives I would say.
> It's possible that an OWASP project geared around legal frameworks and
> application security that can be referenced by those more inclined to lobby
> would fill that gap without the need for restructuring.
>
> Has anyone run into other issues that the (c)(3) prohibits that hinders
> our mission?
>
> On Thu, Oct 8, 2015 at 1:38 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>> Good to see this move to a discussion about our organisation structure
>> and not a election campaign one.
>>
>> I like to take this one step further:
>> In fact this should at first not be about technical organisational
>> structure.
>> *The key question is what we want to do and then we see whether the
>> organisational structure fits that or needs to be changed.* So we should
>> think about what are the new actions we want to take and the things that we
>> no longer want to do, that would require us to change from 501(c)3 to
>> 501(c)6?
>>
>> What are the underlying real reasons to change?
>> And of course also what are the disadvantages of changing?
>> So far I have not heard much about that...
>> I really like to understand what is the need, what is the underlying
>> reason for that?
>>
>> Maybe one data point I can offer from my last two years at the board:
>> Over the last two years, I did not encounter much problems with our
>> current structure. I do not recall cases where we really wanted to do
>> something and couldn't, just because we were a 501(c)3. That was not the
>> problem. Nor did I feel "oh gosh, wouldn't it be so much better being a
>> 501(c)6 now....". Don't get me wrong, there definitely are differences and
>> actions that are non-compatible with a 501(c)3, but IMHO this was never a
>> problem. And IMO the spirit of our open sharing community and our aim to
>> make the world a more secure place feel well aligned with the spirit of a
>> 501(c)3.
>>
>> To conclude: My personal experience so far is that our current structure
>> works well for our community and we don't have much problems with
>> restrictions from it. But if someone sees an actual problem and need to
>> change, I would love to hear more about it and understand it better. Please
>> help me understand what is the issue for you? And let us discuss which
>> activity we want to do that would need us to change the organisation in
>> order to allow us to do it?
>>
>> Best regards, Tobias
>>
>>
>>
>> On 08/10/15 17:35, psiinon wrote:
>>
>> From http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247
>>
>> What is the purpose of an IRC § 501(c)(6) organization?
>>
>> A4: The purpose of this type of organization is to serve its members
>>
>> I dont think that what OWASP should be about - we should be all about
>> helping others (to be more secure) not about helping OWASP members.
>>
>> Q5: What are the functions of an IRC § 501(c)(3) organization?
>>
>> A5: The functions of an IRC § 501(c)(3) organization can be
>> multitudinous. There are endless types of programs that serve charitable,
>> educational, and like ends.
>>
>> OK, so I'm new to this legalise and definitely dont really understand the
>> differences, but that sounds much more appropriate for OWASP.
>>
>> Simon
>>
>>
>> On Wed, Oct 7, 2015 at 7:57 PM, Tom Brennan <tomb at proactiverisk.com>
>> wrote:
>>
>>> To be fair Jim OWASP is not a scientific research or a religious focus.
>>> It is focused on “trying to raise awareness for software security"
>>>
>>> This was discussed during the interview have a listen here
>>> https://soundcloud.com/owasp-podcast/owasp-board-interview-milton-smith-tobias-gondrom-tom-brannen
>>>
>>>
>>> I also wish to draw your eyes and those of the other members (660+ on
>>> this leaders list) to the legal review of 501(c)3 vs. (c)6 that are BOTH
>>> non-profit status
>>>
>>> http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247
>>>
>>> This is not a GOP debate — this is a group of (9) people that are
>>> volunteering to help the organization continue to grow globally and locally.
>>>
>>> Tom Brennan
>>> 973-506-9304
>>>
>>> On Oct 7, 2015, at 2:47 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> Tom is trying to shift OWASP away from a charity to a 501c6 trade
>>> association.
>>>
>>> If you want to drop our charity and focus on vendor relations then vote
>>> for Tom.
>>>
>>> If you care about open source, serving the community, and our values of
>>> vendor neutrality and non-commercialism then please consider other
>>> candidates.
>>>
>>> --
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundation
>>> https://www.owasp.org
>>> Join me at AppSecUSA <http://appsecusa.org/> 2015!
>>>
>>> On Oct 7, 2015, at 1:42 PM, Tom Brennan <tomb at proactiverisk.com> wrote:
>>>
>>> OWASP Foundation Inc., announced the 2015 International Board of
>>> Director candidates and I am throwing my hat in the ring again.
>>>
>>> I am requesting your support and vote this October 7th 2015 – WHY ME you
>>> ask…. read, watch and hear the details here:
>>>
>>> http://www.proactiverisk.com/2016-owasp/
>>>
>>> Semper Fi,
>>> Tom Brennan
>>>
>>>
>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>> not accept liability for any errors or omissions in the contents of this
>>> message, which arise as a result of e-mail transmission. No employee or
>>> agent is authorized to conclude any binding agreement on behalf of
>>> ProactiveRISK with another party by email.
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>> not accept liability for any errors or omissions in the contents of this
>>> message, which arise as a result of e-mail transmission. No employee or
>>> agent is authorized to conclude any binding agreement on behalf of
>>> ProactiveRISK with another party by email.
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Tony Turner
> OWASP Orlando Chapter Founder/Co-Leader
> WAFEC Project Leader
> STING Game Project Leader
> tony.turner at owasp.org
> https://www.owasp.org/index.php/Orlando
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
WAFEC Project Leader
STING Game Project Leader
tony.turner at owasp.org
https://www.owasp.org/index.php/Orlando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151008/b32c2ee2/attachment-0001.html>


More information about the OWASP-Leaders mailing list