[Owasp-leaders] OWASP charitable status (was: Re: OWASP Election)

Dinis Cruz dinis.cruz at owasp.org
Thu Oct 8 18:54:21 UTC 2015


I'm with Jim on this one, I just read all current threads and can
understand the benefits of the move (in fact I only see downsides)

Let's spend energy in making the current Owasp better, not on introducing
another batch of organisational changes which will take our focus from
AppSec
On 8 Oct 2015 7:35 pm, "Jim Manico" <jim.manico at owasp.org> wrote:

> My take on this is that moving to a trade association does not solve a
> problem, it causes one.
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me at AppSecUSA <http://appsecusa.org/> 2015!
>
> On Oct 8, 2015, at 8:29 PM, Tony Turner <tony.turner at owasp.org> wrote:
>
> Jim, I'm not suggesting we change. I've mentioned adding a subsidiary to
> facilitate lobbying activities if we decide that is warranted, because
> that's the only area I feel a (c)(3) has limitations relevant to our
> mission. I am not in favor of OWASP giving up charity status, because I
> truly feel that is well-mapped to our mission. I just want to see the
> problem statement Tom is trying to address by the proposed change. If he
> can't produce that, this becomes a nonsensical conversation.
>
> On Thu, Oct 8, 2015 at 2:19 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Tony,
>>
>> We don't really do any lobbying now. If we wanted to, we could - even as
>> a 501(c)3 - so long as we limit the money we spend doing it per current IRS
>> regulation.
>>
>> So why change to a trade association to do "more lobbying" when we don't
>> even do it now? I think it's short cited to suggest we change to a trade
>> association because there are no positives, we don't really gain anything
>> but we lose a lot.
>>
>> More than the IRS law, for a candidate to even suggest this demonstrates
>> a priority over vendors and commerce and things that feel self serving to
>> me as opposed to a focus on education and charity. Moving away from a
>> charity is something that is very disturbing to me and I feel it
>> jeopardizes destroying what makes OWASP great.
>>
>> --
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> https://www.owasp.org
>>
>> On Oct 8, 2015, at 7:50 PM, Tony Turner <tony.turner at owasp.org> wrote:
>>
>> Thanks Tobias, that's exactly what I was getting at in my last email.
>> From my perspective, the only thing I've consistently heard that hinders
>> our mission somewhat is restrictions around getting involved in
>> politics/legislation. While OWASP is referenced by many frameworks around
>> the globe, we do appear to be somewhat limited in our ability to
>> proactively lobby lawmakers to make more sensible laws. Making laws isn't
>> necessarily part of our mission, but making application security visible to
>> those that do make laws certainly falls within our objectives I would say.
>> It's possible that an OWASP project geared around legal frameworks and
>> application security that can be referenced by those more inclined to lobby
>> would fill that gap without the need for restructuring.
>>
>> Has anyone run into other issues that the (c)(3) prohibits that hinders
>> our mission?
>>
>> On Thu, Oct 8, 2015 at 1:38 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>>> Good to see this move to a discussion about our organisation structure
>>> and not a election campaign one.
>>>
>>> I like to take this one step further:
>>> In fact this should at first not be about technical organisational
>>> structure.
>>> *The key question is what we want to do and then we see whether the
>>> organisational structure fits that or needs to be changed.* So we
>>> should think about what are the new actions we want to take and the things
>>> that we no longer want to do, that would require us to change from 501(c)3
>>> to 501(c)6?
>>>
>>> What are the underlying real reasons to change?
>>> And of course also what are the disadvantages of changing?
>>> So far I have not heard much about that...
>>> I really like to understand what is the need, what is the underlying
>>> reason for that?
>>>
>>> Maybe one data point I can offer from my last two years at the board:
>>> Over the last two years, I did not encounter much problems with our
>>> current structure. I do not recall cases where we really wanted to do
>>> something and couldn't, just because we were a 501(c)3. That was not the
>>> problem. Nor did I feel "oh gosh, wouldn't it be so much better being a
>>> 501(c)6 now....". Don't get me wrong, there definitely are differences and
>>> actions that are non-compatible with a 501(c)3, but IMHO this was never a
>>> problem. And IMO the spirit of our open sharing community and our aim to
>>> make the world a more secure place feel well aligned with the spirit of a
>>> 501(c)3.
>>>
>>> To conclude: My personal experience so far is that our current structure
>>> works well for our community and we don't have much problems with
>>> restrictions from it. But if someone sees an actual problem and need to
>>> change, I would love to hear more about it and understand it better. Please
>>> help me understand what is the issue for you? And let us discuss which
>>> activity we want to do that would need us to change the organisation in
>>> order to allow us to do it?
>>>
>>> Best regards, Tobias
>>>
>>>
>>>
>>> On 08/10/15 17:35, psiinon wrote:
>>>
>>> From http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247
>>>
>>> What is the purpose of an IRC § 501(c)(6) organization?
>>>
>>> A4: The purpose of this type of organization is to serve its members
>>>
>>> I dont think that what OWASP should be about - we should be all about
>>> helping others (to be more secure) not about helping OWASP members.
>>>
>>> Q5: What are the functions of an IRC § 501(c)(3) organization?
>>>
>>> A5: The functions of an IRC § 501(c)(3) organization can be
>>> multitudinous. There are endless types of programs that serve charitable,
>>> educational, and like ends.
>>>
>>> OK, so I'm new to this legalise and definitely dont really understand
>>> the differences, but that sounds much more appropriate for OWASP.
>>>
>>> Simon
>>>
>>>
>>> On Wed, Oct 7, 2015 at 7:57 PM, Tom Brennan <tomb at proactiverisk.com>
>>> wrote:
>>>
>>>> To be fair Jim OWASP is not a scientific research or a religious
>>>> focus.  It is focused on “trying to raise awareness for software security"
>>>>
>>>> This was discussed during the interview have a listen here
>>>> https://soundcloud.com/owasp-podcast/owasp-board-interview-milton-smith-tobias-gondrom-tom-brannen
>>>>
>>>>
>>>> I also wish to draw your eyes and those of the other members (660+ on
>>>> this leaders list) to the legal review of 501(c)3 vs. (c)6 that are BOTH
>>>> non-profit status
>>>>
>>>> http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247
>>>>
>>>> This is not a GOP debate — this is a group of (9) people that are
>>>> volunteering to help the organization continue to grow globally and locally.
>>>>
>>>> Tom Brennan
>>>> 973-506-9304
>>>>
>>>> On Oct 7, 2015, at 2:47 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>
>>>> Tom is trying to shift OWASP away from a charity to a 501c6 trade
>>>> association.
>>>>
>>>> If you want to drop our charity and focus on vendor relations then vote
>>>> for Tom.
>>>>
>>>> If you care about open source, serving the community, and our values of
>>>> vendor neutrality and non-commercialism then please consider other
>>>> candidates.
>>>>
>>>> --
>>>> Jim Manico
>>>> Global Board Member
>>>> OWASP Foundation
>>>> https://www.owasp.org
>>>> Join me at AppSecUSA <http://appsecusa.org/> 2015!
>>>>
>>>> On Oct 7, 2015, at 1:42 PM, Tom Brennan <tomb at proactiverisk.com> wrote:
>>>>
>>>> OWASP Foundation Inc., announced the 2015 International Board of
>>>> Director candidates and I am throwing my hat in the ring again.
>>>>
>>>> I am requesting your support and vote this October 7th 2015 – WHY ME
>>>> you ask…. read, watch and hear the details here:
>>>>
>>>> http://www.proactiverisk.com/2016-owasp/
>>>>
>>>> Semper Fi,
>>>> Tom Brennan
>>>>
>>>>
>>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>>> not accept liability for any errors or omissions in the contents of this
>>>> message, which arise as a result of e-mail transmission. No employee
>>>> or agent is authorized to conclude any binding agreement on behalf of
>>>> ProactiveRISK with another party by email.
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>>> not accept liability for any errors or omissions in the contents of this
>>>> message, which arise as a result of e-mail transmission. No employee
>>>> or agent is authorized to conclude any binding agreement on behalf of
>>>> ProactiveRISK with another party by email.
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Tony Turner
>> OWASP Orlando Chapter Founder/Co-Leader
>> WAFEC Project Leader
>> STING Game Project Leader
>> tony.turner at owasp.org
>> https://www.owasp.org/index.php/Orlando
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Tony Turner
> OWASP Orlando Chapter Founder/Co-Leader
> WAFEC Project Leader
> STING Game Project Leader
> tony.turner at owasp.org
> https://www.owasp.org/index.php/Orlando
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151008/a0b48d66/attachment-0001.html>


More information about the OWASP-Leaders mailing list