[Owasp-leaders] OWASP Election

Jim Manico jim.manico at owasp.org
Fri Oct 9 13:15:55 UTC 2015


Andrew,

Thank you for so eloquently sharing your perspective on this topic with 
us. I cannot agree with you more. I think OWASP is incredibly powerful 
as a charity and I adamantly oppose any shift to 501(c)6 that uses the 
OWASP name. And I truly think this is better for the community.

/"Let's stay impartial, let's build OWASP as a GLOBAL brand, renowned 
for our openness, transparency and independence, and let's think about 
where we really need to be instead of wasting member's funds on legal 
fees."/

Rock on, Andrew!

Aloha,
Jim





On 10/9/15 2:51 PM, Andrew van der Stock wrote:
> As most of you know, I have been around OWASP since nearly the start. 
> I was not in Mark's apartment like so many claim, but I have been 
> around an awful long time. I say this not to blow my own horn, but to 
> remind newer folks that we've been here before, and it sucked. BIG TIME.
>
> I don't know that many of you know why OWASP split into to two 
> factions back in the day when WASC was formed. Those scars from that 
> split are just about all healed up now, but we and all those who left 
> lost way more from the split than you can ever imagine. That split was 
> over many reasons, but one of the many concerns was if we were to be 
> independent and vendor neutral, or more about vendors using OWASP for 
> commercial gains. WASC, and more recently SAFEcode, were/are the 
> vendor version of OWASP. They have negligible mind share. We must 
> learn from the past, and not repeat those mistakes.
>
> I personally believe that there is no, nada, zilch, reason to convert 
> to a (c)6 as we are not a guild or the CPA.
>
> We have had excellent growth as a 501(c)3.
> We have low membership fees, and as a consequence, we by design don't 
> offer a lot of immediate give backs or membership benefits
> We don't require membership to participate. That has served us really 
> well. Some of our best leaders and best projects have come from 
> outside OWASP
> We have excellent relations with organisations, charities, corporates 
> and governments all over the world as an impartial setter of standards 
> and an oracle of high quality knowledge
> We have excellent relations with vendors because we are not competing 
> in any way with them
>
> I like the fact that we are not allowed to agitate for political 
> parties or positions. It means that the deep divisions seen recently 
> in Twitter in infosec peeps doesn't affect us
> I like the fact that we are not allowed to donate to political 
> parties. We are a GLOBAL organisation, not a US organisation.
> I like the fact that we have to spend our funds on primarily our 
> mission, which is outreach and getting outside the echo chamber. 
> Membership fees allows us to conduct that outreach
> I like the fact that we have a vibrant chapter scene all over the 
> world. Changing to 503(c)6 doesn't change this at all. We are ALREADY 
> doing great things for our members
>
> We are not the local Rotary or Lions club. They do great work, but 
> they aren't us.
> We are not the auto club, we do not come and fix your computers.
> We are not the CPA, we don't certify anyone. I don't think (c)3 stops 
> us doing this if we start in the future
>
> Changing over will cost us thousands in legal fees, and open us up to 
> all sorts of partisan crap that we've only just managed to heal in the 
> last 5 years. I welcome all of the folks from WASC and SAFEcode as 
> they have important contributions to make, and hope they will make 
> them here at OWASP. There is more alike between us than any of our 
> differences.
>
> I am not for this change, and as my term extends over the next year, I 
> will be voting against this change if it ever comes to a vote.
>
> Let's stay impartial, let's build OWASP as a GLOBAL brand, renowned 
> for our openness, transparency and independence, and let's think about 
> where we really need to be instead of wasting member's funds on legal 
> fees.
>
> thanks,
> Andrew
>
>
> On Fri, Oct 9, 2015 at 10:27 PM, Mike Goodwin <mike.goodwin at owasp.org 
> <mailto:mike.goodwin at owasp.org>> wrote:
>
>     I've spent quite a bit of time reading up on this stuff now, and
>     my opinion is the same as Bev's - stay as 501(c)3 but consider a
>     subsidiary body of another type.
>
>     My reasons, partly taken fromthis as the source document
>     <http://www.irs.gov/pub/irs-tege/eotopick03.pdf>:
>
>       * 501(c)6 is about running on behalf of members interests (page
>         K-4 of the source document). When I look at the attendees of
>         my chapter and think about the (intended) users of my project,
>         many of them are not OWASP members. While membership would be
>         good, I want to continue to serve them regardless of their
>         membership status. 501(c)3 seems to be necessary for this
>       * 501(c)6 appears to specifically require members to have a
>         business interest in common and excludes amateurs (pages K-9
>         and K-11). This would seem to exclude current members who are
>         hobbyists.
>       * I am an admirer of Mozilla. Their structure, if I understand
>         it properly, is a 501(c)3 parent (the Mozilla Foundation)
>         <https://www.mozilla.org/en-US/foundation/about/> that has a
>         wholly owned subsidiary (the Mozilla Corporation). In their
>         case, the subsidiary is a taxable corporation that serves the
>         mission of the parent - I'm not expert enough to know whether
>         a 501(c)6 subsidiary would do the same job.
>
>     On the last point, it seems to me that Mozilla have a lot of
>     characteristics that I would like to see in OWASP:
>
>       * Their main web site is slick and great
>       * Firefox is a jewel in the open source crown
>       * The MDN website is a superb resource
>       * They indirectly support OWASP ZAP by employing Simon - I have
>         heard Simon say he would find it very difficult to maintain
>         his current level of effort on ZAP without the support of
>         Mozilla (@Simon - please correct me if I'm misrepresenting you)
>       * They achieve this with 10.5k (active) Mozillans compared to
>         42k (active?) members of OWASP. Presumably though, they have
>         many more employees (of the wholly owned corporation?) than OWASP.
>
>     Best regards,
>
>     Mike
>
>
>     On 8 October 2015 at 22:43, Bev Corwin <bev.corwin at owasp.org
>     <mailto:bev.corwin at owasp.org>> wrote:
>
>         Chiming in here.....Having read through this discussion, going
>         to bite the bait and submit my 2 cents: I think that it is a
>         mistake and a waste of time and resources to convert OWASP
>         Foundation from a 501(c)3 to a 501(c)6. I'm not even sure if
>         it would be allowable by IRS. I tend to think not, but I'm not
>         an expert by any means. However, regardless, I do think that
>         Tom brings other valuable leadership qualities to the table,
>         commitment, and enthusiasm, therefore, I believe that he would
>         make a good board member, but it is not a good plan to make a
>         conversion, IMHO. I'd prefer to see the new board authorize a
>         committee to create a separate OWASP Professional Association
>         501(c)6, an entirely new organization. Honestly, it will be
>         easier than trying to convert the existing organization, and
>         will also allow those who care more about the charitable
>         nature of OWASP Foundation 501(c)3 to continue our good work.
>         I would also support the creation of a new 501(c)6 OWASP
>         Professional Association, and oppose this idea of converting
>         any organization from one type to another, in large part,
>         because most organizations typically fail at such efforts, and
>         end up doing more damage than good, completely destroying the
>         organization. If you can show me one successful conversion of
>         a 501(c)3 to a 501(c)6 or vice verse, I will happily
>         reconsider my position. I would greatly prefer to see OWASP
>         Foundation 501(c)3 continue to operate as such, while
>         continually improving in the charitable organization space,
>         and appropriately and legally support the development of a new
>         501(c)6 OWASP Professional Association, external and
>         independent, with separate boards, staff, etc. Thank you. Best
>         wishes, Bev
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-- 
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151009/e73667d4/attachment-0001.html>


More information about the OWASP-Leaders mailing list