[Owasp-leaders] [Owasp-board] Fwd: [owasp accounting] SAMM project funds status

Josh Sokol josh.sokol at owasp.org
Sun Oct 8 15:47:59 UTC 2017


I was the one who created these motions back in 2015, but as Seba said,
this was never meant to be a unilateral decision to pilfer funds from our
chapters and projects.  Each of those motions were intended to provide
structure around the process so that our chapters and projects were
informed participants in the budgeting process.  It involved notification
and involvement from our staff for the budgeting piece as well as regular
notifications about how much they had in their budgets.  If that hasn't
been done, then I agree with Seba, the money needs to be put back.  I will
be in attendance at the November 8th OWASP Board meeting and will gladly
represent the OpenSAMM group on this matter.

~josh

On Sun, Oct 8, 2017 at 6:50 AM, Brian Glas <brian.glas at owasp.org> wrote:

> All,
> While I understand the need for a process to reclaim orphaned or abandoned
> funds, it seems like the process has issues. Below Andrew mentions that
> "The process as agreed by the Board in 2015 was that projects and chapters
> who did not submit a budget OR were inactive had a reduction to a $5k
> balance.”  There is a big “OR” in there (I didn’t add emphasis). How is
> “inactive” defined? At least in the case of SAMM, inactive seemed to be
> “didn’t submit a budget”, as SAMM is very much an active flagship project
> with two releases in two years. I’ve looked through the mailing lists for
> the project leads, OWASP Leaders, and a number of projects and can not find
> a single email request or reminder to submit a budget for the next year or
> risk losing funds.
>
> If there is a process for funding reclamation (and I think there should
> be), there needs to be a number of safeguards in place to help prevent
> events like this from happening. Requests for budget and reminders should
> be sent via a standard method (project leads, mailing list, something),
> publishing the projects and chapters that had funds reclaimed, and
> providing a process to challenge the decision if something still managed to
> fall through the cracks. Now I’m wondering how many other active projects
> and chapters are currently unaware that their budgets had funds removed due
> to this.
>
> Thanks,
> Brian
>
>
> On Oct 8, 2017, at 4:26 AM, Seba <seba at owasp.org> wrote:
>
> Hi Andrew,
>
> I am pretty sure that an email to accounting would have resulted in a
> forward to you and Matt how to handle this?
>
> You cannot expect from the project/chapter leaders to know about all the
> boards decisions.
>
> Looking at what was decided:
> Motion: P10 - Accounts with a balance of $5,000 or more as of December 1,
> with no proposed budget for spending their funds, *will be contacted by
> the OWASP staff directly to review their account balance*.
> *We were not contacted by the OWASP staff. And were not aware of having to
> submit a budget.*
> Furthermore when looking at:
> Motion: P7 - The OWASP Foundation *Staff will be responsible for
> notifying all chapters and projects of their available account balance on
> at least a monthly basis*. The notification should also include a
> reference to where they can go to find the list of pre-approved expenses.
> *We have not seen this, it was only because we requested a detailed
> balance last September that we got insight in the removed money from our
> available budget.*
>
> When I look at the board meeting minutes of Oct-2015, I do not see a
> detailed proposal or rationale on these motions.
> https://docs.google.com/document/d/1iun7xfeJI9vU0rEbIoix46ge1h_
> kQ_3WqeAG8e2ctPs/edit
> (I am not going to listen to a complete recording for this).
>
> I can only assume this was initiated for inactive chapter/projects (where
> you should just recoup all their budget).
> The SAMM project is active and we put a lot of time/resources in
> generating income for the project and the foundation.
> Part of the income was generated by giving SAMM training at appsec
> conferences, where 60% of the revenue was directly for the foundation and
> 40% was allocated to the SAMM project.
> Recouping our budget - which we need to further develop SAMMv2 and
> organize/support SAMM and community summits - makes me feel that our
> volunteer efforts are underappreciated.
>
> I can understand that you want to activate the budget at the
> chapter/projects - but you cannot do this "by policy" without an active
> communication and involvement of the staff and the volunteers.
>
> So I come back to our original question: *Please refund the 3677.22 USD
> to the OWASP SAMM project ?*
>
> I also suggest to contact all the chapters/project leaders individually
> for budgeting 2018, as I have not seen this either...
> Secondly: instead of making budget available to projects/chapters we
> should teach them how to raise income through sponsorship, training,
> events, books, ...
>
> Kind regards
>
> Seba
>
> On Sat, Oct 7, 2017 at 10:36 PM Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
>> Hi Seba and Brian
>>
>> I'm sorry, I've been onsite doing crazy flying hours. As Tom Brennan
>> notes, I am not operational. If you need to get something like this looked
>> at, you need to mail accounting at owasp.org which goes to a group alias
>> that our finance team can process. The process as agreed by the Board in
>> 2015 was that projects and chapters who did not submit a budget OR were
>> inactive had a reduction to a $5k balance. You did not submit a budget.
>> There's no question OpenSAMM was active, but the OR part is that you didn't
>> submit a budget. This will be happening again soon.
>>
>> Here's the extract of your transactions. With your $10k donation to the
>> Developer Summit, your forthcoming travel of $1739 to the OpenSAMM summit
>> in November and the $3677.22 reduction to $5k in December last year, the
>> balance is currently $0 across both the EU and US chapter balances.
>>
>> What do you need and how can we move this forward? We have Community
>> Engagement funds, and if you've not used it yet in 2017, you have $2k
>> available under that program. I'm happy to approve that right now if that's
>> what you need.
>>
>> thanks,
>> Andrew
>>
>>
>>
>> On Sat, Oct 7, 2017 at 8:40 AM, Tom Brennan <tomb at owasp.org> wrote:
>>
>>> Agreed and as you know we are ALL volunteers and the only way to address
>>> when managing to policy and resources have been exhausted.
>>>
>>> Thanks Seba.
>>>
>>> Tom Brennan
>>> 973-202-0122 <(973)%20202-0122>
>>>
>>> On Oct 7, 2017, at 10:46 AM, Seba <seba at owasp.org> wrote:
>>>
>>> hi,
>>>
>>> I have added this to the board agenda - https://www.owasp.org/index.
>>> php/October_11,_2017
>>> I will not be able to attend as this is the middle of the night in
>>> Europe.
>>> Maybe Brian can?
>>>
>>> I raised this immediately to Andrew & staff when we got the detailed
>>> overview of income/expenses for the project.
>>> not getting any response and now having to add this to the board agenda
>>> does not seem very efficient use of time of the involved volunteers.
>>>
>>> regards
>>>
>>> Seba
>>>
>>>
>>> On Sat, Oct 7, 2017 at 3:41 PM Tom Brennan <tomb at owasp.org> wrote:
>>>
>>>> Thank you for the insight Brian. Operationally,  Projects are managed
>>>> by Matt T and Claudia it appears that those options have been exhausted.
>>>>
>>>> Since on the surface the issue that needs additional clarity and was
>>>> not able to be resolved by staff to satisfaction managing to currently
>>>> written policy as a guideline then as the Secretary I would recommend to
>>>> all members as I always do, 1) in advance (preferred 10 days) add new
>>>> business item to the board wiki agenda https://www.owasp.org/
>>>> index.php/Board 2) Have a representative attend the board meeting 3)
>>>> the OpenSAMM project leader(a) to speak (when new business is called for a
>>>> block of time) to this item on the upcoming monthly global board agenda
>>>> resulting in a motion and a vote of its elected leaders to resolve it (that
>>>> is the appeal)
>>>>
>>>> Since we operate in a decentralized community meeting monthly for the
>>>> purpose of official OWASP business the member shall simply edit and add as
>>>> new business a item to be raised otherwise it will never be officially
>>>> reviewed and voted on by the elected leadership to be resolved by a
>>>> majority vote.  There is no ivory tower that is how and the purpose of a
>>>> elected board of directors when operational issues need additional focus
>>>> effecting members.
>>>>
>>>> This democratic process using Roberts rules is super important to
>>>> understand especially as we move to a election cycle that starts on October
>>>> 9th people have to VOTE with what they want OWASP to be in the future
>>>> https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election it
>>>> is also a great opportunity for incoming board candidates to be part of the
>>>> discussion.
>>>>
>>>> Tom Brennan
>>>> 973-202-0122 <(973)%20202-0122>
>>>>
>>>> On Oct 7, 2017, at 8:15 AM, Brian Glas <brian.glas at gmail.com> wrote:
>>>>
>>>> Tom,
>>>> This isn't related to the summit or a traditional reimbursement.
>>>>
>>>> The original request was related to a withdrawal of funds from our
>>>> budget that we very much disagreed with.
>>>>
>>>> "*We cannot agree to line 65* "Recouping funds from projects that are
>>>> either inactive, or did not submit a budget for 2017"
>>>>
>>>> 1) OWASP SAMM is one of the most active flagship projects for the last
>>>> couple of years, we even had a project summit during the last 3 years
>>>> (hence the income)
>>>> 2) None of the SAMM project leaders did get a request to submit a
>>>> budget for 2017. If we would have received that we should surely have
>>>> provided one.
>>>>
>>>> *Please refund the 3677.22 USD to the OWASP SAMM project ?*
>>>> We need this to cover our project team summit expenses in November."
>>>>
>>>> I'm not clear on what the dispute process is for something like this,
>>>> so if you can point us to that, it would be much appreciated.
>>>>
>>>> Thanks,
>>>> Brian
>>>>
>>>>
>>>>
>>>> On Sat, Oct 7, 2017 at 7:39 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>>
>>>>> If the project team had the funding and they submit a reimbursement
>>>>> Andrew should not be in the middle when managing to the existing
>>>>> reimbursement policy in the current project handbook. He’s not operational
>>>>> and appointed to the treasurer role to keep the global budget in check not
>>>>> individual transactions.
>>>>>
>>>>> Oct 11 this can be noted as old business re Summit to get it resolved
>>>>> if needed Seba. Please have a representative join the public meeting to
>>>>> speak to it https://www.owasp.org/index.php/Board
>>>>>
>>>>> Tom Brennan
>>>>> 973-202-0122 <(973)%20202-0122>
>>>>>
>>>>> On Oct 7, 2017, at 2:18 AM, Seba <seba at owasp.org> wrote:
>>>>>
>>>>> hi,
>>>>>
>>>>> As I am not getting a response from Andrew: I am escalating this to
>>>>> the board.
>>>>>
>>>>> *We cannot agree to line 65* "Recouping funds from projects that are
>>>>> either inactive, or did not submit a budget for 2017"
>>>>>
>>>>> 1) OWASP SAMM is one of the most active flagship projects for the last
>>>>> couple of years, we even had a project summit during the last 3 years
>>>>> (hence the income)
>>>>> 2) None of the SAMM project leaders did get a request to submit a
>>>>> budget for 2017. If we would have received that we should surely have
>>>>> provided one.
>>>>>
>>>>> *Please refund the 3677.22 USD to the OWASP SAMM project?*
>>>>>
>>>>> Thank you
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Seba
>>>>>
>>>>>
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: Seba <seba at owasp.org>
>>>>> Date: Sun, Oct 1, 2017 at 6:34 PM
>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <
>>>>> matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>> Cc: Bart De Win <bart.dewin at owasp.org>, Brian Glas <
>>>>> brian.glas at gmail.com>
>>>>>
>>>>>
>>>>> hi Andrew
>>>>>
>>>>> nudge, nudge ?? :-)
>>>>>
>>>>> Can you confirm you get this email?
>>>>>
>>>>> regards
>>>>>
>>>>> Seba
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: Seba <seba at owasp.org>
>>>>> Date: Sun, Sep 24, 2017 at 9:40 AM
>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <
>>>>> matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>> Cc: Bart De Win <bart.dewin at owasp.org>, Brian Glas <
>>>>> brian.glas at gmail.com>
>>>>>
>>>>>
>>>>> Andrew,
>>>>>
>>>>> Can you confirm the refund of 3677.22 USD to the OWASP SAMM project ?
>>>>>
>>>>> Thank you
>>>>>
>>>>> Regards
>>>>>
>>>>> Seba
>>>>>
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: Seba <seba at owasp.org>
>>>>> Date: Mon, Sep 11, 2017 at 9:25 PM
>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <
>>>>> matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>> Cc: Brian Glas <brian.glas at gmail.com>, Bart De Win <
>>>>> bart.dewin at owasp.org>
>>>>>
>>>>>
>>>>> Gents,
>>>>>
>>>>> *We cannot agree to line 65* "Recouping funds from projects that are
>>>>> either inactive, or did not submit a budget for 2017"
>>>>>
>>>>> 1) OWASP SAMM is one of the most active flagship projects for the last
>>>>> couple of years, we even had a project summit during the last 3 years
>>>>> (hence the income)
>>>>> 2) None of the SAMM project leaders did get a request to submit a
>>>>> budget for 2017. If we would have received that we should surely have
>>>>> provided one.
>>>>>
>>>>> *Please refund the 3677.22 USD to the OWASP SAMM project ?*
>>>>> We need this to cover our project team summit expenses in November.
>>>>>
>>>>> Thank you
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Seba
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: Tom Pappas <tpappas at virtualmgmt.com>
>>>>> Date: Mon, Sep 11, 2017 at 1:14 AM
>>>>> Subject: RE: [owasp accounting] SAMM project funds status
>>>>> To: Seba <seba at owasp.org>, Andrew van der Stock (vanderaj at owasp.org) <
>>>>> vanderaj at owasp.org>
>>>>> Cc: Matt Tesauro (matt.tesauro at owasp.org) <matt.tesauro at owasp.org>
>>>>>
>>>>>
>>>>> Hello Seba,  here you go there are two tabs as Open SAMM has both a US
>>>>> and EU balance.  These are from the beginning of the proj through 7.31.17
>>>>> which is the last month we have closed.  Take care
>>>>>
>>>>>
>>>>>
>>>>> Thomas S. Pappas, MSA |   Senior Vice President of Finance &
>>>>> Administration | Virtual, Inc.
>>>>>
>>>>> D: +1-781-876-8914 <(781)%20876-8914>
>>>>>
>>>>> F:  +1-781-623-8460 <(781)%20623-8460>
>>>>>
>>>>> *tpappas at virtualmgmt.com <tpappas at virtualmgmt.com>*
>>>>>
>>>>> 401 Edgewater Place, Suite 600, Wakefield, MA 01880
>>>>> <https://maps.google.com/?q=401+Edgewater+Place,+Suite+600,+Wakefield,+MA+01880&entry=gmail&source=g>
>>>>>
>>>>>
>>>>>
>>>>> <image001.png>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Seba [mailto:seba at owasp.org]
>>>>> *Sent:* Sunday, September 10, 2017 5:46 AM
>>>>> *To:* Alison Shrader <accounting at owasp.org>
>>>>> *Subject:* [owasp accounting] SAMM project funds status
>>>>>
>>>>>
>>>>>
>>>>> hi,
>>>>>
>>>>>
>>>>>
>>>>> Can you provide a detailed overview of income/expenses for the SAMM
>>>>> project for the last year?
>>>>>
>>>>>
>>>>>
>>>>> Thank you
>>>>>
>>>>>
>>>>>
>>>>> Seba
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "OWASP Accounting group" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to accounting+unsubscribe at owasp.org.
>>>>>
>>>>> <OpenSamm US and EU Balance as of 7.31.17.xlsx>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171008/c140a3b9/attachment-0001.html>


More information about the OWASP-Leaders mailing list