[Owasp-leaders] [Owasp-board] Regarding Budget 2017- Allow OWASP members to participate

Andrew van der Stock vanderaj at owasp.org
Thu Sep 8 17:13:54 UTC 2016

Hi all,

I appreciate the feedback. As per standard US non-profits, the Board is
ultimately responsible for approving a budget. As treasurer, I am
responsible for helping set a viable budget in concert with the staff and
our advisors. There is no hard and fast rules on how this is done, but the
lines of responsibility are clear.

What's happened in the past is that the budget has been prepared as "same
as last year, nip or tuck here or there". This doesn't necessarily align
with growth or our strategic goals. As such, I want a complete renovation
of the budget, so that it aligns strongly with our current strategic goals
and that we actually spend on things that are important, and allows OWASP
to grow to a $5m per year organisation, where we can do so much more than
we do today.

I don't believe that we can do a website re-do for $35k (a current figure),
but certainly $270k is too much. What I wanted was for Board members to
find things they wanted to do (both existing Board and board nominees), and
ensure that their programs are properly funded so that they feel empowered
to get things started on January 1, and get things done.

There will be tummy tussling, as Josh's viewpoints on chapters funding
demonstrates. My main concern with funding chapters with even more money
than they accrue today is that they have many existing opportunities to
gain funding even without a helping hand from the budget. To be honest,
even the proposed $3m budget is not realistic in this way, as Chapters have
first dibs on any cash that members or sponsors donate directly to their
local chapter, as well as pretty nice splits on local and regional events.
So in reality, if you run an active chapter recruitment program or run a
local event or two, you'll have cash on hand to do even more in your local
area. Will this mean a $0 budget for chapters? Clearly not - they are
currently accruing something in the order of $250k per year between all of
the various chapters.

Even so, I appreciate Josh's feedback, and we need to work out what is a
good budget for chapters for the valid use cases he mentions. I don't want
to see another block donation like we did at the end of 2015, as that cash
has generally just sat around and not been made useful, so I want chapter
leaders to think about how to spend their cash, too. You don't need an
overarching budget approval process for this. In fact, for those very
chapters with > $5k USD balances (see the Donation Scorecard, chapter
leaders should also receive e-mails once a month with the amount), I really
want you to come up with a plan to use that funds in a useful way, or all
but $5k will be swept back into general funds at our December meeting as
per our previously approved Board motion on this matter.

Constructing a viable budget is my responsibility that allows us to
maintain our core administrative capability (i.e. staff and programs),
whilst directing funds to *all* of our strategic goals and all the things
we do. I do look forward to each of the Board members, most of whom have a
specific strategic goal that they have signed up for, working with the
staff, OWASP project leaders and chapter leaders and our general membership
to work out what they'd like to do. The actual $ figure we decide in the
end is a budget, and I do need to make room for contingency and for
operational reserves, so these figures are nowhere near final. Once we are
close (hopefully by the December Board meeting), the Board as a whole will
vote on it and that will become our new budget for 2017.


On Fri, Sep 9, 2016 at 2:51 AM, Michael Coates <michael.coates at owasp.org>

> A few thoughts here:
> 1. If there a particular elements for 2017 planning that the community
> feels passionate about then it would be great for that voice to be heard so
> it can be considered within the planning cycle. But I don't think a vote on
> the budget by the community would necessarily accomplish that goal (or
> represent the community view as Josh noted). So as others have mentioned I
> encourage discussion on particular topics of interest.
> 2. The board list is open for visibility and transparency. But with that
> we have to exercise a bit of caution to realize that many ideas are
> discussed and debated in their infancy. By that, I mean that Andrew's email
> was only an email with suggested topics for discussion and 1 potential path
> forward (albeit an important viewpoint on financial planning from the
> treasurer).
> It's also important to know that at the board we follow Robert's Rule of
> Order <http://www.robertsrules.org/> which means that any official
> business requires a formal motion, a second of that motion, discussion and
> then a vote. By that measure, an email to the board alias is the least
> formal and at the very beginning of the process. We have many emails and
> discussions of which some make it to a motion and are often changed
> substantially before they make it to a vote.
> (I imagine that was more non-appsec process stuff than you were intending
> for this Thursday reading.)
> Thanks!
> --
> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
> OWASP Global Board
> On Thu, Sep 8, 2016 at 9:29 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>> A wise board will often have a good survey or feedback mechanism for
>> continuous improvement input from members.
>> Bev
>> On Thu, Sep 8, 2016 at 12:22 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Hi Martin
>>> No one can take that responsibility from the Board. They are the final
>>> responsibles.
>>> I only suggest to at least consider some feedback on how members feel
>>> about certain choices they might take.
>>> Choices that will affect the foundation in the future.Referendums exist
>>> for a reason.
>>> We choose leaders , but it does not mean that these should not at least
>>> listen to what members think regarding the major decisions like this.
>>> In the end, the final decisions are taken by the board.
>>> Example, you  can run a survey among project/chapter leaders regarding
>>> how they feel on certain decisions affecting them directly and use that
>>> info to make decisions based on maybe, some facts that you as a board
>>> member have overlooked.
>>> cheers
>>> On Thu, Sep 8, 2016 at 12:05 PM, Martin Knobloch <
>>> martin.knobloch at owasp.org> wrote:
>>>> Hi Josh, et all,
>>>> The board is responsible and elected to steer the OWASP organization,
>>>> therefor the board should be responsible for the financial decisions.
>>>> The board has all the insights required.
>>>> MHO,
>>>> -martin
>>>> On Thu, Sep 8, 2016 at 4:56 PM, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>>> I'm curious if there are others who feel like a community vote should
>>>>> happen for the OWASP Foundation annual budget?  I agree with Johanna that
>>>>> this is a decision that has a huge impact on the OWASP community, but the
>>>>> OWASP Foundation Bylaws do not specify any process around membership voting
>>>>> for anything other than the Board of Directors for the Foundation.  Not
>>>>> only would a vote on the budget be a first for the Foundation, with no
>>>>> proper guidelines around it, but I have some concerns about a vote not
>>>>> really equating to a consensus, based on past turnouts.  And then there's
>>>>> the issue of timeline...
>>>>> So far, I haven't really heard any feedback on Andrew's budgeting
>>>>> proposal, other than Tom and I, and I would really like to know if there
>>>>> are others who feel strongly about this topic before we consider the
>>>>> logistics involved with a community-wide vote on a topic that has
>>>>> historically been handled by the OWASP Foundation Board and staff.
>>>>> ~josh
>>>>> On Thu, Sep 8, 2016 at 6:57 AM, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>> Hi Board
>>>>>> On another email, Andrew has proposed some ideas on how the Budget
>>>>>> for 2017 should be administered:
>>>>>> http://lists.owasp.org/pipermail/owasp-board/2016-September/date.html
>>>>>> I think you should consider creating a survey where you allow OWASP
>>>>>> members to vote on such important matters.Especially, when it seems there
>>>>>> are conflicting opinions already between board members.
>>>>>> These kind of decisions have a huge impact on the entire community
>>>>>> across OWASP, and it should be consider at least, to allow members to vote
>>>>>> regarding this before any final decisions are taken by the board.
>>>>>> Cheers
>>>>>> Johanna Curiel
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160909/5c9d67ca/attachment.html>

More information about the OWASP-Leaders mailing list