[Owasp-leaders] OWASP Election

Mike Goodwin mike.goodwin at owasp.org
Fri Oct 9 11:27:05 UTC 2015

I've spent quite a bit of time reading up on this stuff now, and my opinion
is the same as Bev's - stay as 501(c)3 but consider a subsidiary body of
another type.

My reasons, partly taken from this as the source document

   - 501(c)6 is about running on behalf of members interests (page K-4 of
   the source document). When I look at the attendees of my chapter and think
   about the (intended) users of my project, many of them are not OWASP
   members. While membership would be good, I want to continue to serve them
   regardless of their membership status. 501(c)3 seems to be necessary for
   - 501(c)6 appears to specifically require members to have a business
   interest in common and excludes amateurs (pages K-9 and K-11). This would
   seem to exclude current members who are hobbyists.
   - I am an admirer of Mozilla. Their structure, if I understand it
   properly, is a 501(c)3 parent (the Mozilla Foundation)
   <https://www.mozilla.org/en-US/foundation/about/> that has a wholly
   owned subsidiary (the Mozilla Corporation). In their case, the subsidiary
   is a taxable corporation that serves the mission of the parent - I'm not
   expert enough to know whether a 501(c)6 subsidiary would do the same job.

On the last point, it seems to me that Mozilla have a lot of
characteristics that I would like to see in OWASP:

   - Their main web site is slick and great
   - Firefox is a jewel in the open source crown
   - The MDN website is a superb resource
   - They indirectly support OWASP ZAP by employing Simon - I have heard
   Simon say he would find it very difficult to maintain his current level of
   effort on ZAP without the support of Mozilla (@Simon - please correct me if
   I'm misrepresenting you)
   - They achieve this with 10.5k (active) Mozillans compared to 42k
   (active?) members of OWASP. Presumably though, they have many more
   employees (of the wholly owned corporation?) than OWASP.

Best regards,


On 8 October 2015 at 22:43, Bev Corwin <bev.corwin at owasp.org> wrote:

> Chiming in here.....Having read through this discussion, going to bite the
> bait and submit my 2 cents: I think that it is a mistake and a waste of
> time and resources to convert OWASP Foundation from a 501(c)3 to a 501(c)6.
> I'm not even sure if it would be allowable by IRS. I tend to think not, but
> I'm not an expert by any means. However, regardless, I do think that Tom
> brings other valuable leadership qualities to the table, commitment, and
> enthusiasm, therefore, I believe that he would make a good board member,
> but it is not a good plan to make a conversion, IMHO. I'd prefer to see the
> new board authorize a committee to create a separate OWASP Professional
> Association 501(c)6, an entirely new organization. Honestly, it will be
> easier than trying to convert the existing organization, and will also
> allow those who care more about the charitable nature of OWASP Foundation
> 501(c)3 to continue our good work. I would also support the creation of a
> new 501(c)6 OWASP Professional Association, and oppose this idea of
> converting any organization from one type to another, in large part,
> because most organizations typically fail at such efforts, and end up doing
> more damage than good, completely destroying the organization. If you can
> show me one successful conversion of a 501(c)3 to a 501(c)6 or vice verse,
> I will happily reconsider my position. I would greatly prefer to see OWASP
> Foundation 501(c)3 continue to operate as such, while continually improving
> in the charitable organization space, and appropriately and legally support
> the development of a new 501(c)6 OWASP Professional Association, external
> and independent, with separate boards, staff, etc. Thank you. Best wishes,
> Bev
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151009/74baa1ef/attachment.html>

More information about the OWASP-Leaders mailing list