[Owasp-leaders] [Owasp-board] Fwd: [owasp accounting] SAMM project funds status

Josh Sokol josh.sokol at owasp.org
Tue Oct 10 12:00:07 UTC 2017


Just so all are aware, I will NOT be at the Wednesday Board meeting as it
was scheduled during a time where I am coaching my daughter's soccer game.
My offer was to represent OpenSAMM at the November 8th Board meeting, but
if you want this handled sooner, you should probably find someone else.

~josh

On Sun, Oct 8, 2017 at 10:47 AM, Josh Sokol <josh.sokol at owasp.org> wrote:

> I was the one who created these motions back in 2015, but as Seba said,
> this was never meant to be a unilateral decision to pilfer funds from our
> chapters and projects.  Each of those motions were intended to provide
> structure around the process so that our chapters and projects were
> informed participants in the budgeting process.  It involved notification
> and involvement from our staff for the budgeting piece as well as regular
> notifications about how much they had in their budgets.  If that hasn't
> been done, then I agree with Seba, the money needs to be put back.  I will
> be in attendance at the November 8th OWASP Board meeting and will gladly
> represent the OpenSAMM group on this matter.
>
> ~josh
>
> On Sun, Oct 8, 2017 at 6:50 AM, Brian Glas <brian.glas at owasp.org> wrote:
>
>> All,
>> While I understand the need for a process to reclaim orphaned or
>> abandoned funds, it seems like the process has issues. Below Andrew
>> mentions that "The process as agreed by the Board in 2015 was that projects
>> and chapters who did not submit a budget OR were inactive had a reduction
>> to a $5k balance.”  There is a big “OR” in there (I didn’t add emphasis).
>> How is “inactive” defined? At least in the case of SAMM, inactive seemed to
>> be “didn’t submit a budget”, as SAMM is very much an active flagship
>> project with two releases in two years. I’ve looked through the mailing
>> lists for the project leads, OWASP Leaders, and a number of projects and
>> can not find a single email request or reminder to submit a budget for the
>> next year or risk losing funds.
>>
>> If there is a process for funding reclamation (and I think there should
>> be), there needs to be a number of safeguards in place to help prevent
>> events like this from happening. Requests for budget and reminders should
>> be sent via a standard method (project leads, mailing list, something),
>> publishing the projects and chapters that had funds reclaimed, and
>> providing a process to challenge the decision if something still managed to
>> fall through the cracks. Now I’m wondering how many other active projects
>> and chapters are currently unaware that their budgets had funds removed due
>> to this.
>>
>> Thanks,
>> Brian
>>
>>
>> On Oct 8, 2017, at 4:26 AM, Seba <seba at owasp.org> wrote:
>>
>> Hi Andrew,
>>
>> I am pretty sure that an email to accounting would have resulted in a
>> forward to you and Matt how to handle this?
>>
>> You cannot expect from the project/chapter leaders to know about all the
>> boards decisions.
>>
>> Looking at what was decided:
>> Motion: P10 - Accounts with a balance of $5,000 or more as of December 1,
>> with no proposed budget for spending their funds, *will be contacted by
>> the OWASP staff directly to review their account balance*.
>> *We were not contacted by the OWASP staff. And were not aware of having
>> to submit a budget.*
>> Furthermore when looking at:
>> Motion: P7 - The OWASP Foundation *Staff will be responsible for
>> notifying all chapters and projects of their available account balance on
>> at least a monthly basis*. The notification should also include a
>> reference to where they can go to find the list of pre-approved expenses.
>> *We have not seen this, it was only because we requested a detailed
>> balance last September that we got insight in the removed money from our
>> available budget.*
>>
>> When I look at the board meeting minutes of Oct-2015, I do not see a
>> detailed proposal or rationale on these motions.
>> https://docs.google.com/document/d/1iun7xfeJI9vU0rEbIoix46ge
>> 1h_kQ_3WqeAG8e2ctPs/edit
>> (I am not going to listen to a complete recording for this).
>>
>> I can only assume this was initiated for inactive chapter/projects (where
>> you should just recoup all their budget).
>> The SAMM project is active and we put a lot of time/resources in
>> generating income for the project and the foundation.
>> Part of the income was generated by giving SAMM training at appsec
>> conferences, where 60% of the revenue was directly for the foundation and
>> 40% was allocated to the SAMM project.
>> Recouping our budget - which we need to further develop SAMMv2 and
>> organize/support SAMM and community summits - makes me feel that our
>> volunteer efforts are underappreciated.
>>
>> I can understand that you want to activate the budget at the
>> chapter/projects - but you cannot do this "by policy" without an active
>> communication and involvement of the staff and the volunteers.
>>
>> So I come back to our original question: *Please refund the 3677.22 USD
>> to the OWASP SAMM project ?*
>>
>> I also suggest to contact all the chapters/project leaders individually
>> for budgeting 2018, as I have not seen this either...
>> Secondly: instead of making budget available to projects/chapters we
>> should teach them how to raise income through sponsorship, training,
>> events, books, ...
>>
>> Kind regards
>>
>> Seba
>>
>> On Sat, Oct 7, 2017 at 10:36 PM Andrew van der Stock <vanderaj at owasp.org>
>> wrote:
>>
>>> Hi Seba and Brian
>>>
>>> I'm sorry, I've been onsite doing crazy flying hours. As Tom Brennan
>>> notes, I am not operational. If you need to get something like this looked
>>> at, you need to mail accounting at owasp.org which goes to a group alias
>>> that our finance team can process. The process as agreed by the Board in
>>> 2015 was that projects and chapters who did not submit a budget OR were
>>> inactive had a reduction to a $5k balance. You did not submit a budget.
>>> There's no question OpenSAMM was active, but the OR part is that you didn't
>>> submit a budget. This will be happening again soon.
>>>
>>> Here's the extract of your transactions. With your $10k donation to the
>>> Developer Summit, your forthcoming travel of $1739 to the OpenSAMM summit
>>> in November and the $3677.22 reduction to $5k in December last year, the
>>> balance is currently $0 across both the EU and US chapter balances.
>>>
>>> What do you need and how can we move this forward? We have Community
>>> Engagement funds, and if you've not used it yet in 2017, you have $2k
>>> available under that program. I'm happy to approve that right now if that's
>>> what you need.
>>>
>>> thanks,
>>> Andrew
>>>
>>>
>>>
>>> On Sat, Oct 7, 2017 at 8:40 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>
>>>> Agreed and as you know we are ALL volunteers and the only way to
>>>> address when managing to policy and resources have been exhausted.
>>>>
>>>> Thanks Seba.
>>>>
>>>> Tom Brennan
>>>> 973-202-0122 <(973)%20202-0122>
>>>>
>>>> On Oct 7, 2017, at 10:46 AM, Seba <seba at owasp.org> wrote:
>>>>
>>>> hi,
>>>>
>>>> I have added this to the board agenda - https://www.owasp.org/index.
>>>> php/October_11,_2017
>>>> I will not be able to attend as this is the middle of the night in
>>>> Europe.
>>>> Maybe Brian can?
>>>>
>>>> I raised this immediately to Andrew & staff when we got the detailed
>>>> overview of income/expenses for the project.
>>>> not getting any response and now having to add this to the board agenda
>>>> does not seem very efficient use of time of the involved volunteers.
>>>>
>>>> regards
>>>>
>>>> Seba
>>>>
>>>>
>>>> On Sat, Oct 7, 2017 at 3:41 PM Tom Brennan <tomb at owasp.org> wrote:
>>>>
>>>>> Thank you for the insight Brian. Operationally,  Projects are managed
>>>>> by Matt T and Claudia it appears that those options have been exhausted.
>>>>>
>>>>> Since on the surface the issue that needs additional clarity and was
>>>>> not able to be resolved by staff to satisfaction managing to currently
>>>>> written policy as a guideline then as the Secretary I would recommend to
>>>>> all members as I always do, 1) in advance (preferred 10 days) add new
>>>>> business item to the board wiki agenda https://www.owasp.org/i
>>>>> ndex.php/Board 2) Have a representative attend the board meeting 3)
>>>>> the OpenSAMM project leader(a) to speak (when new business is called for a
>>>>> block of time) to this item on the upcoming monthly global board agenda
>>>>> resulting in a motion and a vote of its elected leaders to resolve it (that
>>>>> is the appeal)
>>>>>
>>>>> Since we operate in a decentralized community meeting monthly for the
>>>>> purpose of official OWASP business the member shall simply edit and add as
>>>>> new business a item to be raised otherwise it will never be officially
>>>>> reviewed and voted on by the elected leadership to be resolved by a
>>>>> majority vote.  There is no ivory tower that is how and the purpose of a
>>>>> elected board of directors when operational issues need additional focus
>>>>> effecting members.
>>>>>
>>>>> This democratic process using Roberts rules is super important to
>>>>> understand especially as we move to a election cycle that starts on October
>>>>> 9th people have to VOTE with what they want OWASP to be in the future
>>>>> https://www.owasp.org/index.php/2017_Global_Board_of_Directo
>>>>> rs_Election it is also a great opportunity for incoming board
>>>>> candidates to be part of the discussion.
>>>>>
>>>>> Tom Brennan
>>>>> 973-202-0122 <(973)%20202-0122>
>>>>>
>>>>> On Oct 7, 2017, at 8:15 AM, Brian Glas <brian.glas at gmail.com> wrote:
>>>>>
>>>>> Tom,
>>>>> This isn't related to the summit or a traditional reimbursement.
>>>>>
>>>>> The original request was related to a withdrawal of funds from our
>>>>> budget that we very much disagreed with.
>>>>>
>>>>> "*We cannot agree to line 65* "Recouping funds from projects that are
>>>>> either inactive, or did not submit a budget for 2017"
>>>>>
>>>>> 1) OWASP SAMM is one of the most active flagship projects for the last
>>>>> couple of years, we even had a project summit during the last 3 years
>>>>> (hence the income)
>>>>> 2) None of the SAMM project leaders did get a request to submit a
>>>>> budget for 2017. If we would have received that we should surely have
>>>>> provided one.
>>>>>
>>>>> *Please refund the 3677.22 USD to the OWASP SAMM project ?*
>>>>> We need this to cover our project team summit expenses in November."
>>>>>
>>>>> I'm not clear on what the dispute process is for something like this,
>>>>> so if you can point us to that, it would be much appreciated.
>>>>>
>>>>> Thanks,
>>>>> Brian
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Oct 7, 2017 at 7:39 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>>>
>>>>>> If the project team had the funding and they submit a reimbursement
>>>>>> Andrew should not be in the middle when managing to the existing
>>>>>> reimbursement policy in the current project handbook. He’s not operational
>>>>>> and appointed to the treasurer role to keep the global budget in check not
>>>>>> individual transactions.
>>>>>>
>>>>>> Oct 11 this can be noted as old business re Summit to get it resolved
>>>>>> if needed Seba. Please have a representative join the public meeting to
>>>>>> speak to it https://www.owasp.org/index.php/Board
>>>>>>
>>>>>> Tom Brennan
>>>>>> 973-202-0122 <(973)%20202-0122>
>>>>>>
>>>>>> On Oct 7, 2017, at 2:18 AM, Seba <seba at owasp.org> wrote:
>>>>>>
>>>>>> hi,
>>>>>>
>>>>>> As I am not getting a response from Andrew: I am escalating this to
>>>>>> the board.
>>>>>>
>>>>>> *We cannot agree to line 65* "Recouping funds from projects that are
>>>>>> either inactive, or did not submit a budget for 2017"
>>>>>>
>>>>>> 1) OWASP SAMM is one of the most active flagship projects for the
>>>>>> last couple of years, we even had a project summit during the last 3 years
>>>>>> (hence the income)
>>>>>> 2) None of the SAMM project leaders did get a request to submit a
>>>>>> budget for 2017. If we would have received that we should surely have
>>>>>> provided one.
>>>>>>
>>>>>> *Please refund the 3677.22 USD to the OWASP SAMM project?*
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>> Kind regards
>>>>>>
>>>>>> Seba
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------- Forwarded message ---------
>>>>>> From: Seba <seba at owasp.org>
>>>>>> Date: Sun, Oct 1, 2017 at 6:34 PM
>>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <
>>>>>> matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>>> Cc: Bart De Win <bart.dewin at owasp.org>, Brian Glas <
>>>>>> brian.glas at gmail.com>
>>>>>>
>>>>>>
>>>>>> hi Andrew
>>>>>>
>>>>>> nudge, nudge ?? :-)
>>>>>>
>>>>>> Can you confirm you get this email?
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Seba
>>>>>>
>>>>>> ---------- Forwarded message ---------
>>>>>> From: Seba <seba at owasp.org>
>>>>>> Date: Sun, Sep 24, 2017 at 9:40 AM
>>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <
>>>>>> matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>>> Cc: Bart De Win <bart.dewin at owasp.org>, Brian Glas <
>>>>>> brian.glas at gmail.com>
>>>>>>
>>>>>>
>>>>>> Andrew,
>>>>>>
>>>>>> Can you confirm the refund of 3677.22 USD to the OWASP SAMM project ?
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Seba
>>>>>>
>>>>>>
>>>>>> ---------- Forwarded message ---------
>>>>>> From: Seba <seba at owasp.org>
>>>>>> Date: Mon, Sep 11, 2017 at 9:25 PM
>>>>>> Subject: Fwd: [owasp accounting] SAMM project funds status
>>>>>> To: Andrew van der Stock <vanderaj at owasp.org>, Matt Tesauro <
>>>>>> matt.tesauro at owasp.org>, Tom Pappas <tpappas at virtualmgmt.com>
>>>>>> Cc: Brian Glas <brian.glas at gmail.com>, Bart De Win <
>>>>>> bart.dewin at owasp.org>
>>>>>>
>>>>>>
>>>>>> Gents,
>>>>>>
>>>>>> *We cannot agree to line 65* "Recouping funds from projects that are
>>>>>> either inactive, or did not submit a budget for 2017"
>>>>>>
>>>>>> 1) OWASP SAMM is one of the most active flagship projects for the
>>>>>> last couple of years, we even had a project summit during the last 3 years
>>>>>> (hence the income)
>>>>>> 2) None of the SAMM project leaders did get a request to submit a
>>>>>> budget for 2017. If we would have received that we should surely have
>>>>>> provided one.
>>>>>>
>>>>>> *Please refund the 3677.22 USD to the OWASP SAMM project ?*
>>>>>> We need this to cover our project team summit expenses in November.
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>> Kind regards
>>>>>>
>>>>>> Seba
>>>>>>
>>>>>> ---------- Forwarded message ---------
>>>>>> From: Tom Pappas <tpappas at virtualmgmt.com>
>>>>>> Date: Mon, Sep 11, 2017 at 1:14 AM
>>>>>> Subject: RE: [owasp accounting] SAMM project funds status
>>>>>> To: Seba <seba at owasp.org>, Andrew van der Stock (vanderaj at owasp.org)
>>>>>> <vanderaj at owasp.org>
>>>>>> Cc: Matt Tesauro (matt.tesauro at owasp.org) <matt.tesauro at owasp.org>
>>>>>>
>>>>>>
>>>>>> Hello Seba,  here you go there are two tabs as Open SAMM has both a
>>>>>> US and EU balance.  These are from the beginning of the proj through
>>>>>> 7.31.17 which is the last month we have closed.  Take care
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thomas S. Pappas, MSA |   Senior Vice President of Finance &
>>>>>> Administration | Virtual, Inc.
>>>>>>
>>>>>> D: +1-781-876-8914 <(781)%20876-8914>
>>>>>>
>>>>>> F:  +1-781-623-8460 <(781)%20623-8460>
>>>>>>
>>>>>> *tpappas at virtualmgmt.com <tpappas at virtualmgmt.com>*
>>>>>>
>>>>>> 401 Edgewater Place, Suite 600, Wakefield, MA 01880
>>>>>> <https://maps.google.com/?q=401+Edgewater+Place,+Suite+600,+Wakefield,+MA+01880&entry=gmail&source=g>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <image001.png>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Seba [mailto:seba at owasp.org]
>>>>>> *Sent:* Sunday, September 10, 2017 5:46 AM
>>>>>> *To:* Alison Shrader <accounting at owasp.org>
>>>>>> *Subject:* [owasp accounting] SAMM project funds status
>>>>>>
>>>>>>
>>>>>>
>>>>>> hi,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Can you provide a detailed overview of income/expenses for the SAMM
>>>>>> project for the last year?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>>
>>>>>>
>>>>>> Seba
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "OWASP Accounting group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to accounting+unsubscribe at owasp.org.
>>>>>>
>>>>>> <OpenSamm US and EU Balance as of 7.31.17.xlsx>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>
>>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171010/4c62b41a/attachment-0001.html>


More information about the OWASP-Leaders mailing list