<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Ok Eoin and Josh, I re-read the bylaws and yes they currently do
    call for a board vote. I support following the current bylaws and we
    should vote.<br>
    <br>
    But I also think these should be loosened to account for forcing a
    board member into two midnight meetings. That's not reasonable. This
    does not impact me, I do not sleep that much. But I am concerned
    about other board members with tight schedules and family to
    consider.<br>
    <br>
    Aloha,<br>
    Jim<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 8/18/15 8:23 AM, Eoin Keary wrote:<br>
    </div>
    <blockquote
      cite="mid:714EF86B-4CC7-4C18-81B1-C0B4E5732D34@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <div>I'm unsure of the context here but retro fitting rules is
        generally bad. Changing rules going forward via vote is
        different. </div>
      <div><br>
        <br>
        Eoin Keary
        <div>OWASP Volunteer</div>
        <div>@eoinkeary</div>
        <div><span style="font-size: 13pt;"><br>
          </span></div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 18 Aug 2015, at 19:10, Jim Manico <<a
          moz-do-not-send="true" href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <meta content="text/html; charset=utf-8"
            http-equiv="Content-Type">
          Eoin,<br>
          <br>
          The board is scattered all over the world right now. Some of
          our meetings were in the middle of the night for other board
          members. So while we have board attendance rules, we have to
          vote to remove a board member due to lack of attendance.  I
          think it's reasonable, even if we disagree. We are also
          considering changing the participation rules. <br>
          <br>
          Is that acceptable to you?<br>
          <br>
          Aloha,<br>
          Jim<br>
          <br>
          <br>
          <div class="moz-cite-prefix">On 8/18/15 8:04 AM, Eoin Keary
            wrote:<br>
          </div>
          <blockquote
            cite="mid:0C3F284E-30CD-4D92-BE9A-29879EA25FF6@owasp.org"
            type="cite">
            <meta http-equiv="content-type" content="text/html;
              charset=utf-8">
            <div>Sorry I have to write this email....but...</div>
            <div><br>
            </div>
            <div>I hope you don't change the rules just because certain
              members have not complied by them....</div>
            <div><br>
            </div>
            <div>I was forwarded some emails regarding board attendance
              today which appear that the 75% rule of board meeting
              attendance is now going to be changed because some folks
              on the board have issue with it. </div>
            <div><br>
            </div>
            <div>This is like turkeys voting for Christmas.</div>
            <div><br>
            </div>
            <div>I respectfully hope the board abides by its owen
              guidelines, if not I have great issue with the foundations
              governance.</div>
            <div><br>
            </div>
            <div>Respect, for the good guys in OWASP. </div>
            <div><br>
              <br>
              Eoin Keary
              <div>OWASP Volunteer</div>
              <div>@eoinkeary</div>
              <div><span style="font-size: 13pt;"><br>
                </span></div>
              <div><br>
              </div>
            </div>
            <div><br>
              On 18 Aug 2015, at 17:08, Josh Sokol <<a
                moz-do-not-send="true" class="moz-txt-link-abbreviated"
                href="mailto:josh.sokol@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>>

              wrote:<br>
              <br>
            </div>
            <blockquote type="cite">
              <div>
                <div dir="ltr">
                  <div>
                    <div>
                      <div>
                        <div>
                          <div>Johanna,<br>
                            <br>
                            <blockquote style="margin:0px 0px 0px
                              0.8ex;border-left:1px solid
                              rgb(204,204,204);padding-left:1ex"
                              class="gmail_quote">So far I remember ,
                              the idea was proposed to the board by you
                              and the board took the decision to
                              implement Committee 2.0. I believe this
                              was done with all good intentions but is
                              not working.<br>
                            </blockquote>
                            <br>
                          </div>
                          Actually, I would argue that even though
                          there's only a single committee right now, it
                          is working exactly as intended.  The truth is
                          that OWASP's leadership sits somewhere
                          in-between an Oligarchy (as you describe it)
                          and an Anarchy.  We're currently somewhere
                          between Democracy and Ochlocracy depending on
                          the topic if you really want to get
                          technical.  In any case, what you need to
                          realize is that somebody needs to have the
                          power to make decisions or decisions will
                          never get made and we veer into Anarchy.  What
                          Committees 2.0 did is specify that decision
                          making power starts with the Board as they
                          have the fiduciary responsibility for the
                          OWASP Foundation in all legal sense.  What it
                          also did is allow any of our leaders to carve
                          out a piece of that power that they are
                          passionate about and run with it, just as you
                          did with projects.  I really thought that we
                          would see some other committees pop up similar
                          to what we had before in other core areas of
                          OWASP like Governance or Chapters, but the
                          fact that there isn't just tells me that as of
                          yet, no leader is passionate enough about it
                          to carve out that power.  Maybe it's because
                          of time commitments or because of some
                          perceived "red tape" or even (I hope) because
                          most people think the Board is doing an OK job
                          making decisions, but the fact is that the
                          ability is there and you are an example of it
                          being used.  So, as I said, the system is
                          working.  Where this is a void in the
                          community wanting to take the power to make
                          decisions, the Board fills that void.  In
                          other words, if the community really thinks
                          that they can do something better than the
                          Board, they can form a Committee (or "Action
                          Team" or "Initiative" or whatever they want to
                          call it), and do it.<br>
                          <br>
                          <blockquote style="margin:0px 0px 0px
                            0.8ex;border-left:1px solid
                            rgb(204,204,204);padding-left:1ex"
                            class="gmail_quote">Projects are global.
                            They promote owasp at a global level. What
                            is OWASP known for? for its chapters? Its
                            conferences? I strongly believe OWASP is
                            know for its projects, Code Review, Testing
                            guide, the Cheat Sheets, ASVS, ZAP... Many
                            references in major publications refer to
                            OWASP top ten and respect them because of
                            its projects.PCI  and major vendors use them
                            as reference and guidelines.<br>
                          </blockquote>
                          <br>
                        </div>
                        There is no doubt in my mind that Projects are
                        important for OWASP.  They spread our mission in
                        places where even our Chapters cannot go.  But,
                        if you want to talk about where most people
                        interface with OWASP, it's not projects, it's
                        Chapters.  You won't find a reference in a major
                        publication to the OWASP Austin Chapter, for
                        example, but we held a CryptoParty in January
                        and invited members of our community, the media,
                        etc to participate because we wanted to educate
                        others on the importance of privacy.  You're
                        passionate about OWASP Projects, I get that, and
                        I love it.  I'm passionate about OWASP
                        Chapters.  Neither should be trivialized as they
                        both play a very important role within OWASP.<br>
                        <br>
                        <blockquote style="margin:0px 0px 0px
                          0.8ex;border-left:1px solid
                          rgb(204,204,204);padding-left:1ex"
                          class="gmail_quote">I would like to see is a
                          better schema for them to get more awareness,
                          especially people doing great things and
                          because of lack of funds cannot promote their
                          projects. Chapters are rich ,projects are
                          poor. That is in my opinion a huge misbalance.<br>
                        </blockquote>
                        <br>
                      </div>
                      We have many chapters with small bank accounts,
                      some even negative, and a few with quite large
                      accounts.  Total it all up and it's a pretty
                      decent sum of money.  But, what you're arguing for
                      here is effectively Socialism.  You're saying that
                      it doesn't matter that the OWASP chapter in Denver
                      busted their ass (it is over a year's worth of
                      effort by a team of people) to put on last year's
                      AppSecUSA Conference.  It doesn't matter that it
                      can cost a chapter hundreds if not thousands of
                      dollars to rent meeting space, bring in food, fly
                      in speakers, etc.  You only see that they have
                      money, you do not, and you want it.  Not because
                      you have a plan to spend it either, because if you
                      did you could simply ask the Foundation for it,
                      but because it is perceived as being
                      disproportionate.  There is no payoff for OWASP's
                      mission if we rob from the rich, give to the poor,
                      and at the end of the day still just have money
                      sitting in a savings account.  This highlights the
                      underlying issue here.  The issue is not that
                      Chapters or Projects HAVE money.  The issue is
                      that they have money and are NOT SPENDING IT to
                      further the OWASP Mission.  Thus, the approach to
                      fix this issue (and I agree that it's an issue)
                      shouldn't be to take away their money, it should
                      be to get them to spend it.<br>
                      <br>
                      <blockquote style="margin:0px 0px 0px
                        0.8ex;border-left:1px solid
                        rgb(204,204,204);padding-left:1ex"
                        class="gmail_quote">The limit of USD2,000- for
                        supporting a project leader a year is for most
                        leaders not enough. If a leader outside US or EU
                        is invited to blackhat , that amount is not
                        enough to cover his traveling expenses.  And
                        thats the maximum he can have in a year after
                        filling on forms and going through some
                        back-and-forth emails with the staff...<br>
                      </blockquote>
                      <br>
                    </div>
                    Ahhhhh, finally we get to the root of the issue. 
                    The issue isn't that money isn't available, because,
                    frankly, we had a significant amount of money
                    budgeted last year that wasn't used.  The issue is
                    that there is a cap on what any one project leader
                    can request/spend.  My personal opinion here is that
                    this $2k cap should be treated as a guideline, not a
                    rule.  It is likely in place to prevent abuse by
                    having a significant amount of money from the pool
                    go to any one individual.  But, that cap certainly
                    should not prevent the OWASP Foundation from
                    investing in the projects, and people behind the
                    projects, to make them better.  The Board entrusts
                    Paul, as Executive Director, and the OWASP staff to
                    handle the day-to-day operations of the OWASP
                    Foundation.  Part of their job is to review these
                    types of requests in order to determine whether they
                    make sense and there are funds available.  That
                    said, if you get to a point where you feel that they
                    are being unreasonable, the Board can certainly step
                    in and try to determine if an exception should be
                    made.  So, net-net, maybe that $2k cap is too low. 
                    Should we raise it?  If so, what should it be?  What
                    amount would be reasonable for any one individual to
                    consume from that shared pool of funds?  Guidelines
                    can be changed.  Guidelines can even be overruled
                    for the right reasons.  This is a relatively minor
                    issue that it sounds like should be re-evaluated
                    given rising costs, bigger budget pools, unused
                    funds, etc.  Can you please come up with a
                    reasonable proposal here and I will take that to the
                    Board for approval to change this guideline?<br>
                    <br>
                    <blockquote style="margin:0px 0px 0px
                      0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex"
                      class="gmail_quote">Should we scrap projects and
                      focus to be a dedicated conference
                      organisation?...thats what  I see is happening
                      whether consciously or not. <br>
                    </blockquote>
                    <br>
                  </div>
                  Your perception is VERY far from the truth.  I've
                  spent the past 8.5 years working with the OWASP Austin
                  chapter and I've seen it grow from literally 3 people
                  in a monthly meeting to around 70.  You, yourself,
                  even said that OWASP is being referenced in major
                  publications and our tools are being used around the
                  globe.  That said, keep in mind that the OWASP mission
                  is one of education, and conferences address that
                  mission directly.  They are also the main fundraiser
                  that helps to make sure that our chapters and projects
                  have the money that they need in order to be
                  successful.<br>
                  <br>
                  <blockquote style="margin:0px 0px 0px
                    0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex"
                    class="gmail_quote">Should we scrap conferences and
                    focus to gather those funds to create a better
                    platforms for projects and become the next Apache
                    foundation?<br>
                  </blockquote>
                  <div><br>
                  </div>
                  <div>Where do you think those funds would come from? 
                    By far, the majority of OWASP's annual revenue comes
                    from AppSecUSA and AppSecEU.  To be frank, OWASP
                    would be VERY different if it weren't for our
                    conferences. <br>
                    <br>
                    <blockquote style="margin:0px 0px 0px
                      0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex"
                      class="gmail_quote">Should we use crowdsource for
                      gathering funds for projects through the OWASP
                      foundation?<br>
                    </blockquote>
                    <br>
                  </div>
                  <div>This is not a mutually exclusive solution.  Yes,
                    absolutely, use crowdfunding to gather funds for
                    projects.  Please prove out this model of bringing
                    another revenue source to OWASP.  I would imagine
                    that this is a way that projects would be able to
                    get funds that a chapter never could.  <br>
                    <br>
                    <blockquote style="margin:0px 0px 0px
                      0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex"
                      class="gmail_quote">Project summits = events .
                      Thats what I'm proposing. That Summits are treated
                      like events to generate money for projects so they
                      have also a fair way to generate money as chapters
                      do. They will depend less from sponsors with
                      commercial intentions.<br>
                    </blockquote>
                    <br>
                  </div>
                  <div>OK, but every project summit that we have had
                    thus far has cost OWASP money, not made it. 
                    Speaking as the former Co-Chair of LASCON and
                    AppSecUSA, I can tell you that these types of events
                    are a lot of work and that it is difficult to
                    attract attendees.  Attendees actually barely end up
                    covering their own costs (food, schwag, etc). 
                    Sponsors and trainings are usually the ones who
                    generate the profit for these events.  So, let's say
                    you do a project summit.  How would you intend to
                    attract attendees who are willing to pay for the
                    content?  If not, how would you intend to attract
                    sponsors whose sole purpose in being there is to
                    sell product to the attendees?  Especially if you
                    don't want sponsors with commercial intentions.  You
                    would be lucky if you get enough sponsors to cover
                    costs.  Or, in the situation of every past project
                    summit that we've had, the Foundation ends up
                    covering the difference.  I'm not saying that you
                    shouldn't try to prove out this model.  I'm saying
                    that it hasn't been proven to date.  Also, it's a
                    bit naive to say that chapters leveraging their
                    members and holding a conference isn't "fair".  We
                    should be encouraging as many endeavors as we can at
                    OWASP that spread our mission.  Even more so if they
                    generate additional revenue because that helps to
                    further our mission even more after the conference
                    is over.  Nothing is stopping a project from having
                    a conference.  This isn't a matter of "fair" or
                    "unfair".  It's a matter of a team of people putting
                    in the effort and making it happen.  Please don't
                    trivialize those efforts.<br>
                    <br>
                    <blockquote style="margin:0px 0px 0px
                      0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex"
                      class="gmail_quote">Also more focus on
                      crowdsourcing projects. If people finds it a great
                      idea they will sponsor it.<br>
                    </blockquote>
                    <br>
                  </div>
                  <div>As I said above, I think this is a great idea. 
                    Let's do it!<br>
                    <br>
                    <blockquote style="margin:0px 0px 0px
                      0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex"
                      class="gmail_quote">I will ask the staff to create
                      a survey and ask the community about it.  This is
                      my proposal and based on those results I hope and
                      expect the board to take actions.</blockquote>
                    <br>
                  </div>
                  <div>Ask the staff to create a survey?  Why not make
                    the survey yourself?  What exactly are we surveying
                    and why?  The only thing that I think you've
                    identified as an actual issue preventing projects
                    from operating efficiently is a cap on the amount of
                    funding availing.  That doesn't require a survey to
                    get changed, just a plan and an approval.  I can't
                    guarantee support or action as it depends on the
                    varying opinions of 7 unique individuals, but the
                    Board would certainly evaluate any proposal that is
                    put on the table.<br>
                    <br>
                  </div>
                  <div>~josh<br>
                  </div>
                </div>
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Mon, Aug 17, 2015 at 8:31
                    PM, johanna curiel curiel <span dir="ltr"><<a
                        moz-do-not-send="true"
                        class="moz-txt-link-abbreviated"
                        href="mailto:johanna.curiel@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">Josh,
                        <div><br>
                        </div>
                        <div>
                          <div>So far I remember , the idea was proposed
                            to the board by you and the board took the
                            decision to implement Committee 2.0. I
                            believe this was done with all good
                            intentions but is not working.</div>
                          <div><a moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html"
                              target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2014-May/011794.html</a><br>
                          </div>
                          <div><br>
                          </div>
                          <div>In this same email Sarah mentions:</div>
                          <div>
                            <pre style="white-space:pre-wrap;color:rgb(0,0,0)">The 2008 committees worked, for the most part, independently of each other.
This often created duplicate or even conflicting efforts leading to frustration.</pre>
                          </div>
                          <div>Results now: I'm the only committee
                            called the Project Task Force.Maybe thats
                            why none wants to create anymore committees.<br>
                          </div>
                          <div><br>
                          </div>
                          <div>Projects are global. They promote owasp
                            at a global level. What is OWASP known for?
                            for its chapters? Its conferences? I
                            strongly believe OWASP is know for its
                            projects, Code Review, Testing guide, the
                            Cheat Sheets, ASVS, ZAP... Many references
                            in major publications refer to OWASP top ten
                            and respect them because of its projects.PCI
                             and major vendors use them as reference and
                            guidelines.</div>
                          <div><br>
                          </div>
                          <div>I would like to see is a better schema
                            for them to get more awareness, especially
                            people doing great things and because of
                            lack of funds cannot promote their projects.
                            Chapters are rich ,projects are poor. That
                            is in my opinion a huge misbalance. </div>
                          <div><br>
                          </div>
                          <div>The limit of USD2,000- for supporting a
                            project leader a year is for most leaders
                            not enough. If a leader outside US or EU is
                            invited to blackhat , that amount is not
                            enough to cover his traveling expenses.  And
                            thats the maximum he can have in a year
                            after filling on forms and going through
                            some back-and-forth emails with the staff...</div>
                          <div><br>
                          </div>
                          <div>
                            <ul>
                              <li>Should we scrap projects and focus to
                                be a dedicated conference
                                organisation?...thats what  I see is
                                happening whether consciously or not. <br>
                              </li>
                              <li>Should we scrap conferences and focus
                                to gather those funds to create a better
                                platforms for projects and become the
                                next Apache foundation?<br>
                              </li>
                              <li>Should we use crowdsource for
                                gathering funds for projects through the
                                OWASP foundation?<br>
                              </li>
                            </ul>
                          </div>
                          <div><br>
                          </div>
                          <div>I would like to see a solution to this or
                            an action.</div>
                          <div><br>
                          </div>
                          <div>
                            <div>Project summits = events . Thats what
                              I'm proposing. That Summits are treated
                              like events to generate money for projects
                              so they have also a fair way to generate
                              money as chapters do. They will depend
                              less from sponsors with commercial
                              intentions.(easier to avoid  Logogate
                              issues and projects with the intention to
                              promote apssec companies). Also more focus
                              on crowdsourcing projects. If people finds
                              it a great idea they will sponsor it.</div>
                          </div>
                          <div><br>
                          </div>
                          <div>I will ask the staff to create a survey
                            and ask the community about it. This is my
                            proposal and based on those results I hope
                            and expect the board to take actions.<br>
                          </div>
                          <div><br>
                          </div>
                          <div>regards</div>
                          <span class="HOEnZb"><font color="#888888">
                              <div><br>
                              </div>
                              <div>Johanna</div>
                              <div><br>
                              </div>
                              <div><br>
                              </div>
                            </font></span></div>
                      </div>
                      <div class="HOEnZb">
                        <div class="h5">
                          <div class="gmail_extra"><br>
                            <div class="gmail_quote">On Mon, Aug 17,
                              2015 at 7:41 PM, Mario Robles <span
                                dir="ltr"><<a moz-do-not-send="true"
                                  class="moz-txt-link-abbreviated"
                                  href="mailto:mario.robles@owasp.org">mario.robles@owasp.org</a>></span>
                              wrote:<br>
                              <blockquote class="gmail_quote"
                                style="margin:0 0 0 .8ex;border-left:1px
                                #ccc solid;padding-left:1ex">
                                <div bgcolor="#FFFFFF" text="#000000">
                                  Hey Josh,<br>
                                  <br>
                                  I could be wrong but the term
                                  Committee is commonly associated with
                                  "bureaucracy" even if it's not what
                                  you meant, at least it was the first
                                  thing on top of my head, I'm sure if
                                  you change the word Committee to
                                  something like "Action Team" it would
                                  be better accepted<br>
                                  <br>
                                  Just my point view,<br>
                                  <br>
                                  Mario
                                  <div>
                                    <div><br>
                                      <div>
                                        <table style="font-size:12px">
                                          <tbody>
                                            <tr>
                                              <td><br>
                                              </td>
                                              <td> <br>
                                              </td>
                                            </tr>
                                          </tbody>
                                        </table>
                                      </div>
                                      <div>On 17/08/2015 04:21 p.m.,
                                        Josh Sokol wrote:<br>
                                      </div>
                                    </div>
                                  </div>
                                  <blockquote type="cite">
                                    <div>
                                      <div>
                                        <div dir="ltr">
                                          <div>
                                            <div>
                                              <div>
                                                <div>
                                                  <blockquote
                                                    style="margin:0px
                                                    0px 0px
                                                    0.8ex;border-left:1px
                                                    solid
                                                    rgb(204,204,204);padding-left:1ex"
                                                    class="gmail_quote">I
                                                    think we need to
                                                    create Project
                                                    Summits in the form
                                                    of events with the
                                                    whole purpose to
                                                    gather funds for
                                                    projects<br>
                                                  </blockquote>
                                                  <br>
                                                </div>
                                                Please forgive my
                                                ignorance.  How does a
                                                Project Summit generate
                                                funds for project? 
                                                Every Project Summit
                                                that we have had to date
                                                has cost the Foundation
                                                money, hasn't it?  Can
                                                you please elaborate?<br>
                                                <br>
                                                <blockquote
                                                  style="margin:0px 0px
                                                  0px
                                                  0.8ex;border-left:1px
                                                  solid
rgb(204,204,204);padding-left:1ex" class="gmail_quote">Look, Denver
                                                  chapter has around 50K
                                                  in their bucket. The
                                                  richest Project is ZAP
                                                  with 10k... but thats
                                                  is the exception. Even
                                                  worse when you look at
                                                  chapters outside US or
                                                  EU, mine has only
                                                  USD40 dollars. Most
                                                  projects have Zero
                                                  Dollars.<br>
                                                </blockquote>
                                                <br>
                                              </div>
                                              I'm not sure I understand
                                              the fixation on what other
                                              chapters have in their
                                              bucket.  They have these
                                              funds because they worked
                                              hard to obtain them.  In
                                              the case of Denver, they
                                              ran last year's AppSecUSA
                                              Conference.  Just because
                                              they have money in their
                                              account, it doesn't mean
                                              that you aren't able to do
                                              things with the $40 you
                                              have in your account.  It
                                              just means that they have
                                              to use their account funds
                                              first before being able to
                                              use money from the
                                              Foundation pool while you
                                              would need to request
                                              funds from that pool for
                                              anything over $40.  Any
                                              sort of reallocation just
                                              moves the "ring fenced
                                              funds" issue to another
                                              account.  The model of
                                              chapters and projects
                                              having accounts is not
                                              what's broken here.  It's
                                              the model of chapters and
                                              projects saving their
                                              funds instead of spending
                                              them.  This is why I voted
                                              "no" on the Summer of Code
                                              initiative.  It was giving
                                              money to those who already
                                              had it and not forcing
                                              them to spend their funds
                                              first.  In any case, I'm
                                              not sure I understand why
                                              the amount of money Denver
                                              has in their account has
                                              any impact on any other
                                              chapter or project other
                                              than themselves.  We have
                                              tens of thousands of
                                              dollars allocated by the
                                              Foundation to project and
                                              chapters on an annual
                                              basis, much of which goes
                                              completely unused.  There
                                              is money available at
                                              OWASP for those who need
                                              it and I have yet to hear
                                              of a situation where
                                              someone was told
                                              otherwise.<br>
                                              <br>
                                              <blockquote
                                                style="margin:0px 0px
                                                0px
                                                0.8ex;border-left:1px
                                                solid
                                                rgb(204,204,204);padding-left:1ex"
                                                class="gmail_quote">Yes
                                                but how do they know
                                                where to go, that's why
                                                the survey. The survey
                                                is the compass. And the
                                                leaders are elected to
                                                listed to the community.<br>
                                              </blockquote>
                                              <br>
                                            </div>
                                            I agree with this notion. 
                                            The OWASP Board should act
                                            in accordance with the
                                            desires of the community and
                                            should be doing frequent
                                            checks to confirm that
                                            initiatives are aligned.<br>
                                            <br>
                                            <blockquote
                                              style="margin:0px 0px 0px
                                              0.8ex;border-left:1px
                                              solid
rgb(204,204,204);padding-left:1ex" class="gmail_quote">So the committee
                                              concept in theory seemed
                                              like a great idea but in
                                              practice is not working
                                              because in my eyes,
                                              creating a committee is
                                              creating a mini board
                                              inside OWASP.<br>
                                            </blockquote>
                                            <br>
                                          </div>
                                          To be honest, I have been
                                          surprised by the lack of
                                          desire to participate in OWASP
                                          Committees.  The community has
                                          said that they want
                                          empowerment and the goal of
                                          the committees was to do
                                          that.  But, now that it's
                                          there, nobody wants it?  Your
                                          example with John Lita follows
                                          the Committees 2.0 process
                                          almost verbatim.  The only
                                          difference is that it provides
                                          scoping to ensure that we
                                          don't have competing, or even
                                          worse, conflicting initiatives
                                          and it specifies that the
                                          individuals involved need to
                                          work within that scope. 
                                          Without it, you have a loosely
                                          knit group of people running
                                          around with their own
                                          individual initiatives.  At
                                          that level, OWASP is just a
                                          funding source for
                                          experimentation, not a
                                          Foundation.  There is no
                                          accountability, but the
                                          liability on the Foundation is
                                          still there.  Legally, we
                                          can't just have people running
                                          around spending money without
                                          any form of guidance.  <br>
                                          <br>
                                          <blockquote style="margin:0px
                                            0px 0px
                                            0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex" class="gmail_quote">
                                            <div> Allow me  and let the
                                              staff know that they
                                              should support me and any
                                              other volunteers seeking
                                              for implementing their
                                              ideas ;-). </div>
                                            <div>Lets cut the red tape
                                              with committees and let
                                              people know that if they
                                              want to do something,</div>
                                            <ul>
                                              <li>Contact the staff. <br>
                                              </li>
                                              <li>Set a survey and
                                                gather support<br>
                                              </li>
                                              <li>Need more money? Set a
                                                crowd funding project @ <a
                                                  moz-do-not-send="true"
class="moz-txt-link-freetext" href="https://www.kickstarter.com"><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a></a>
                                                under OWASP</li>
                                              <li>Volunteers implement
                                                idea or project with the
                                                support of owasp staff
                                                and other volunteers</li>
                                            </ul>
                                          </blockquote>
                                          <p>I'm not sure how this is
                                            that much different from a
                                            Committee.  Contact the
                                            community via the mailing
                                            list and gather support,
                                            scope the activities (ie.
                                            define the project), Board
                                            ensures that there's no
                                            conflict, do your thing. 
                                            The "red tape" that you keep
                                            referring to is just a
                                            process document that walks
                                            you through how to set up a
                                            committee.  After that's
                                            done, the idea was to
                                            empower you to act within
                                            the defined scope without
                                            going to the Board.  If
                                            we're talking specifically
                                            about projects, which it
                                            sounds like this is geared
                                            towards, then it's even
                                            easier.  Register as a
                                            project (so that staff knows
                                            you exist and can support
                                            you) and do your thing.  If
                                            you need money, ask for it. 
                                            I'm not sure I see the
                                            problem here.  I'm also not
                                            sure what you're asking for
                                            as it doesn't seem that
                                            different to me than how the
                                            status quo is supposed to
                                            operate.  Is it operating
                                            differently in practice than
                                            it should in theory?  I
                                            don't have an OWASP project
                                            and so perhaps I'm blind to
                                            the realities.  If so, then
                                            the specific issues need to
                                            be addressed by bylaw
                                            change, policy change, staff
                                            engagement, etc.  So far,
                                            all you've said is "projects
                                            need money", which you have
                                            access to, and "cut the red
                                            tape", of which I don't see
                                            anything more than a step to
                                            say "Hey, I want to be a
                                            project".  Please help me to
                                            understand.<br>
                                          </p>
                                          ~josh<br>
                                        </div>
                                        <div class="gmail_extra"><br>
                                          <div class="gmail_quote">On
                                            Mon, Aug 17, 2015 at 12:04
                                            PM, johanna curiel curiel <span
                                              dir="ltr"><<a
                                                moz-do-not-send="true"
                                                class="moz-txt-link-abbreviated"
href="mailto:johanna.curiel@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                            wrote:<br>
                                            <blockquote
                                              class="gmail_quote"
                                              style="margin:0 0 0
                                              .8ex;border-left:1px #ccc
                                              solid;padding-left:1ex">
                                              <div dir="ltr"><span>
                                                  <div> >I don't
                                                    think there is
                                                    anything preventing
                                                    a project from doing
                                                    the same, but I
                                                    haven't seen it done
                                                    at this point.</div>
                                                  <div><br>
                                                  </div>
                                                </span>
                                                <div>I think we need to
                                                  create Project Summits
                                                  in the form of events
                                                  with the whole purpose
                                                  to gather funds for
                                                  projects .Open samm
                                                  has done this and I
                                                  think we can try that.
                                                  Fo that we need the
                                                  support of the staff
                                                  Business liaison,
                                                  Event manager, just as
                                                  they put their work
                                                  and efforts in Events
                                                  and appsecs. Here cut
                                                  share between OWASp
                                                  staff time and
                                                  projects can also be
                                                  done.</div>
                                                <span>
                                                  <div><br>
                                                  </div>
                                                  <div> >OWASP has a
                                                    project funding
                                                    bucket.</div>
                                                </span>
                                                <div>Look, Denver
                                                  chapter has around 50K
                                                  in their bucket. The
                                                  richest Project is ZAP
                                                  with 10k... but thats
                                                  is the exception. Even
                                                  worse when you look at
                                                  chapters outside US or
                                                  EU, mine has only
                                                  USD40 dollars. Most
                                                  projects have Zero
                                                  Dollars.</div>
                                                <div>And the limits
                                                  right now are a
                                                  support but do not
                                                  help to get important
                                                  things moving like
                                                  OWASP Academy portal,
                                                  Leaders like Azzedine
                                                  assist and show case
                                                  his chapter or project
                                                  or other more complex
                                                  initiatives. Or major
                                                  improvements or
                                                  promotions to their
                                                  projects. <br>
                                                </div>
                                                <span>
                                                  <div><br>
                                                  </div>
                                                  <div>  >Remember
                                                    that the Board is
                                                    just a handful of
                                                    leaders who were
                                                    elected to set the
                                                    compass.</div>
                                                </span>
                                                <div>  Yes but how do
                                                  they know where to go,
                                                  that's why the survey.
                                                  The survey is the
                                                  compass. And the
                                                  leaders are elected to
                                                  listed to the
                                                  community.</div>
                                                <div><br>
                                                </div>
                                                <div>And About
                                                  committees...</div>
                                                <div>The only existing
                                                  active committee right
                                                  now is the Project
                                                  Review (which I still
                                                  call myself a
                                                  taskforce). I haven't
                                                  see much initiatives
                                                  or participation from
                                                  other committees. So
                                                  the committee concept
                                                  in theory seemed like
                                                  a great idea but in
                                                  practice is not
                                                  working because in my
                                                  eyes, creating a
                                                  committee is creating
                                                  a mini board inside
                                                  OWASP. We do not want
                                                  to create oligarchies
                                                  in the end.</div>
                                                <div><br>
                                                </div>
                                                <div>  I thik we should
                                                  cut off that comitee
                                                  idea and be more
                                                  practical. More like
                                                  this</div>
                                                <div><br>
                                                </div>
                                                <div>  Example:</div>
                                                <div><br>
                                                </div>
                                                <div>
                                                  <ul>
                                                    <li>John Lita wants
                                                      to create an
                                                      academy portal but
                                                      developing it
                                                      costs money and
                                                      resources that
                                                      volunteers alone
                                                      cannot be easy
                                                      pull off(owaspa
                                                      project was the
                                                      same and died,
                                                      just like many
                                                      educational
                                                      initiatives)<br>
                                                    </li>
                                                    <li>John must create
                                                      a proposal with
                                                      defined goals and
                                                      how to reach them.
                                                      He joins other
                                                      volunteers in this
                                                      effort. No need to
                                                      be a commitee.<br>
                                                    </li>
                                                    <li> John &
                                                      Claudia create a
                                                      survey and seek
                                                      support of the
                                                      community<br>
                                                    </li>
                                                    <li>  If the idea
                                                      has major feedback
                                                      and volunteers,
                                                      then John has the
                                                      support from the
                                                      staff to execute
                                                      including looking
                                                      for sponsors using
                                                      crowdsource
                                                      funding portals<br>
                                                    </li>
                                                    <li>Staff monitors
                                                      development and
                                                      results of the
                                                      actions taken<br>
                                                    </li>
                                                    <li>Staff reports
                                                      results to the
                                                      community back</li>
                                                  </ul>
                                                </div>
                                                <div>This is in my eyes
                                                  how I have been
                                                  working in the end,
                                                  because , as
                                                  volunteers, available
                                                  time mostly depends on
                                                  one or 2 passionate
                                                  individuals like
                                                  John-Lita, which are
                                                  more dedicated and the
                                                  rest follows...<br>
                                                </div>
                                                <div><br>
                                                </div>
                                                <div>Now if we want to
                                                  change things, don't
                                                  tell me to set a
                                                  committee, because
                                                  Josh , this has not
                                                  work so far. </div>
                                                <div><br>
                                                </div>
                                                <div> Allow me  and let
                                                  the staff know that
                                                  they should support me
                                                  and any other
                                                  volunteers seeking for
                                                  implementing their
                                                  ideas ;-). </div>
                                                <div>Lets cut the red
                                                  tape with committees
                                                  and let people know
                                                  that if they want to
                                                  do something,</div>
                                                <div>
                                                  <ul>
                                                    <li>Contact the
                                                      staff. <br>
                                                    </li>
                                                    <li>Set a survey and
                                                      gather support<br>
                                                    </li>
                                                    <li>Need more money?
                                                      Set a crowd
                                                      funding project @ <a
moz-do-not-send="true" class="moz-txt-link-freetext"
                                                        href="https://www.kickstarter.com"><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a></a>
                                                      under OWASP</li>
                                                    <li>Volunteers
                                                      implement idea or
                                                      project with the
                                                      support of owasp
                                                      staff and other
                                                      volunteers</li>
                                                  </ul>
                                                  <div>How do we get
                                                    this idea to
                                                    action? </div>
                                                  <div>Shall we create a
                                                    survey? </div>
                                                  <div>Do you need to
                                                    discuss this on a
                                                    board meeting?</div>
                                                </div>
                                                <div>How do I get
                                                  empowered and let the
                                                  staff know that as a
                                                  volunteer I have your
                                                  support for this?(if I
                                                  do? </div>
                                                <div><br>
                                                </div>
                                                <div>You see...how
                                                  dependable I'm from
                                                  the board to be able
                                                  to execute?</div>
                                                <div><br>
                                                </div>
                                                <div>Off course I can
                                                  always do this on my
                                                  own but them I better
                                                  do it without OWASP...</div>
                                                <div><br>
                                                </div>
                                                <div>Regards</div>
                                                <span><font
                                                    color="#888888">
                                                    <div><br>
                                                    </div>
                                                    <div>Johanna</div>
                                                  </font></span></div>
                                              <div>
                                                <div>
                                                  <div
                                                    class="gmail_extra"><br>
                                                    <div
                                                      class="gmail_quote">On

                                                      Mon, Aug 17, 2015
                                                      at 10:55 AM, Josh
                                                      Sokol <span
                                                        dir="ltr"><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:josh.sokol@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span>
                                                      wrote:<br>
                                                      <blockquote
                                                        class="gmail_quote"
                                                        style="margin:0
                                                        0 0
                                                        .8ex;border-left:1px
                                                        #ccc
                                                        solid;padding-left:1ex">
                                                        <div dir="ltr">
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>Johanna,<br>
                                                          <br>
                                                          </div>
                                                          Thank you for
                                                          putting your
                                                          thoughts out
                                                          there for
                                                          everyone. 
                                                          Silence is not
                                                          good for
                                                          anyone and
                                                          OWASP will be
                                                          far more
                                                          successful if
                                                          we know what
                                                          our leaders
                                                          are struggling
                                                          with and make
                                                          a conscious
                                                          effort to
                                                          improve it.  I
                                                          think that
                                                          many of your
                                                          points are
                                                          very valid and
                                                          strongly
                                                          support the
                                                          idea of polls
                                                          to gauge
                                                          community
                                                          support for
                                                          actions being
                                                          taken.  I also
                                                          support the
                                                          idea that the
                                                          Board should
                                                          be making as
                                                          few of these
                                                          decisions as
                                                          possible and
                                                          putting the
                                                          power back in
                                                          the hands of
                                                          the community
                                                          with support
                                                          from the
                                                          staff.  The
                                                          Board should
                                                          be the
                                                          "compass"
                                                          making sure
                                                          that we are
                                                          moving in the
                                                          right
                                                          direction with
                                                          the community
                                                          and staff
                                                          being the ones
                                                          actually
                                                          pushing us
                                                          forward. 
                                                          That's not to
                                                          say that
                                                          members of the
                                                          Board won't
                                                          have their own
                                                          projects or
                                                          initiatives,
                                                          but they do so
                                                          as part of the
                                                          community, not
                                                          because of
                                                          their roles on
                                                          the Board. 
                                                          The Committees
                                                          2.0 framework
                                                          was a first
                                                          step in
                                                          driving this
                                                          level of
                                                          empowerment
                                                          back to the
                                                          community
                                                          while
                                                          maintaining
                                                          accountability
                                                          and providing
                                                          appropriately
                                                          scoped
                                                          actions.  My
                                                          impression was
                                                          that the
                                                          Projects
                                                          Committee was
                                                          rolling
                                                          forward quite
                                                          well under
                                                          this guidance,
                                                          but it sounds
                                                          like maybe I
                                                          was wrong. 
                                                          Are there
                                                          specific
                                                          actions that
                                                          you have tried
                                                          to take on the
                                                          committee that
                                                          got blocked by
                                                          the Board or
                                                          hung up in
                                                          "red tape"? 
                                                          Are there
                                                          needs for
                                                          funding that
                                                          haven't been
                                                          met?<br>
                                                          <br>
                                                          </div>
                                                          Regarding the
                                                          project vs
                                                          chapter
                                                          funding
                                                          schemas, I'm
                                                          not sure that
                                                          there is a
                                                          good answer. 
                                                          Projects are
                                                          typically made
                                                          up of a pocket
                                                          of
                                                          individuals. 
                                                          Typically one
                                                          leader with
                                                          sometimes one
                                                          or two others
                                                          assisting. 
                                                          Chapters are
                                                          typically
                                                          anywhere from
                                                          20 people to
                                                          hundreds.  We
                                                          provide
                                                          members with
                                                          the ability to
                                                          allocate their
                                                          funds to
                                                          either, but
                                                          most associate
                                                          themselves
                                                          with a chapter
                                                          rather than a
                                                          project
                                                          because that's
                                                          where they
                                                          participate. 
                                                          We also have
                                                          chapters
                                                          putting on
                                                          conferences
                                                          with the goal
                                                          of raising
                                                          funds.  I
                                                          don't think
                                                          there is
                                                          anything
                                                          preventing a
                                                          project from
                                                          doing the
                                                          same, but I
                                                          haven't seen
                                                          it done at
                                                          this point. 
                                                          Those are the
                                                          two main ways
                                                          that I see
                                                          chapters
                                                          raising
                                                          money.  Yes,
                                                          there is
                                                          certainly a
                                                          difference in
                                                          schemas and
                                                          projects will
                                                          have a more
                                                          difficult
                                                          time, but
                                                          that's also
                                                          why OWASP has
                                                          a project
                                                          funding
                                                          bucket.  Money
                                                          from these
                                                          local events
                                                          as well as
                                                          funds raised
                                                          by our AppSec
                                                          conferences
                                                          gets budgeted
                                                          specifically
                                                          for this
                                                          purpose.  To
                                                          my knowledge,
                                                          no reasonable
                                                          request for
                                                          funds by
                                                          projects has
                                                          been denied. 
                                                          Just because
                                                          there isn't
                                                          money sitting
                                                          "ring fenced"
                                                          in an account
                                                          for the
                                                          projects,
                                                          doesn't mean
                                                          that there
                                                          isn't money
                                                          that can be
                                                          spent.  It
                                                          just means
                                                          that it needs
                                                          to be
                                                          requested from
                                                          the pool. 
                                                          Yes, it's a
                                                          different
                                                          model of
                                                          funding, but
                                                          the end result
                                                          is the same. 
                                                          There are
                                                          funds
                                                          available at
                                                          OWASP for
                                                          everyone who
                                                          needs them.<br>
                                                          <br>
                                                          </div>
                                                          There are
                                                          obviously many
                                                          things that
                                                          need to be
                                                          improved at
                                                          OWASP and,
                                                          unfortunately,
                                                          the Board has
                                                          been tied up
                                                          in rules,
                                                          events,
                                                          bylaws, etc
                                                          for a while
                                                          now.  It's
                                                          definitely not
                                                          the "fun" part
                                                          of the job and
                                                          it is very
                                                          time
                                                          consuming. 
                                                          That said, I
                                                          would argue
                                                          that these are
                                                          the things
                                                          that need to
                                                          be changed in
                                                          order for
                                                          everyone else
                                                          (staff,
                                                          community,
                                                          etc) to be
                                                          able to be
                                                          better
                                                          served.  We've
                                                          made several
                                                          changes to the
                                                          Bylaws and are
                                                          working on
                                                          more.  We've
                                                          hired an
                                                          Executive
                                                          Director
                                                          (Paul), an
                                                          Event Manager
                                                          (Laura), a
                                                          Community
                                                          Manager
                                                          (Noreen), and
                                                          a Project
                                                          Coordinator
                                                          (Claudia) just
                                                          in the almost
                                                          two years that
                                                          I've been on
                                                          the Board. 
                                                          The needle on
                                                          the compass is
                                                          set and, while
                                                          it takes some
                                                          time to right
                                                          the ship, we
                                                          are getting
                                                          there by
                                                          giving our
                                                          community the
                                                          support it
                                                          requires to be
                                                          successful. 
                                                          So, here's my
                                                          general
                                                          thought:<br>
                                                          <br>
                                                          </div>
                                                          1) If it's
                                                          within the
                                                          scope of a
                                                          defined
                                                          Committee,
                                                          JUST DO IT!<br>
                                                          <br>
                                                          </div>
                                                          2) If there's
                                                          no Committee
                                                          defined for
                                                          it, CREATE
                                                          ONE, then JUST
                                                          DO IT!<br>
                                                          <br>
                                                          </div>
                                                          3) If a
                                                          Committee
                                                          doesn't make
                                                          sense, ASK THE
                                                          STAFF FOR IT!<br>
                                                          <br>
                                                          </div>
                                                          4) If asking
                                                          the staff
                                                          isn't working
                                                          or we need to
                                                          change a
                                                          policy to make
                                                          it happen, LET
                                                          THE BOARD
                                                          KNOW!<br>
                                                          <br>
                                                          </div>
                                                          The Board
                                                          should be the
                                                          last resort,
                                                          in my opinion,
                                                          not the
                                                          first.  We
                                                          should be the
                                                          enabler, not
                                                          the
                                                          bottleneck.  I
                                                          think that our
                                                          leaders make
                                                          too many
                                                          assumptions
                                                          (probably
                                                          based on past
                                                          Board actions)
                                                          about what
                                                          needs to go to
                                                          the Board and
                                                          we need to get
                                                          away from
                                                          that. 
                                                          Remember that
                                                          the Board is
                                                          just a handful
                                                          of leaders who
                                                          were elected
                                                          to set the
                                                          compass.  We
                                                          have a finite
                                                          number of
                                                          things that we
                                                          can handle and
                                                          our Board
                                                          meetings are
                                                          typically
                                                          overflowing
                                                          with topics. 
                                                          So, if
                                                          something is
                                                          bothering you,
                                                          I would
                                                          encourage you
                                                          to change it. 
                                                          That's why,
                                                          with the David
                                                          Rook
                                                          situation, I
                                                          encouraged
                                                          creation of a
                                                          new Committee
                                                          to determine a
                                                          reasonable
                                                          solution.  If
                                                          it requires a
                                                          policy change
                                                          by the Board,
                                                          then we can
                                                          vote on that,
                                                          but asking the
                                                          Board to take
                                                          action just
                                                          perpetuates
                                                          the oligarchy
                                                          that you
                                                          mention in
                                                          your e-mail. 
                                                          Instead of
                                                          pushing these
                                                          issues up to
                                                          the Board for
                                                          action, let's
                                                          have the
                                                          community
                                                          DECIDE what
                                                          they want and
                                                          have the Board
                                                          change the
                                                          compass needle
                                                          via bylaws,
                                                          policies, and
                                                          staff
                                                          discussions,
                                                          accordingly. 
                                                          At least,
                                                          that's my
                                                          vision for
                                                          OWASP.  Is
                                                          that something
                                                          that you can
                                                          get on board
                                                          with?<span><font
color="#888888"><br>
                                                          <br>
                                                          </font></span></div>
                                                          <span><font
                                                          color="#888888">~josh<br>
                                                          </font></span></div>
                                                        <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">
                                                          <div>
                                                          <div>On Mon,
                                                          Aug 17, 2015
                                                          at 8:11 AM,
                                                          johanna curiel
                                                          curiel <span
                                                          dir="ltr"><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:johanna.curiel@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0

                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Members

                                                          of the board,
                                                          <div><br>
                                                          </div>
                                                          <div>With the
                                                          recent issue
                                                          regarding
                                                          David Rook,
                                                          and my latest
                                                          experience
                                                          with red-tape,
                                                          I'm proposing
                                                          the following.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>My goals
                                                          is to call
                                                          your attention
                                                          to these
                                                          issues which I
                                                          have been
                                                          observing for
                                                          a years and
                                                          not as a
                                                          critique to
                                                          your work, but
                                                          I think if you
                                                          do not pay
                                                          attention to
                                                          these issues
                                                          and DO
                                                          something
                                                          about them,
                                                          OWASP will
                                                          loose valuable
                                                          community
                                                          participation.</div>
                                                          <div>
                                                          <ul>
                                                          <li>When an
                                                          initiative is
                                                          proposed or
                                                          launched by a
                                                          member of the
                                                          board, this
                                                          should be
                                                          followed up by
                                                          a survey where
                                                          the community
                                                          can
                                                          vote.Wether is
                                                          a rule or
                                                          money, these
                                                          decisions
                                                          should be
                                                          taken based on
                                                          collected data
                                                          and proper
                                                          substantiation
                                                          to avoid
                                                          oligarchy </li>
                                                          <li>When an
                                                          initiative is
                                                          launched by a
                                                          member of the
                                                          community,
                                                          especially
                                                          when this
                                                          initiative
                                                          cost more than
                                                          10k, it should
                                                          be
                                                          substantiated
                                                          with data how
                                                          this
                                                          initiative
                                                          will benefit
                                                          the community.
                                                          Also should be
                                                          followed by a
                                                          survey</li>
                                                          <li>Staff
                                                          should help
                                                          creating the
                                                          survey and
                                                          analyse the
                                                          votes</li>
                                                          <li><b>In
                                                          other words:
                                                          do more survey
                                                          to find out
                                                          what the
                                                          community
                                                          needs and
                                                          wants.</b></li>
                                                          </ul>
                                                          <div>My
                                                          observations
                                                          and where I
                                                          think you need
                                                          to give more
                                                          attention:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <ul>
                                                          <li>Board/Executive

                                                          director
                                                          should work
                                                          closer with
                                                          the staff for
                                                          guidance and
                                                          empowering
                                                          their role. I
                                                          have the
                                                          feeling that
                                                          the staff is
                                                          paralysed
                                                          waiting for
                                                          instructions
                                                          or following
                                                          strict rules.
                                                          The staff
                                                          should be
                                                          motivated to
                                                          take
                                                          initiative and
                                                          implement
                                                          projects on
                                                          their own that
                                                          can help the
                                                          community.
                                                          They should
                                                          not be too
                                                          dependent on
                                                          an Executive
                                                          director or
                                                          member of the
                                                          board for this
                                                          part</li>
                                                          </ul>
                                                          </div>
                                                          </div>
                                                          <div>As I see
                                                          it ,OWASP is
                                                          known for his
                                                          Projects &
                                                          Chapter
                                                          leaders which
                                                          as volunteers
                                                          have
                                                          contributed
                                                          the most to
                                                          set OWASP on
                                                          the spotlight.
                                                          Therefore:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <ul>
                                                          <li>You should
                                                          determine and
                                                          implement
                                                          better ways
                                                           to provide
                                                          better funding
                                                          schemas for
                                                          projects .
                                                          This is
                                                          something a
                                                          volunteer
                                                          cannot do. And
                                                          <i>nothing</i>
                                                          has been done
                                                          to help  solve
                                                          this issue</li>
                                                          <li>There is
                                                          an unfair
                                                          inequality in
                                                          the way
                                                          chapters can
                                                          generate funds
                                                          vs Projects.</li>
                                                          <li>Money is
                                                          locked down in
                                                          the chapters
                                                          budget</li>
                                                          <li>Chapters
                                                          outside US
                                                          & EU have
                                                          more struggles
                                                          to find
                                                          support. You
                                                          should
                                                          consider a way
                                                          to support
                                                          better these
                                                          ones since
                                                          their
                                                          countries are
                                                          not developed
                                                          in the area of
                                                          security as
                                                          countries in
                                                          EU and US.<br>
                                                          </li>
                                                          <li>Follow up:
                                                          when issues
                                                          like David
                                                          Rook or a
                                                          volunteer
                                                          rants(like me
                                                          or others )
                                                          out of
                                                          frustation,
                                                          take action.
                                                          Put it in the
                                                          agenda and try
                                                          to solve and
                                                          discuss the
                                                          issues to
                                                          improve the
                                                          actual
                                                          problems. So
                                                          far I have
                                                          seen very
                                                          little follow
                                                          up on major
                                                          issues and
                                                          discussions
                                                          raised in the
                                                          mailing lists</li>
                                                          <li>Way to
                                                          much attention
                                                          to rules, <i>events</i>
                                                          and bylaws
                                                          etc. Time to
                                                          take action
                                                          and take
                                                          decisions and
                                                          propose plans
                                                          for
                                                          improvements
                                                          of the actual
                                                          situation
                                                          above
                                                          mentioned</li>
                                                          </ul>
                                                          <div>Being
                                                          that said, and
                                                          with all due
                                                          respect to
                                                          you, I hope
                                                          that you can
                                                          take actions
                                                          and <i>execute</i>
                                                          improvements
                                                          that have been
                                                          an issue since
                                                          I joined OWASP
                                                          3 years ago.</div>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards</div>
                                                          <span><font
                                                          color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </font></span></div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          <span>_______________________________________________<br>
                                                          Governance
                                                          mailing list<br>
                                                          <a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:Governance@lists.owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a></a><br>
                                                          <a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="https://lists.owasp.org/mailman/listinfo/governance"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a></a><br>
                                                          <br>
                                                          </span></blockquote>
                                                          </div>
                                                          <br>
                                                        </div>
                                                      </blockquote>
                                                    </div>
                                                    <br>
                                                  </div>
                                                </div>
                                              </div>
                                            </blockquote>
                                          </div>
                                          <br>
                                        </div>
                                        <br>
                                        <fieldset></fieldset>
                                        <br>
                                      </div>
                                    </div>
                                    <pre>_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
                                  </blockquote>
                                  <br>
                                </div>
                              </blockquote>
                            </div>
                            <br>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </blockquote>
            <blockquote type="cite">
              <div><span>_______________________________________________</span><br>
                <span>Governance mailing list</span><br>
                <span><a moz-do-not-send="true"
                    href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a></span><br>
                <span><a moz-do-not-send="true"
                    href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a></span><br>
              </div>
            </blockquote>
            -- <br>
            You received this message because you are subscribed to the
            Google Groups "OWASP Projects Task Force" group.<br>
            To unsubscribe from this group and stop receiving emails
            from it, send an email to <a moz-do-not-send="true"
              href="mailto:projects-task-force+unsubscribe@owasp.org">projects-task-force+unsubscribe@owasp.org</a>.<br>
            To post to this group, send email to <a
              moz-do-not-send="true"
              href="mailto:projects-task-force@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:projects-task-force@owasp.org">projects-task-force@owasp.org</a></a>.<br>
            To view this discussion on the web visit <a
              moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/0C3F284E-30CD-4D92-BE9A-29879EA25FF6%40owasp.org"><a class="moz-txt-link-freetext" href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/0C3F284E-30CD-4D92-BE9A-29879EA25FF6%40owasp.org">https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/0C3F284E-30CD-4D92-BE9A-29879EA25FF6%40owasp.org</a></a>.<br>
          </blockquote>
          <br>
          <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
        </div>
      </blockquote>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  </body>
</html>