[Owasp-leaders] Notification of Committee Proposal

Josh Sokol josh.sokol at owasp.org
Thu Sep 6 15:38:18 UTC 2018


To be blunt, no, I do not agree with this approach.  We have a well defined
process for the purpose of committees, how to create them, and how to
govern them.  In the Introduction section of the OWASP Committees 2.0
Operational Model, we explicitly state:

There is a disconnect amongst OWASP Leadership in terms of determining who
> is empowered to make decisions for our organization. It is our belief that
> the Board has expressed the desire to empower our leaders, but has, at
> times, questioned the decisions made. The goal of the plan which follows is
> to empower all OWASP leaders who have an idea that merits action with the
> ability to act.

What I have proposed is a committee focused entirely on our chapters made
up of members of our chapters and helping to guide and make decisions for
our chapters.  The power is in the hands of the people.  What you have
proposed is a "town hall" discussion on topics affecting the organization
with a Board vote. The power is in the hands of the Board.  I'm not saying
that your town halls aren't important or that they shouldn't happen.  Quite
the opposite, in fact.  But, your e-mail further emphasizes the gap in
terms of who is empowered to make decisions for our organization.  Committees
2.0 was designed to correct that situation, but if the Board is telling me
that you are not inclined to follow the process that was outlined and
approved some time ago, then clearly the current Board has a different
vision for the organization than myself and others.

I was asked for a "civil discussion and substantive proposal" and that is
exactly what I attempted to give you.  I spent the better part of a year
working on that proposal with help from Tiffany and others.  As Tom Brennan
always said, OWASP needs to govern to policy and, in this case, we have a
very well-defined policy in place.  I have asked that the Board initiate
the public call no later than Tuesday, September 11th as that puts the
seven day closing window for the call for participation at Tuesday,
September 18th; the day before the Board meeting.  I've also added this
vote to the agenda for the September 19th Board meeting.  On behalf of all
of the chapter leaders who have expressed support for this committee both
on-list and off, I maintain my original request.  It's time for action and
I don't feel like any of these proposed town halls will change that.  We
can simply add "discussion about holistic sustainability of the foundation"
(aka. how do we take money away from the chapters) to the list of things
that can be discussed amongst the committee consisting of the people who it
will directly affect.


Josh Sokol

OWASP Board Member 2014-2017
OWASP Austin Chapter Leader
OWASP LASCON Conference Co-Founder

On Thu, Sep 6, 2018 at 9:15 AM Karen Staley <karen.staley at owasp.org> wrote:

> Dear Josh and OWASP Leaders!
> Thank you for your email regarding setting up a Chapter committee.  The
> structure of the foundation along with committees is of importance to the
> foundation and the community.  We all agree that re-establishing committees
> is needed to help the foundation meet the needs of chapters, projects,
> etc.  However the re-establishing of committees is part of a larger
> discussion that we wish to have with as many community leaders as
> possible.   Our hope is initiate a  greater effort for re-establishing an
> engaged community that has a dedication to the holistic sustainability of
> the foundation in the future.   Setting up committees, addressing the
> future goals of the foundation and reviewing the financial status and
> functionality of the foundation are all part of this greater discussion.
> Therefore we will be *initiating three virtual town hall meetings
> throughout September* in an effort to receive input from all leaders in
> the community.  We need the full support of the community to move forward
> with developing  the right committee structure,  modifying and improving
> operational issues and finding solutions for the financial challenges with
> dispelling some of the misconceptions.  These topics will be discussed in
> each town hall meeting so that the community has a more well-rounded
> understanding of the foundation and how it functions today.   High
> engagement and open discussions are needed with the community prior to
> moving forward. I hope you agree with this holistic community focused
> approach.  With more than 200 chapters and over 100 projects we need to
> ensure that all those that wish to contribute to these discussions have the
> opportunity to contribute and this will take some time.
> The last group discussion to be hosted will be at the AppSec USA leaders
> meeting.  After final input from the community we will develop a plan that
> includes the committee /governance structure and share it with the board
> for a board vote and approval.
> It is important that this process is given time (the month of September)
> to develop a holistic plan for the foundation and to provide the community
> with many opportunities to communicate and share their thoughts about the
> committees, chapters, and financial modifications that we need to
> facilitate for the growth and future success for the foundation.
> While the request for a committee vote is for September,  we would like to
> respectfully ask that you give the foundation and the community the time it
> needs to have a larger discussion about the foundation and it's future
> moving forward, providing us with enough input for the BOD when they meet
> in October.  More information on the meeting dates and time will be sent to
> you in the next days.
> Thank you for your patience and time as we approach our efforts with the
> community throughout the month of September, we hope you will join in on
> these discussions.
> For all those seeking more information on Governance of the foundation
> including committees, please refer to this link on the wiki:
> https://www.owasp.org/index.php/Governance/OWASP_Committees#III._Committee_Creation
> Sincerely,
> Karen Staley
> On Wed, Sep 5, 2018 at 9:18 AM Josh Sokol <josh.sokol at owasp.org> wrote:
>> OWASP Board and Karen,
>> Per the OWASP Committees 2.0 Operational Model, I have submitted an
>> official request for the creation of a Global Chapters Committee via the
>> OWASP Leaders List:
>> http://lists.owasp.org/pipermail/owasp-leaders/2018-September/019352.html
>> This includes both my rationale as well as the scoping and goals.  It is
>> currently up for discussion amongst the community and there is a perceived
>> majority support with no major arguments against.  Thus, *the next step
>> is for the OWASP Board of Directors to establish whether there is a
>> conflict of interest with any existing committees (do we even have any
>> currently?) and whether the formation of that committee is in line with
>> with OWASP goals*.  If no conflict is determined to exist, the Board
>> should initiate a public call for OWASP members interested in committee
>> membership, via the OWASP Community mailing list, with a seven day time
>> window.  So long as the committee receives at least five OWASP members
>> applicants, the Board will vote on the committee creation. A majority vote
>> of support from the Board is sufficient for establishment of a new
>> committee with all OWASP member applicants being granted committee
>> membership.
>> I would ask that the Board please initiate the public call no later than
>> Tuesday, September 11th.  That would put the seven day window closing on
>> Tuesday, September 18th.  I have put the Board vote for the committee
>> creation on the agenda for the September 19th Board meeting.  That said, I
>> would recommend that if there are no major objections, it be handled via an
>> online vote so that the Board meeting time can be used for other higher
>> priority items.  Thank you.
>> Sincerely,
>> Josh Sokol
> --
> *OWASP Foundation*
> Karen Staley
> Executive Director
> karen.staley at owasp.org <kelly.santalucia at owasp.org>
> Direct: +1 240.446.2951
> *Consider giving back, and supporting the open source community by
> becoming a member <https://www.owasp.org/index.php/Membership> or making
> a donation <https://www.owasp.org/index.php/Donate> today! *
> *Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
> San Jose, CA!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180906/d0dc6ca7/attachment.html>

More information about the OWASP-Leaders mailing list