[Owasp-leaders] [OWASP-chapters] Updates on OWASP & The Board

Tanya Janca tanya.janca at owasp.org
Tue Aug 28 13:52:38 UTC 2018


Hello Carlos,

There are also chapters waiting to start in Canada and in Africa.  I told them to just start having meetings anyway, don’t wait.  If they are losing interest, just tell them they can start now.  It’s not like OWASP or anyone else is going to try to stop them.

Tanya

Tanya Janca
@SheHacksPurple
http://devslop.co/ <http://devslop.co/>
https://medium.com/@shehackspurple <https://medium.com/@shehackspurple>
https://www.slideshare.net/TanyaJanca <https://www.slideshare.net/TanyaJanca>
https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ <https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ>
https://www.twitch.tv/shehackspurple <https://www.twitch.tv/shehackspurple>
> On Aug 27, 2018, at 11:49 PM, Carlos Allendes <carlos.allendes at owasp.org> wrote:
> 
> Hi Josh and all..
> 
> From chilean chapter ( and chapters of latam + caribbean region),  we have consulted insistently for the status of the local budgets, because the money from some chapters have been moved without warning to the chapter leader, without asking for authorization and finally without giving further explanations.. yet  (... we are waiting)
> 
> There is a growing tension in these issues, because this lack of clarity prevents the self-management of chapters and diminishes the interest in achieving new memberships ... even worse, in recent months, the creation of new chapters is being hindered, with bureaucratic requirements that cause an administrative bottleneck . The obvious negative economic impact, is... IF NOT ( new chapter)  THEN (not new memberships and not new sponsorship).
> 
> I have suggested alternatives to streamline the creation of new chapters in a decentralized way, but keeping control in Owasp main board ... that have not been considered or valued.  IMO there is an excessive centralization that prevents to volunteers give our best effort to expand OWASP.
> We have tried to create new chapters  following the defined conduit and the result has been (02) two candidates to create two new chapters in our region (both women, both engineers and university professors) and both candidates have surrendered because of lack of communication and lack of feedback.
> Another case that I took knowledge recently... in Columbia Campus of ECPI University, they are waiting since June 9 to create a Student Chapter (!)
> 
> We the volunteers, we are OWASP..  and we want to help!
> 
> I'm sorry if someone feels offended, but if the current staff can not coordinate the required tasks ... they should hire more people ... or change the way they are doing the work. The administrative staff must understand that a better way to achieve the goals is to delegate and coordinate the tasks. not become a bottleneck that discourages the work of our people.
> 
> Sincerely.
> 
> ----------
> Carlos Allendes Droguett
> OWASP Chile, chapter leader.
> Links  e-List <http://goo.gl/LBELa>   www <http://goo.gl/9wuFX>    mail <mailto:carlos.allendes at owasp.org>   linkedIN <http://cl.linkedin.com/in/carlosallendes>
> ----------
> 
> 
> 
> 
> 2018-08-27 17:36 GMT-03:00 Tanya Janca <tanya.janca at owasp.org <mailto:tanya.janca at owasp.org>>:
> The Ottawa Chapter would like to note that we are also concerned about this: if we put on a paid event, it’s a fundraiser.  We would be doing it to raise funds, because quite frankly we tend to have “just enough* to cover costs.  If we raised money and the money was taken away after….  We would be very displeased.  To put it mildly.
> 
> Perhaps instead of the foundation taking the money from the “rich” chapters we kindly suggest that they share the money as they see fit?  For instance, the Bay are chapter has been sending hundreds (if not thousands) of dollars worth of OWASP Stickers to chapters around the globe, to promote the foundation as a whole.  I think this is great, I know a lot of people are more interested or aware of OWASP thanks to this initiative run by Travis/Bay Area Chapter.  The foundation could also ask the ‘rich’ chapters to transfer some of the money back to the foundation, or to chapters that are struggling.  Taking the money is just not…. A way to convince leaders to continue volunteering countless hours for us….
> 
> I would like to suggest that if the foundation needs money that 1) we make membership actually mean something and provide benefits, and then 2) we do an international membership drive. Every leader, every project, every chapter, full blast on social media and meetings, etc.  But first membership needs to mean something.
> 
> My piece.
> 
> Tanya  
> 
> 
> Tanya Janca
> @SheHacksPurple
> http://devslop.co/ <http://devslop.co/>
> https://medium.com/@shehackspurple <https://medium.com/@shehackspurple>
> https://www.slideshare.net/TanyaJanca <https://www.slideshare.net/TanyaJanca>
> https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ <https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ>
> https://www.twitch.tv/shehackspurple <https://www.twitch.tv/shehackspurple>
>> On Aug 27, 2018, at 12:46 PM, Josh Sokol <josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>> wrote:
>> 
>> I'm going to add a fourth item to this list:
>> 
>> 4) By removing the incentive for running a conference, you remove the incentive to start a conference.  As I mentioned, OWASP Austin started LASCON because we were sick of being told "no" by the Foundation for the funding requests we made.  But if we put the mandate back on the Foundation to fund the chapters, then chapters no longer need to work for that money.  Now there's need to throw a conference.  So the Foundation loses out on the revenue they do get and we're back to the situation where the chapters are leaching off of the Foundation resources.  We're back to where we were a decade ago.
>> 
>> I'm really concerned that I've only had one other Chapter Leader speak up here.  You guys need to make your voices heard or you will LOSE the most effective source of funding you have, which also directly serves OWASP's mission of education.  The chapters hold the vast majority of OWASP's voting members and you guys need to speak up now, before the Board votes, and it is too late.
>> 
>> Sincerely,
>> 
>> Josh Sokol
>> OWASP Board Member 2014-2017
>> 
>> On Thu, Aug 23, 2018 at 12:50 PM Josh Sokol <josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>> wrote:
>> Greg,
>> 
>> Various members of the OWASP Board have been trying to take funds away from the chapters for years now.  One of the things I am most proud of during my tenure serving on the OWASP Board is that I was able to prevent these funds from being touched by the Foundation.  The "financial health" issues that the Foundation is facing is NOT caused by the chapters.  It is caused by the Foundation passing budgets that include Chapter Funds as a source of revenue, but don't properly allocate it back to the chapters.  This means that the Foundation routinely spends more money than it takes in and "borrows" that money from the chapters.  
>> 
>> I've done a ton of research into this and am happy to share with you communications that I've had with the Board in the past.  That said, a few things worth being said out loud for everyone else:
>> 
>> 1) The idea that chapters aren't spending money is a fallacy.  There are a few chapters out there who aren't spending their money.  The last time I analyzed this it was one or two chapters who happened to have a large sum of money allocated to them.  If those chapters aren't using those funds, they should absolutely donate some back.  As an example, OWASP Austin made a $20k donation back to the Foundation a couple of years ago when we had a surplus of funds we weren't expecting to use.  This is why I instituted the budgeting program when I was on the Board.
>> 
>> 2) Changing the terms on local/regional events becomes a huge deterrent for the chapters to want to do those events.  I'll use LASCON as an example as I was the one who founded it back in 2010.  Our chapter was struggling to get resources approved from the Foundation.  Even basic things like getting pizza for our meetings.  That was back when we had like a dozen people coming to the monthly meetings.  If we struggled then, how could we ever possible scale?  The answer was to create LASCON.  With LASCON, our chapter had an event that brought in enough funds for our chapter to not only pay the bills, but also innovate.  Ever seen the OWASP Austin video channel <https://vimeo.com/channels/owaspaustin> on Vimeo?  We have videos going back to 2012 because as the chapter leader I had money to be able to buy a wireless mic, mixer, and a laptop to record.  We've evolved since then, but no other chapter has anything like that and it's all because of LASCON.  We also frequently do free and cheap trainings to educate our community.  We just did a two-day Powershell training with Ben0xa and everyone loved it.  Remember when OWASP was about education and not about making money?  That's what we do with the funds from LASCON.  In any case, if you remove the funds from hosting a conference, then you remove the incentive for chapters to do events like these.  We never started LASCON to fund the Foundation, it was just an added benefit.  I'm kinda pissed that the Foundation has decided that they should reap the benefits of our hard work.
>> 
>> 3) Back in 2012, the OWASP Austin chapter hosted the AppSecUSA conference.  We've bid for it (but lost) several time since then.  We didn't get any money from hosting it that year and we lost out on our LASCON revenue as well.  Wanna know why we did it?  To help the Foundation!  Wanna know why we felt confident that we could do it?  Because we had two prior years experience with running our own conference.  Remove the incentive to run conferences, then chapters won't run conferences, then the Foundation loses anyone actually qualified and experienced to run them.  History shows that chapters with conference experience have hosted much more successful AppSec conferences.
>> 
>> OWASP's goal is education.  It's in our mission statement.  Let's cut the BS about the Foundation not being able to pay its bills.  If it can't pay its bills, then the Foundation is overspending and overreaching.  That's a problem we should be focusing on.  Not on the amazing outreach efforts that our chapters are doing by hosting conferences.  Greg, please don't buy in to the line of crap that others are feeding you.
>> 
>> Sincerely,
>> 
>> Josh Sokol
>> OWASP Board Member 2014-2017
>> 
>> On Mon, Aug 20, 2018 at 11:40 AM Greg Anderson <greg.anderson at owasp.org <mailto:greg.anderson at owasp.org>> wrote:
>> OWASP Chapter Leaders,
>> 
>> I hope everyone is having a great week! 
>> 
>> When I was running for the OWASP Board, I did a presentation on DefectDojo and my general thoughts on how I could help improve OWASP as a board member.
>> I wanted to provide an update on the two big points of my platform: 1. Drive the org to be more agile and adapt to challenges / feedback more quickly 2. Create a network to help chapters grow and mature.
>> 
>> Overall, I believe the Board has been acting with more agility. The number one concern / question from the election was centered around compliance, bullying, and the community guidelines. To address these concerns, I have drafted and proposed an official Compliance Committee (CC) Charter which will make CC decisions binding, and also expand the number of OWASP community members on the committee. The Board voted at AppSec EU to prepare for the election of Compliance Committee Members starting this December along with new board members. The final Charter has not been voted on as I needed to make additional changes to accommodate feedback. Discussion and voting around the Charter will be held at the September Board Meeting and is open to the public. I highly encourage you to attend!
>> 
>> Regarding chapter resources, this is something I have not been able to address yet. This is because OWASP has a much larger issue that I wasn't previously aware of, OWASP's financial health. Around 2014, there was a decline in global conference attendance that has caused OWASP to start drawing from our capital reserves. At our current run rate, these reserves will be exhausted in 2 - 3.5 years (approximately). To address OWASP's financial health, the foundation has been both trimming expenses where possible and attempting to increase conference attendance. There have been some changes regarding financial health improvement that I adamantly oppose. The primary example being no longer providing chapter leaders and project leaders access to the networking event / dinner at global conferences free of charge.
>> 
>> This is something I plan to attempt to address in our September or October meeting. However, financial health is key to expanding both what OWASP can provide to the community, and what can be achieved to make open source security more accessible to the world.
>> 
>> If you have any questions or concerns, please don't hesitate to reach out.
>> 
>> Thank you for giving me the opportunity to speak at your chapter and for all you do for your local OWASP community.
>> 
>> Kind regards,
>> 
>> Greg Anderson
>> Member of the Board
>> DefectDojo Project Leader
>> greg.anderson at owasp.org <mailto:greg.anderson at owasp.org>
>> 
>> 
>> Consider giving back, and supporting the open source community by becoming a member <https://www.owasp.org/index.php/Membership> or making a donation <https://www.owasp.org/index.php/Donate> today! 
>> 
>> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in San Jose, CA!
>> 
>> 
>> _______________________________________________
>> Owasp-chapters mailing list
>> Owasp-chapters at lists.owasp.org <mailto:Owasp-chapters at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-chapters <https://lists.owasp.org/mailman/listinfo/owasp-chapters>
> 
> 
> _______________________________________________
> Owasp-chapters mailing list
> Owasp-chapters at lists.owasp.org <mailto:Owasp-chapters at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-chapters <https://lists.owasp.org/mailman/listinfo/owasp-chapters>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180828/4126c457/attachment-0001.html>


More information about the OWASP-Leaders mailing list