<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Thanks Tobias,</div><div><br></div><div>I have no access to funding. Any projects that were funded were voted on by Tom, Jim, Rahim and myself.</div><div>Samantha controls processing of expenses, payments etc. I do/didnot want this role as a board member and also a project leader.</div><div><br></div><div>The Reboots purpose was to fund development. This has worked , the money is there. Development is being done.  Project leaders are happy. That to me is success.</div><div><br>Eoin Keary<div>Owasp Global Board</div><div>+353 87 977 2988</div><div><br></div></div><div><br>On 14 Nov 2013, at 00:12, Tobias <<a href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div>
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  
    <div class="moz-cite-prefix">Dinis, <br>
      <br>
      I can offer some info on the CISO guide: Marco did an outstanding
      job as project lead for this and we have produced version 1.0!
      Books are already in print (using some of the budget) so we can
      distribute some of them at AppSecUS when we officially announce
      the release. I guess full budget clarity for CISO guide will be
      done in 4 weeks. <br>
      <br>
      And for ZAP: I think we saw some pretty awesome progress there
      over the last 12 months and at the last AppSecEU, also with
      special thanks to the project lead Simon. <br>
      <br>
      And for budget transparency: I think it is probably indeed a good
      idea to see if we can ask our staff what we can do to get some
      more transparency on project budget spending levels. Eoin is just
      a board member and I would love to see this information be
      available and maintained going forward for the whole community as
      well. <br>
      <br>
      Just my 5cents. <br>
      <br>
      Tobias<br>
      <br>
      <br>
      <br>
      On 13/11/13 23:32, Eoin Keary wrote:<br>
    </div>
    <blockquote cite="mid:5D91408A-17D7-4746-824E-C6DB09991B3F@owasp.org" type="cite">
      <meta http-equiv="content-type" content="text/html;
        charset=ISO-8859-1">
      <div>Dinis,</div>
      <div>I don't have control over the funds. We have an OWASP
        employee who does that. There has been some difference of
        opinion with the way funds were allocated. Some projects now
        have lots of cash and others have none. I tried to fix this and
        wound up donating some OWASP funds to other projects out of he
        code review guide.</div>
      <div><br>
      </div>
      <div>Samantha can give you info on how funds are spent, how much
        and on what.</div>
      <div><br>
      </div>
      <div>Some projects are due to come in early and mid next year. But
        we can't rush perfection. </div>
      <div><br>
      </div>
      <div>Achievements: </div>
      <div>Funding zap promotion.</div>
      <div>Ciso guide promotion</div>
      <div>Code review guide graphic design -to do</div>
      <div>Dev guide purchased some project management software</div>
      <div>Samantha has the answers. As the OWASP employee she was
        tasked with management of funding and spend.</div>
      <div><br>
      </div>
      <div>Final deliverables:</div>
      <div><br>
      </div>
      <div>Code review guide 2.0</div>
      <div>Testing guide 3.0</div>
      <div>Dev guide </div>
      <div>Ciso guide</div>
      <div><br>
      </div>
      <div>Again ask the project manager please.</div>
      <div><br>
      </div>
      <div>Wiki It is out of date. Agreed. Need to fix that. But Sam
        should have all the metrics recorded.</div>
      <div><br>
      </div>
      <div> <br>
        <br>
        Eoin Keary
        <div>Owasp Global Board</div>
        <div>+353 87 977 2988</div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 13 Nov 2013, at 23:05, Dinis Cruz <<a moz-do-not-send="true" href="mailto:dinis.cruz@owasp.org">dinis.cruz@owasp.org</a>>

        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <p dir="ltr">I know that Eoin doesn't want to answer the
            questions I asked bellow, but since it looks like we're
            wrapping up the Projects Reboot , its important that they
            are answered</p>
          <p dir="ltr">The main reason is that when we do another
            project funding initiative, we can learn from this
            experiment and improve it.</p>
          <div class="gmail_quote">On 11 Nov 2013 15:16, "Dinis Cruz"
            <<a moz-do-not-send="true" href="mailto:dinis.cruz@owasp.org">dinis.cruz@owasp.org</a>>

            wrote:<br type="attribution">
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <p dir="ltr">Eoin, when you say ' very successful reboot
                project funding' , can you be more specific on the
                criteria you used to reach that conclusion?</p>
              <p dir="ltr">For example where can I see:<br>
                - all funds allocated <br>
                - all funds projected to be spent<br>
                - all funds actually spent<br>
                - timeline of the expenditure<br>
                - what was achieved with the funds spent?<br>
                - the final deliverables of the project reboot 2012
                (which started on Jun/Aug 2012)</p>
              <p dir="ltr">Also the page <a moz-do-not-send="true" href="https://www.owasp.org/index.php/Projects_Reboot_2012" target="_blank">https://www.owasp.org/index.php/Projects_Reboot_2012</a>
                seems quite out of date. So I would expect that a number
                of the answers to my questions should be placed there
                (since it is important to have accurate historical
                documentation of this type of Owasp initiatives)</p>
              <p dir="ltr">Thanks</p>
              <div class="gmail_quote">On 11 Nov 2013 14:15, "Eoin
                Keary" <<a moz-do-not-send="true" href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>>

                wrote:<br type="attribution">
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div dir="auto">
                    <div>We have the very successful reboot project
                      funding many projects. Some are to be released at
                      appsecusa such as the ciso guide.</div>
                    <div>I agree we need to spend more. If € is donated
                      for a particular project or chapter, we can't move
                      that money to another project that easily, given
                      it was a donation.</div>
                    <div>This is frustrating but needs to be observed to
                      be compliant with charity law etc.</div>
                    <div><br>
                    </div>
                    <div><br>
                      Eoin Keary
                      <div>Owasp Global Board</div>
                      <div><a moz-do-not-send="true" href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353 87
                          977 2988</a></div>
                      <div><br>
                      </div>
                    </div>
                    <div><br>
                      On 11 Nov 2013, at 13:15, Dinis Cruz <<a moz-do-not-send="true" href="mailto:dinis.cruz@owasp.org" target="_blank">dinis.cruz@owasp.org</a>>
                      wrote:<br>
                      <br>
                    </div>
                    <blockquote type="cite">
                      <div>
                        <p dir="ltr">This innovation will not come from
                          'owasp' . The way to do it is to create a
                          budget programme like the Owasp GSD project (
                          <a moz-do-not-send="true" href="https://www.owasp.org/index.php/OWASP_GSD_Project" target="_blank">https://www.owasp.org/index.php/OWASP_GSD_Project</a>)
                          and trust the owasp leaders with the
                          responsibility and budget .</p>
                        <p dir="ltr">This is the Projects/Chapters
                          Buckets idea that I have been talking for a
                          while now, and that idea will do more for
                          OWASP's ability to innovate , than any
                          discussion thread or top-down initiative</p>
                        <p dir="ltr">On the topic of Measurement , I
                          completely agree, and that is something that
                          the owasp OpsTeam (the employees) should
                          really focus on (since they are the only ones
                          that will have the independence and motivation
                          to do it)</p>
                        <div class="gmail_quote">On 11 Nov 2013 03:03,
                          "Jeff Williams" <<a moz-do-not-send="true" href="mailto:jeff.williams@owasp.org" target="_blank">jeff.williams@owasp.org</a>>

                          wrote:<br type="attribution">
                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px
                            #ccc solid;padding-left:1ex">
                            <div dir="ltr">I wasn't suggesting that the
                              organization-focused goals aren't
                              important. I'm thrilled to see OWASP
                              continue to grow. Just saying a few of the
                              strategic goal ideas for 2014 should be
                              focused on our domain...
                              <div> <br>
                              </div>
                              <div>* Foster innovation and
                                experimentation. One possibility is a
                                DARPA style high-risk, high-reward
                                proposal program... there are others.</div>
                              <div>* Encourage diversity.  I think the
                                "Women in AppSec" program is great and
                                should be expanded</div>
                              <div>* Pursue Measurement.  As Jeremiah
                                has correctly pointed out, nobody really
                                knows if any of this stuff really works.
                                Let's find out.</div>
                              <div>* Advertise.  This isn't exactly the
                                right word. I'm thinking of a "Truth"
                                style campaign to help the world
                                understand the importance of appsec</div>
                              <div>* Encourage competition. The crypto
                                community does this well through NIST
                                for algorithms. Why not other defenses?</div>
                              <div>
                                <div><br>
                                </div>
                                <div>--Jeff</div>
                              </div>
                            </div>
                            <div class="gmail_extra"><br>
                              <br>
                              <div class="gmail_quote"> On Fri, Nov 8,
                                2013 at 11:21 PM, Jim Manico <span dir="ltr"><<a moz-do-not-send="true" href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
                                wrote:<br>
                                <blockquote class="gmail_quote" style="margin:0 0 0
                                  .8ex;border-left:1px #ccc
                                  solid;padding-left:1ex">
                                  <div>> Shouldn't the strategies
                                    have something to do with the
                                    mission?<br>
                                    <br>
                                  </div>
                                  Of course. But we also need a well run
                                  organization in order to properly
                                  serve the mission. The staff has done
                                  a remarkable job in cleaning up a lot
                                  of difficult messes that OWASP had
                                  become. There is no shame meant in
                                  that statement. OWASP is just growing
                                  up - kind of like moving from a
                                  start-up to a larger organization. The
                                  organizational changes that Colin and
                                  Josh suggest are really critical in
                                  terms of efficiency. We just want to
                                  maximize the minimal resources that we
                                  have to serve the mission.<br>
                                  <br>
                                  Another thing, the suggestions below
                                  from Colin and Josh are additions, not
                                  the entire set of strategic goals of
                                  the organization.<br>
                                  <br>
                                  Here are the past OWASP strategic
                                  goals. <a moz-do-not-send="true" href="https://docs.google.com/a/owasp.org/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit" target="_blank">https://docs.google.com/a/owasp.org/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit</a><br>
                                  <br>
                                  We are going to be building the 2014
                                  strategic goals after AppSecUSA (<a moz-do-not-send="true" href="http://www.appsecusa.com" target="_blank">www.appsecusa.com</a>)
                                  on November 22rd. <a moz-do-not-send="true" href="https://www.owasp.org/index.php/November_22,_2013" target="_blank">https://www.owasp.org/index.php/November_22,_2013</a>
                                  You are welcome to dial in and lend
                                  advice and support!<br>
                                  <br>
                                  If you have any suggestions as to how
                                  we can make "aggressive game changing
                                  innovation" in an open, vendor-neutral
                                  and community based way, then bring it
                                  on!<br>
                                  <div><br>
                                    > How are we going to change the
                                    trajectory of software development?<br>
                                    <br>
                                  </div>
                                  Jeff, as one of the OWASP Top Ten
                                  leaders, you have a HUGE opportunity
                                  to effect the culture of software. I
                                  see the OWASP Top Ten in almost every
                                  dev shop I run into. So I ask you, is
                                  the OWASP Top Ten 2013 an "aggressive
                                  pursuit and encouragement of
                                  game-changing innovation, not just
                                  technological but cultural"? I think
                                  that one of your biggest opportunities
                                  to see the change you want.<br>
                                  <br>
                                  Aloha,<br>
                                  Jim<br>
                                  <div>
                                    <div><br>
                                      <br>
                                      > How are we going to change
                                      the trajectory of software
                                      development?  How to make appsec
                                      something every developer wants to
                                      know...aspirational?<br>
                                      ><br>
                                      > The strategies ought to
                                      include aggressive pursuit and
                                      encouragement of game-changing
                                      innovation, not just technological
                                      but cultural. Otherwise we will
                                      continue to slowly lose ground in
                                      the face of rapid tech expansion.<br>
                                      ><br>
                                      > --Jeff<br>
                                      ><br>
                                      ><br>
                                      >> On Nov 8, 2013, at 4:25
                                      PM, Colin Watson <<a moz-do-not-send="true" href="mailto:colin.watson@owasp.org" target="_blank">colin.watson@owasp.org</a>>

                                      wrote:<br>
                                      >><br>
                                      >> I still quite like the
                                      "platform" and "quality" aspects.<br>
                                      >><br>
                                      >> 1. The community (incl
                                      staff) efforts on updating design
                                      and the wiki<br>
                                      >> has made a huge
                                      improvement. Contrary to the 2013
                                      objective, the wiki<br>
                                      >> stuff is improving from
                                      the bottom up, but I'm sure this
                                      will surface<br>
                                      >> onto the home page soon.<br>
                                      >><br>
                                      >> 2. I'd like to see some
                                      effort in enabling "self-service"
                                      for<br>
                                      >> volunteers to take some
                                      of the load off the staff e.g.
                                      "how tos and<br>
                                      >> FAQs" for project
                                      leaders.<br>
                                      >><br>
                                      >> 3.  I also think we need
                                      to keep pushing the "open" aspect.
                                      Make it<br>
                                      >> difficult for secret
                                      groups, cliques and closed-door
                                      activities to<br>
                                      >> occur.<br>
                                      >><br>
                                      >> Colin<br>
                                      >><br>
                                      >><br>
                                      >><br>
                                      >>> On 8 November 2013
                                      21:06, Jim Manico <<a moz-do-not-send="true" href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>

                                      wrote:<br>
                                      >>> Right on, Josh! Bring
                                      it! :)<br>
                                      >>><br>
                                      >>> Aloha,<br>
                                      >>> --<br>
                                      >>> Jim Manico<br>
                                      >>> @Manicode<br>
                                      >>> <a moz-do-not-send="true" href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808) 652-3805</a><br>
                                      >>><br>
                                      >>> On Nov 8, 2013, at
                                      4:02 PM, Josh Sokol <<a moz-do-not-send="true" href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>

                                      wrote:<br>
                                      >>><br>
                                      >>> I would like to add
                                      two strategic goals to this list:<br>
                                      >>><br>
                                      >>> 1) Create policies
                                      and processes to support the
                                      chapters.  Encourage them to<br>
                                      >>> innovate.  Create a
                                      framework to allow them to be
                                      financially<br>
                                      >>> self-sufficient.<br>
                                      >>><br>
                                      >>> 2) Investigate what
                                      it means to be an "OWASP member".
                                       How do we justify<br>
                                      >>> becoming a paid
                                      member?  What are the benefits
                                      that paid members receive<br>
                                      >>> from their
                                      contributions?<br>
                                      >>><br>
                                      >>> ~josh<br>
                                      >>><br>
                                      >>><br>
                                      >>> On Fri, Nov 8, 2013
                                      at 2:50 PM, Michael Coates <<a moz-do-not-send="true" href="mailto:michael.coates@owasp.org" target="_blank">michael.coates@owasp.org</a>><br>
                                      >>> wrote:<br>
                                      >>>><br>
                                      >>>> Leaders,<br>
                                      >>>><br>
                                      >>>> For the past 2
                                      years we have set strategic goals
                                      at the board level. The<br>
                                      >>>> purpose of these
                                      initiatives are to zero in on a
                                      few key elements where we<br>
                                      >>>> wish to drive
                                      growth. These strategic goals are
                                      also used to prioritize and<br>
                                      >>>> guide the
                                      operation team's tactcial goals
                                      and focus.<br>
                                      >>>><br>
                                      >>>> As we're planning
                                      for 2014 I'd like to ask all of
                                      you for your thoughts<br>
                                      >>>> and feedback on
                                      strategic goals for the OWASP
                                      foundation. Please note that<br>
                                      >>>> these items are
                                      geared towards the owasp
                                      organization, not any specific<br>
                                      >>>> project,
                                      conference, chapter etc. OWASP is
                                      building the platform for all of<br>
                                      >>>> these wonderful
                                      things to occur. How should we
                                      specifically try and grow<br>
                                      >>>> that platform in
                                      pursuit of our mission in 2014?<br>
                                      >>>><br>
                                      >>>> The list of 2012
                                      and 2013 strategic goals can be
                                      found here:<br>
                                      >>>> <a moz-do-not-send="true" href="https://docs.google.com/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit" target="_blank">https://docs.google.com/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit</a><br>
                                      >>>><br>
                                      >>>><br>
                                      >>>> Please reply to
                                      this thread with your thoughts,
                                      comments and ideas.<br>
                                      >>>><br>
                                      >>>><br>
                                      >>>><br>
                                      >>>> Thanks!<br>
                                      >>>><br>
                                      >>>> --<br>
                                      >>>> Michael Coates |
                                      OWASP | @_mwc<br>
                                      >>>><br>
                                      >>>><br>
                                      >>>>
                                      _______________________________________________<br>
                                      >>>> OWASP-Leaders
                                      mailing list<br>
                                      >>>> <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                      >>>> <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                      >>><br>
                                      >>>
                                      _______________________________________________<br>
                                      >>> OWASP-Leaders mailing
                                      list<br>
                                      >>> <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                      >>> <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                      >>><br>
                                      >>><br>
                                      >>>
                                      _______________________________________________<br>
                                      >>> OWASP-Leaders mailing
                                      list<br>
                                      >>> <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                      >>> <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                      >>
                                      _______________________________________________<br>
                                      >> OWASP-Leaders mailing
                                      list<br>
                                      >> <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                      >> <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                      <br>
                                    </div>
                                  </div>
                                </blockquote>
                              </div>
                              <br>
                            </div>
                            <br>
_______________________________________________<br>
                            OWASP-Leaders mailing list<br>
                            <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                            <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                            <br>
                          </blockquote>
                        </div>
                      </div>
                    </blockquote>
                    <blockquote type="cite">
                      <div><span>_______________________________________________</span><br>
                        <span>OWASP-Leaders mailing list</span><br>
                        <span><a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a></span><br>
                        <span><a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                      </div>
                    </blockquote>
                  </div>
                </blockquote>
              </div>
              <br>
              _______________________________________________<br>
              OWASP-Leaders mailing list<br>
              <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
              <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
              <br>
            </blockquote>
          </div>
        </div>
      </blockquote>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  

</div></blockquote></body></html>