<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    This is a little tangential, but....<br>
    <br>
    "<span style="color: rgb(0, 0, 0); font-family: RobotoRegular,
      arial, sans-serif; font-size: 13px; font-style: normal;
      font-variant: normal; font-weight: normal; letter-spacing: normal;
      line-height: 19px; orphans: auto; text-align: start; text-indent:
      0px; text-transform: none; white-space: normal; widows: 1;
      word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
      !important; float: none; background-color: rgb(255, 255, 255);">Maintaining
      an operating reserve -- a cash fund the organization can tap in
      emergencies -- is part of running a good nonprofit. <b>Putting
        money in the bank instead of spending it on the mission may seem
        counterproductive, but the National Council of Nonprofits says
        having reserves is essential.</b>"<br>
      <br>
      -
<a class="moz-txt-link-freetext" href="http://smallbusiness.chron.com/can-nonprofit-organization-savings-account-61626.html">http://smallbusiness.chron.com/can-nonprofit-organization-savings-account-61626.html</a><br>
      <br>
    </span><br>
    So basically chapters who choose to save money and a build a reserve
    - is seen as essential by some.<br>
    <br>
    - Jim<br>
    <br>
    <div class="moz-cite-prefix">On 8/20/15 5:05 PM, <a class="moz-txt-link-abbreviated" href="mailto:tomb@owasp.org">tomb@owasp.org</a>
      wrote:<br>
    </div>
    <blockquote
      cite="mid:9F9705B1-9FDB-4BEA-A117-ECD8F93DF600@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html;
        charset=windows-1252">
      <div><span></span></div>
      <div>
        <div>Andrew,</div>
        <div><br>
        </div>
        <div>The report from the last board meeting are very useful (see
          reports)</div>
        <div><br>
        </div>
        <div><a moz-do-not-send="true"
            href="https://www.owasp.org/index.php/August_12,_2015#Reports_2">https://www.owasp.org/index.php/August_12,_2015#Reports_2</a>
          (see July numbers)</div>
        <div><br>
        </div>
        <div>And tax filings including;</div>
        <div><br>
        </div>
        <div>997k to 1.6M is big growth (2014 is missing from the
          website)</div>
        <div><a moz-do-not-send="true"
href="https://www.owasp.org/images/a/a8/Federal_Tax_Return_990_public_inspection_cop_144599420.pdf">https://www.owasp.org/images/a/a8/Federal_Tax_Return_990_public_inspection_cop_144599420.pdf</a></div>
        <div><br>
        </div>
        <div><a moz-do-not-send="true"
            href="https://www.owasp.org/index.php/About_OWASP#Form_990_Documents">https://www.owasp.org/index.php/About_OWASP#Form_990_Documents</a></div>
        <div><br>
        </div>
        <div>And the budgets</div>
        <div><a moz-do-not-send="true"
            href="https://www.owasp.org/images/a/ac/2014_Budget_FINAL.pdf">https://www.owasp.org/images/a/ac/2014_Budget_FINAL.pdf</a></div>
        <div><br>
        </div>
        <div>The spend is light from "HQ" on programs to market,
          promote, provide resources to the community.</div>
        <div><br>
        </div>
        <div><a moz-do-not-send="true"
            href="https://www.owasp.org/index.php/Community_Engagement_-_Payments">https://www.owasp.org/index.php/Community_Engagement_-_Payments</a></div>
        <div><br>
        </div>
        <div>The 499k (earmarked to active chapters <a
            moz-do-not-send="true"
            href="https://www.owasp.org/index.php/Donation_Scoreboard"><a class="moz-txt-link-freetext" href="https://www.owasp.org/index.php/Donation_Scoreboard">https://www.owasp.org/index.php/Donation_Scoreboard</a></a>)
          is a small amount in the big picture </div>
        <div><br>
          Sent from my iPhone</div>
        <div><br>
          On Aug 20, 2015, at 8:17 PM, Andrew van der Stock <<a
            moz-do-not-send="true" href="mailto:vanderaj@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:vanderaj@owasp.org">vanderaj@owasp.org</a></a>>
          wrote:<br>
          <br>
        </div>
        <blockquote type="cite">
          <div>
            <div dir="ltr">Remember, Dinis, Josh and I had a podcast on
              this a little while ago, and Dinis noted that it was an
              experiment to try and get chapters to be more involved and
              spend more of their money.
              <div><br>
              </div>
              <div>As chapters are collecting more and more money which
                is not being spent, we as a board need to work out the
                best way forward. I agree with Josh that we need to get
                chapters to spend their money, but I also feel that as
                there's no hard and fast bylaw on splits, we need to
                work out a new model that is based upon desired
                outcomes. Money sitting in the bank doing nothing in a
                non-profit is not meeting our mission. We are not a
                banker to chapters. </div>
              <div><br>
              </div>
              <div>This time, we really need to do proper modelling to
                understand the effect of various splits before we commit
                to them. Otherwise, we'll be back here in less than 2
                years with chapters with a million in the bank, and the
                Foundation and projects still scrapping for tidbits. We
                need to have balance. I'm happy to discuss that balance.</div>
              <div><br>
              </div>
              <div>thanks</div>
              <div>Andrew</div>
              <div><br>
              </div>
            </div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote">On Tue, Aug 18, 2015 at 8:52 AM,
                <span dir="ltr"><<a moz-do-not-send="true"
                    href="mailto:tomb@proactiverisk.com" target="_blank">tomb@proactiverisk.com</a>></span>
                wrote:<br>
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div dir="auto">
                    <div>FYI there is some detail recorded in a few
                      places for clarity.</div>
                    <div><br>
                    </div>
                    <div>Archive 2013 60/40 split</div>
                    <div><a moz-do-not-send="true"
href="https://lists.owasp.org/pipermail/owasp-board/2013-February/011674.html"
                        target="_blank">https://lists.owasp.org/pipermail/owasp-board/2013-February/011674.html</a></div>
                    <div><br>
                    </div>
                    <div>And here</div>
                    <div><br>
                    </div>
                    <div>90/10 Split 2014</div>
                    <div><a moz-do-not-send="true"
                        href="https://www.owasp.org/index.php/OWASP_Board_Votes"
                        target="_blank">https://www.owasp.org/index.php/OWASP_Board_Votes</a></div>
                    <div><br>
                    </div>
                    <div>The first effort was a (1) year experiment to
                      provide a split to chapters to get them
                      energized.  It was voted on year two and passed as
                      well. (2009 time frame) might've in Kate's notes
                      or wiki mins she was the scribe and took them back
                      in those days they do exist.</div>
                    <div><br>
                    </div>
                    <div>Moving to a global model and empowering a local
                      model will solve this rich/poor chapters debate. 
                      Investment in projects will also solve the current
                      issue. For every $1.00 the foundation brings in
                      $.50 should support projects, .25 outreach
                      marketing and .25 administrative staff. Will
                      discuss my thoughts on it during my upcoming board
                      interview in more detail. Take a look at the
                      annual report this will help put things in
                      context.</div>
                    <div><br>
                      Sent from my iPhone
                      <div>
                        <div class="h5">
                          <div><br>
                            On Aug 17, 2015, at 6:12 PM, Jim Manico <<a
                              moz-do-not-send="true"
                              href="mailto:jim.manico@owasp.org"
                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
                            wrote:<br>
                            <br>
                          </div>
                          <blockquote type="cite">
                            <div> The OWASP foundation made a promise to
                              chapters - years ago - that we would
                              isolate earned funds from each chapter for
                              that chapter only. We then set up a
                              regional conference profit sharing program
                              for chapters and gave chapters a
                              percentage of membership funds for members
                              that flagged their chapter. This was all
                              set up years ago before the election of
                              any current board member.<br>
                              <br>
                              I do not think the foundation should break
                              that promise (if not verbal contract) to
                              chapters around the world and reverse
                              current chapter ringfencing.<br>
                              <br>
                              But we can certainly change that policy
                              moving forward if needed, which is
                              actively being discussed by the board,
                              staff and others.<br>
                              <br>
                              I look at this as many things in computer
                              science - as a tradeoff, not a battle
                              between good and evil. <br>
                              <br>
                              Again, my hope is that we work together as
                              adults to collaborate on a better policy
                              if one is needed. <b>There is no way we
                                are going to make everyone happy</b>. If
                              you mess with chapter ringfencing, you are
                              going to upset a lot of very hard working
                              and active chapters. If we leave the
                              ringfencing, it's going to limit major
                              investment capability of the foundation. <br>
                              <br>
                              This is not a cut and dry issue in my
                              opinion. I can see the benefits either
                              way. I am most concerned about what the
                              community thinks is best and what is best
                              for the foundation and serving our
                              mission. <br>
                              <br>
                              Also, the whole board voting process slows
                              things down. That "slowing" factor, like
                              adaptive key generation algorithms, is by
                              design. It takes a voting quorum of board
                              members to significantly change policy or
                              embark on major investments. So for those
                              of you who are frustrated by what you
                              perceive as "bureaucracy" then when what
                              is the alternative? Do you want one "king"
                              to just make all decisions? Do you want
                              any member to just dictate new policy? I
                              think for sure governance can be very
                              inefficient - but no governance is even
                              more inefficient. <br>
                              <br>
                              So please, if you want to see something
                              changed - there are positive avenues to do
                              so. <b>Propose an bylaw change to the
                                board or just ask questions on the board
                                list,</b> <b>talk with members of
                                staff,</b> <b>participate on the
                                governance email list and trigger good
                                debate</b> - while emailing the leaders
                              list is a good way to get community
                              involvement in your cause - please
                              consider following  through with action
                              that works with the foundation to actually
                              make change beyond leaders list email.<br>
                              <br>
                              <b>Communication Resources:</b><br>
                              <ol>
                                <li>Contact the Staff w/ Tracking: <a
                                    moz-do-not-send="true"
                                    href="https://www.tfaforms.com/308703"
                                    target="_blank"><a class="moz-txt-link-freetext" href="https://www.tfaforms.com/308703">https://www.tfaforms.com/308703</a></a></li>
                                <li>OWASP Board List: <a
                                    moz-do-not-send="true"
                                    href="https://lists.owasp.org/listinfo/owasp-board"
                                    target="_blank"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/listinfo/owasp-board">https://lists.owasp.org/listinfo/owasp-board</a></a></li>
                                <li>OWASP Governance List: <a
                                    moz-do-not-send="true"
                                    href="https://lists.owasp.org/mailman/listinfo/governance"
                                    target="_blank"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a></a></li>
                              </ol>
                              <br>
                              Aloha,<br>
                              <pre cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a moz-do-not-send="true" href="https://www.owasp.org" target="_blank">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
                              <br>
                              PS: When the OWASP foundation did not use
                              tracking forms, we received a large number
                              of complains that support issues fell
                              through the cracks. Now that we have a
                              contact form with a tracking ID, we get
                              complaints of bureaucracy. I think it's
                              more important to NOT let issues fall
                              through the cracks...<br>
                              <br>
                              <br>
                              <br>
                              <br>
                              <div>On 8/17/15 11:31 AM, Eoin Keary
                                wrote:<br>
                              </div>
                              <blockquote type="cite">
                                <div>Johanna,</div>
                                <div>The funds distribution in OWASP is
                                  broken. Has been broken for years.
                                  Some funds are legally allocated to
                                  chapters and projects and can not be
                                  moved. Other funds can be moved but
                                  the mix is unclear.</div>
                                <div>The Owasp foundation should have
                                  reserved the right to allocate funds
                                  where required. I believe this has
                                  been done but unsure.</div>
                                <div><br>
                                </div>
                                <div>I believe some of the funds in
                                  OWASP would be best used as banking
                                  test data as it will persist in
                                  banking systems forever :)</div>
                                <div><br>
                                </div>
                                <div>This is my humble understanding of
                                  the issue.</div>
                                <div><br>
                                  Eoin Keary
                                  <div>OWASP Volunteer</div>
                                  <div>@eoinkeary</div>
                                  <div><span style="font-size:13pt"><br>
                                    </span></div>
                                  <div><br>
                                  </div>
                                </div>
                                <div><br>
                                  On 17 Aug 2015, at 18:04, johanna
                                  curiel curiel <<a
                                    moz-do-not-send="true"
                                    href="mailto:johanna.curiel@owasp.org"
                                    target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>>

                                  wrote:<br>
                                  <br>
                                </div>
                                <blockquote type="cite">
                                  <div>
                                    <div dir="ltr">
                                      <div> >I don't think there is
                                        anything preventing a project
                                        from doing the same, but I
                                        haven't seen it done at this
                                        point.</div>
                                      <div><br>
                                      </div>
                                      <div>I think we need to create
                                        Project Summits in the form of
                                        events with the whole purpose to
                                        gather funds for projects .Open
                                        samm has done this and I think
                                        we can try that. Fo that we need
                                        the support of the staff
                                        Business liaison, Event manager,
                                        just as they put their work and
                                        efforts in Events and appsecs.
                                        Here cut share between OWASp
                                        staff time and projects can also
                                        be done.</div>
                                      <div><br>
                                      </div>
                                      <div> >OWASP has a project
                                        funding bucket.</div>
                                      <div>Look, Denver chapter has
                                        around 50K in their bucket. The
                                        richest Project is ZAP with
                                        10k... but thats is the
                                        exception. Even worse when you
                                        look at chapters outside US or
                                        EU, mine has only USD40 dollars.
                                        Most projects have Zero Dollars.</div>
                                      <div>And the limits right now are
                                        a support but do not help to get
                                        important things moving like
                                        OWASP Academy portal, Leaders
                                        like Azzedine assist and show
                                        case his chapter or project or
                                        other more complex initiatives.
                                        Or major improvements or
                                        promotions to their projects. <br>
                                      </div>
                                      <div><br>
                                      </div>
                                      <div>  >Remember that the Board
                                        is just a handful of leaders who
                                        were elected to set the compass.</div>
                                      <div>  Yes but how do they know
                                        where to go, that's why the
                                        survey. The survey is the
                                        compass. And the leaders are
                                        elected to listed to the
                                        community.</div>
                                      <div><br>
                                      </div>
                                      <div>And About committees...</div>
                                      <div>The only existing active
                                        committee right now is the
                                        Project Review (which I still
                                        call myself a taskforce). I
                                        haven't see much initiatives or
                                        participation from other
                                        committees. So the committee
                                        concept in theory seemed like a
                                        great idea but in practice is
                                        not working because in my eyes,
                                        creating a committee is creating
                                        a mini board inside OWASP. We do
                                        not want to create oligarchies
                                        in the end.</div>
                                      <div><br>
                                      </div>
                                      <div>  I thik we should cut off
                                        that comitee idea and be more
                                        practical. More like this</div>
                                      <div><br>
                                      </div>
                                      <div>  Example:</div>
                                      <div><br>
                                      </div>
                                      <div>
                                        <ul>
                                          <li>John Lita wants to create
                                            an academy portal but
                                            developing it costs money
                                            and resources that
                                            volunteers alone cannot be
                                            easy pull off(owaspa project
                                            was the same and died, just
                                            like many educational
                                            initiatives)<br>
                                          </li>
                                          <li>John must create a
                                            proposal with defined goals
                                            and how to reach them. He
                                            joins other volunteers in
                                            this effort. No need to be a
                                            commitee.<br>
                                          </li>
                                          <li> John & Claudia create
                                            a survey and seek support of
                                            the community<br>
                                          </li>
                                          <li>  If the idea has major
                                            feedback and volunteers,
                                            then John has the support
                                            from the staff to execute
                                            including looking for
                                            sponsors using crowdsource
                                            funding portals<br>
                                          </li>
                                          <li>Staff monitors development
                                            and results of the actions
                                            taken<br>
                                          </li>
                                          <li>Staff reports results to
                                            the community back</li>
                                        </ul>
                                      </div>
                                      <div>This is in my eyes how I have
                                        been working in the end, because
                                        , as volunteers, available time
                                        mostly depends on one or 2
                                        passionate individuals like
                                        John-Lita, which are more
                                        dedicated and the rest
                                        follows...<br>
                                      </div>
                                      <div><br>
                                      </div>
                                      <div>Now if we want to change
                                        things, don't tell me to set a
                                        committee, because Josh , this
                                        has not work so far. </div>
                                      <div><br>
                                      </div>
                                      <div> Allow me  and let the staff
                                        know that they should support me
                                        and any other volunteers seeking
                                        for implementing their ideas
                                        ;-). </div>
                                      <div>Lets cut the red tape with
                                        committees and let people know
                                        that if they want to do
                                        something,</div>
                                      <div>
                                        <ul>
                                          <li>Contact the staff. <br>
                                          </li>
                                          <li>Set a survey and gather
                                            support<br>
                                          </li>
                                          <li>Need more money? Set a
                                            crowd funding project @ <a
                                              moz-do-not-send="true"
                                              href="https://www.kickstarter.com"
                                              target="_blank"><a class="moz-txt-link-freetext" href="https://www.kickstarter.com">https://www.kickstarter.com</a></a>
                                            under OWASP</li>
                                          <li>Volunteers implement idea
                                            or project with the support
                                            of owasp staff and other
                                            volunteers</li>
                                        </ul>
                                        <div>How do we get this idea to
                                          action? </div>
                                        <div>Shall we create a survey? </div>
                                        <div>Do you need to discuss this
                                          on a board meeting?</div>
                                      </div>
                                      <div>How do I get empowered and
                                        let the staff know that as a
                                        volunteer I have your support
                                        for this?(if I do? </div>
                                      <div><br>
                                      </div>
                                      <div>You see...how dependable I'm
                                        from the board to be able to
                                        execute?</div>
                                      <div><br>
                                      </div>
                                      <div>Off course I can always do
                                        this on my own but them I better
                                        do it without OWASP...</div>
                                      <div><br>
                                      </div>
                                      <div>Regards</div>
                                      <div><br>
                                      </div>
                                      <div>Johanna</div>
                                    </div>
                                    <div class="gmail_extra"><br>
                                      <div class="gmail_quote">On Mon,
                                        Aug 17, 2015 at 10:55 AM, Josh
                                        Sokol <span dir="ltr"><<a
                                            moz-do-not-send="true"
                                            href="mailto:josh.sokol@owasp.org"
                                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:josh.sokol@owasp.org">josh.sokol@owasp.org</a></a>></span>
                                        wrote:<br>
                                        <blockquote class="gmail_quote"
                                          style="margin:0 0 0
                                          .8ex;border-left:1px #ccc
                                          solid;padding-left:1ex">
                                          <div dir="ltr">
                                            <div>
                                              <div>
                                                <div>
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <div>
                                                          <div>
                                                          <div>Johanna,<br>
                                                          <br>
                                                          </div>
                                                          Thank you for
                                                          putting your
                                                          thoughts out
                                                          there for
                                                          everyone. 
                                                          Silence is not
                                                          good for
                                                          anyone and
                                                          OWASP will be
                                                          far more
                                                          successful if
                                                          we know what
                                                          our leaders
                                                          are struggling
                                                          with and make
                                                          a conscious
                                                          effort to
                                                          improve it.  I
                                                          think that
                                                          many of your
                                                          points are
                                                          very valid and
                                                          strongly
                                                          support the
                                                          idea of polls
                                                          to gauge
                                                          community
                                                          support for
                                                          actions being
                                                          taken.  I also
                                                          support the
                                                          idea that the
                                                          Board should
                                                          be making as
                                                          few of these
                                                          decisions as
                                                          possible and
                                                          putting the
                                                          power back in
                                                          the hands of
                                                          the community
                                                          with support
                                                          from the
                                                          staff.  The
                                                          Board should
                                                          be the
                                                          "compass"
                                                          making sure
                                                          that we are
                                                          moving in the
                                                          right
                                                          direction with
                                                          the community
                                                          and staff
                                                          being the ones
                                                          actually
                                                          pushing us
                                                          forward. 
                                                          That's not to
                                                          say that
                                                          members of the
                                                          Board won't
                                                          have their own
                                                          projects or
                                                          initiatives,
                                                          but they do so
                                                          as part of the
                                                          community, not
                                                          because of
                                                          their roles on
                                                          the Board. 
                                                          The Committees
                                                          2.0 framework
                                                          was a first
                                                          step in
                                                          driving this
                                                          level of
                                                          empowerment
                                                          back to the
                                                          community
                                                          while
                                                          maintaining
                                                          accountability
                                                          and providing
                                                          appropriately
                                                          scoped
                                                          actions.  My
                                                          impression was
                                                          that the
                                                          Projects
                                                          Committee was
                                                          rolling
                                                          forward quite
                                                          well under
                                                          this guidance,
                                                          but it sounds
                                                          like maybe I
                                                          was wrong. 
                                                          Are there
                                                          specific
                                                          actions that
                                                          you have tried
                                                          to take on the
                                                          committee that
                                                          got blocked by
                                                          the Board or
                                                          hung up in
                                                          "red tape"? 
                                                          Are there
                                                          needs for
                                                          funding that
                                                          haven't been
                                                          met?<br>
                                                          <br>
                                                          </div>
                                                          Regarding the
                                                          project vs
                                                          chapter
                                                          funding
                                                          schemas, I'm
                                                          not sure that
                                                          there is a
                                                          good answer. 
                                                          Projects are
                                                          typically made
                                                          up of a pocket
                                                          of
                                                          individuals. 
                                                          Typically one
                                                          leader with
                                                          sometimes one
                                                          or two others
                                                          assisting. 
                                                          Chapters are
                                                          typically
                                                          anywhere from
                                                          20 people to
                                                          hundreds.  We
                                                          provide
                                                          members with
                                                          the ability to
                                                          allocate their
                                                          funds to
                                                          either, but
                                                          most associate
                                                          themselves
                                                          with a chapter
                                                          rather than a
                                                          project
                                                          because that's
                                                          where they
                                                          participate. 
                                                          We also have
                                                          chapters
                                                          putting on
                                                          conferences
                                                          with the goal
                                                          of raising
                                                          funds.  I
                                                          don't think
                                                          there is
                                                          anything
                                                          preventing a
                                                          project from
                                                          doing the
                                                          same, but I
                                                          haven't seen
                                                          it done at
                                                          this point. 
                                                          Those are the
                                                          two main ways
                                                          that I see
                                                          chapters
                                                          raising
                                                          money.  Yes,
                                                          there is
                                                          certainly a
                                                          difference in
                                                          schemas and
                                                          projects will
                                                          have a more
                                                          difficult
                                                          time, but
                                                          that's also
                                                          why OWASP has
                                                          a project
                                                          funding
                                                          bucket.  Money
                                                          from these
                                                          local events
                                                          as well as
                                                          funds raised
                                                          by our AppSec
                                                          conferences
                                                          gets budgeted
                                                          specifically
                                                          for this
                                                          purpose.  To
                                                          my knowledge,
                                                          no reasonable
                                                          request for
                                                          funds by
                                                          projects has
                                                          been denied. 
                                                          Just because
                                                          there isn't
                                                          money sitting
                                                          "ring fenced"
                                                          in an account
                                                          for the
                                                          projects,
                                                          doesn't mean
                                                          that there
                                                          isn't money
                                                          that can be
                                                          spent.  It
                                                          just means
                                                          that it needs
                                                          to be
                                                          requested from
                                                          the pool. 
                                                          Yes, it's a
                                                          different
                                                          model of
                                                          funding, but
                                                          the end result
                                                          is the same. 
                                                          There are
                                                          funds
                                                          available at
                                                          OWASP for
                                                          everyone who
                                                          needs them.<br>
                                                          <br>
                                                        </div>
                                                        There are
                                                        obviously many
                                                        things that need
                                                        to be improved
                                                        at OWASP and,
                                                        unfortunately,
                                                        the Board has
                                                        been tied up in
                                                        rules, events,
                                                        bylaws, etc for
                                                        a while now. 
                                                        It's definitely
                                                        not the "fun"
                                                        part of the job
                                                        and it is very
                                                        time consuming. 
                                                        That said, I
                                                        would argue that
                                                        these are the
                                                        things that need
                                                        to be changed in
                                                        order for
                                                        everyone else
                                                        (staff,
                                                        community, etc)
                                                        to be able to be
                                                        better served. 
                                                        We've made
                                                        several changes
                                                        to the Bylaws
                                                        and are working
                                                        on more.  We've
                                                        hired an
                                                        Executive
                                                        Director (Paul),
                                                        an Event Manager
                                                        (Laura), a
                                                        Community
                                                        Manager
                                                        (Noreen), and a
                                                        Project
                                                        Coordinator
                                                        (Claudia) just
                                                        in the almost
                                                        two years that
                                                        I've been on the
                                                        Board.  The
                                                        needle on the
                                                        compass is set
                                                        and, while it
                                                        takes some time
                                                        to right the
                                                        ship, we are
                                                        getting there by
                                                        giving our
                                                        community the
                                                        support it
                                                        requires to be
                                                        successful.  So,
                                                        here's my
                                                        general thought:<br>
                                                        <br>
                                                      </div>
                                                      1) If it's within
                                                      the scope of a
                                                      defined Committee,
                                                      JUST DO IT!<br>
                                                      <br>
                                                    </div>
                                                    2) If there's no
                                                    Committee defined
                                                    for it, CREATE ONE,
                                                    then JUST DO IT!<br>
                                                    <br>
                                                  </div>
                                                  3) If a Committee
                                                  doesn't make sense,
                                                  ASK THE STAFF FOR IT!<br>
                                                  <br>
                                                </div>
                                                4) If asking the staff
                                                isn't working or we need
                                                to change a policy to
                                                make it happen, LET THE
                                                BOARD KNOW!<br>
                                                <br>
                                              </div>
                                              The Board should be the
                                              last resort, in my
                                              opinion, not the first. 
                                              We should be the enabler,
                                              not the bottleneck.  I
                                              think that our leaders
                                              make too many assumptions
                                              (probably based on past
                                              Board actions) about what
                                              needs to go to the Board
                                              and we need to get away
                                              from that.  Remember that
                                              the Board is just a
                                              handful of leaders who
                                              were elected to set the
                                              compass.  We have a finite
                                              number of things that we
                                              can handle and our Board
                                              meetings are typically
                                              overflowing with topics. 
                                              So, if something is
                                              bothering you, I would
                                              encourage you to change
                                              it.  That's why, with the
                                              David Rook situation, I
                                              encouraged creation of a
                                              new Committee to determine
                                              a reasonable solution.  If
                                              it requires a policy
                                              change by the Board, then
                                              we can vote on that, but
                                              asking the Board to take
                                              action just perpetuates
                                              the oligarchy that you
                                              mention in your e-mail. 
                                              Instead of pushing these
                                              issues up to the Board for
                                              action, let's have the
                                              community DECIDE what they
                                              want and have the Board
                                              change the compass needle
                                              via bylaws, policies, and
                                              staff discussions,
                                              accordingly.  At least,
                                              that's my vision for
                                              OWASP.  Is that something
                                              that you can get on board
                                              with?<span><font
                                                  color="#888888"><br>
                                                  <br>
                                                </font></span></div>
                                            <span><font color="#888888">~josh<br>
                                              </font></span></div>
                                          <div class="gmail_extra"><br>
                                            <div class="gmail_quote">
                                              <div>
                                                <div>On Mon, Aug 17,
                                                  2015 at 8:11 AM,
                                                  johanna curiel curiel
                                                  <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:johanna.curiel@owasp.org"
                                                      target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                                  wrote:<br>
                                                </div>
                                              </div>
                                              <blockquote
                                                class="gmail_quote"
                                                style="margin:0 0 0
                                                .8ex;border-left:1px
                                                #ccc
                                                solid;padding-left:1ex">
                                                <div>
                                                  <div>
                                                    <div dir="ltr">Members
                                                      of the board,
                                                      <div><br>
                                                      </div>
                                                      <div>With the
                                                        recent issue
                                                        regarding David
                                                        Rook, and my
                                                        latest
                                                        experience with
                                                        red-tape, I'm
                                                        proposing the
                                                        following.</div>
                                                      <div><br>
                                                      </div>
                                                      <div>My goals is
                                                        to call your
                                                        attention to
                                                        these issues
                                                        which I have
                                                        been observing
                                                        for a years and
                                                        not as a
                                                        critique to your
                                                        work, but I
                                                        think if you do
                                                        not pay
                                                        attention to
                                                        these issues and
                                                        DO something
                                                        about them,
                                                        OWASP will loose
                                                        valuable
                                                        community
                                                        participation.</div>
                                                      <div>
                                                        <ul>
                                                          <li>When an
                                                          initiative is
                                                          proposed or
                                                          launched by a
                                                          member of the
                                                          board, this
                                                          should be
                                                          followed up by
                                                          a survey where
                                                          the community
                                                          can
                                                          vote.Wether is
                                                          a rule or
                                                          money, these
                                                          decisions
                                                          should be
                                                          taken based on
                                                          collected data
                                                          and proper
                                                          substantiation
                                                          to avoid
                                                          oligarchy </li>
                                                          <li>When an
                                                          initiative is
                                                          launched by a
                                                          member of the
                                                          community,
                                                          especially
                                                          when this
                                                          initiative
                                                          cost more than
                                                          10k, it should
                                                          be
                                                          substantiated
                                                          with data how
                                                          this
                                                          initiative
                                                          will benefit
                                                          the community.
                                                          Also should be
                                                          followed by a
                                                          survey</li>
                                                          <li>Staff
                                                          should help
                                                          creating the
                                                          survey and
                                                          analyse the
                                                          votes</li>
                                                          <li><b>In
                                                          other words:
                                                          do more survey
                                                          to find out
                                                          what the
                                                          community
                                                          needs and
                                                          wants.</b></li>
                                                        </ul>
                                                        <div>My
                                                          observations
                                                          and where I
                                                          think you need
                                                          to give more
                                                          attention:</div>
                                                        <div><br>
                                                        </div>
                                                        <div>
                                                          <ul>
                                                          <li>Board/Executive
                                                          director
                                                          should work
                                                          closer with
                                                          the staff for
                                                          guidance and
                                                          empowering
                                                          their role. I
                                                          have the
                                                          feeling that
                                                          the staff is
                                                          paralysed
                                                          waiting for
                                                          instructions
                                                          or following
                                                          strict rules.
                                                          The staff
                                                          should be
                                                          motivated to
                                                          take
                                                          initiative and
                                                          implement
                                                          projects on
                                                          their own that
                                                          can help the
                                                          community.
                                                          They should
                                                          not be too
                                                          dependent on
                                                          an Executive
                                                          director or
                                                          member of the
                                                          board for this
                                                          part</li>
                                                          </ul>
                                                        </div>
                                                      </div>
                                                      <div>As I see it
                                                        ,OWASP is known
                                                        for his Projects
                                                        & Chapter
                                                        leaders which as
                                                        volunteers have
                                                        contributed the
                                                        most to set
                                                        OWASP on the
                                                        spotlight.
                                                        Therefore:</div>
                                                      <div><br>
                                                      </div>
                                                      <div>
                                                        <ul>
                                                          <li>You should
                                                          determine and
                                                          implement
                                                          better ways
                                                           to provide
                                                          better funding
                                                          schemas for
                                                          projects .
                                                          This is
                                                          something a
                                                          volunteer
                                                          cannot do. And
                                                          <i>nothing</i>
                                                          has been done
                                                          to help  solve
                                                          this issue</li>
                                                          <li>There is
                                                          an unfair
                                                          inequality in
                                                          the way
                                                          chapters can
                                                          generate funds
                                                          vs Projects.</li>
                                                          <li>Money is
                                                          locked down in
                                                          the chapters
                                                          budget</li>
                                                          <li>Chapters
                                                          outside US
                                                          & EU have
                                                          more struggles
                                                          to find
                                                          support. You
                                                          should
                                                          consider a way
                                                          to support
                                                          better these
                                                          ones since
                                                          their
                                                          countries are
                                                          not developed
                                                          in the area of
                                                          security as
                                                          countries in
                                                          EU and US.<br>
                                                          </li>
                                                          <li>Follow up:
                                                          when issues
                                                          like David
                                                          Rook or a
                                                          volunteer
                                                          rants(like me
                                                          or others )
                                                          out of
                                                          frustation,
                                                          take action.
                                                          Put it in the
                                                          agenda and try
                                                          to solve and
                                                          discuss the
                                                          issues to
                                                          improve the
                                                          actual
                                                          problems. So
                                                          far I have
                                                          seen very
                                                          little follow
                                                          up on major
                                                          issues and
                                                          discussions
                                                          raised in the
                                                          mailing lists</li>
                                                          <li>Way to
                                                          much attention
                                                          to rules, <i>events</i>
                                                          and bylaws
                                                          etc. Time to
                                                          take action
                                                          and take
                                                          decisions and
                                                          propose plans
                                                          for
                                                          improvements
                                                          of the actual
                                                          situation
                                                          above
                                                          mentioned</li>
                                                        </ul>
                                                        <div>Being that
                                                          said, and with
                                                          all due
                                                          respect to
                                                          you, I hope
                                                          that you can
                                                          take actions
                                                          and <i>execute</i>
                                                          improvements
                                                          that have been
                                                          an issue since
                                                          I joined OWASP
                                                          3 years ago.</div>
                                                      </div>
                                                      <div><br>
                                                      </div>
                                                      <div><br>
                                                      </div>
                                                      <div>Regards</div>
                                                      <span><font
                                                          color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                        </font></span></div>
                                                    <br>
                                                  </div>
                                                </div>
                                                <span>_______________________________________________<br>
                                                  Governance mailing
                                                  list<br>
                                                  <a
                                                    moz-do-not-send="true"
href="mailto:Governance@lists.owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a></a><br>
                                                  <a
                                                    moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/governance"
                                                    rel="noreferrer"
                                                    target="_blank"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a></a><br>
                                                  <br>
                                                </span></blockquote>
                                            </div>
                                            <br>
                                          </div>
                                        </blockquote>
                                      </div>
                                      <br>
                                    </div>
                                    -- <br>
                                    You received this message because
                                    you are subscribed to the Google
                                    Groups "OWASP Projects Task Force"
                                    group.<br>
                                    To unsubscribe from this group and
                                    stop receiving emails from it, send
                                    an email to <a
                                      moz-do-not-send="true"
                                      href="mailto:projects-task-force+unsubscribe@owasp.org"
                                      target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:projects-task-force+unsubscribe@owasp.org">projects-task-force+unsubscribe@owasp.org</a></a>.<br>
                                    To post to this group, send email to
                                    <a moz-do-not-send="true"
                                      href="mailto:projects-task-force@owasp.org"
                                      target="_blank">projects-task-force@owasp.org</a>.<br>
                                    To view this discussion on the web
                                    visit <a moz-do-not-send="true"
href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0p_kEGLn%3DCK38cQf%3Dv0gKoVB0R82Y10U1VmKvu_vm32Q%40mail.gmail.com"
                                      target="_blank">https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_0p_kEGLn%3DCK38cQf%3Dv0gKoVB0R82Y10U1VmKvu_vm32Q%40mail.gmail.com</a>.<br>
                                  </div>
                                </blockquote>
                                -- <br>
                                You received this message because you
                                are subscribed to the Google Groups
                                "OWASP Projects Task Force" group.<br>
                                To unsubscribe from this group and stop
                                receiving emails from it, send an email
                                to <a moz-do-not-send="true"
                                  href="mailto:projects-task-force+unsubscribe@owasp.org"
                                  target="_blank">projects-task-force+unsubscribe@owasp.org</a>.<br>
                                To post to this group, send email to <a
                                  moz-do-not-send="true"
                                  href="mailto:projects-task-force@owasp.org"
                                  target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:projects-task-force@owasp.org">projects-task-force@owasp.org</a></a>.<br>
                                To view this discussion on the web visit
                                <a moz-do-not-send="true"
href="https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/9E03385F-18C6-4C6E-A8D6-F0B2D08100E7%40owasp.org"
                                  target="_blank">https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/9E03385F-18C6-4C6E-A8D6-F0B2D08100E7%40owasp.org</a>.<br>
                              </blockquote>
                              <br>
                            </div>
                          </blockquote>
                        </div>
                      </div>
                      <blockquote type="cite">
                        <div><span>_______________________________________________</span><br>
                          <span>Owasp-board mailing list</span><br>
                          <span><a moz-do-not-send="true"
                              href="mailto:Owasp-board@lists.owasp.org"
                              target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                          <span><a moz-do-not-send="true"
                              href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                        </div>
                      </blockquote>
                    </div>
                    <br>
                    <font size="1"><span style="font-family:'Courier
                        New',Courier,mono;background-color:rgb(255,255,255)">WARNING:
                        E-mail transmission cannot be guaranteed to be
                        secure or error-free as information could be
                        intercepted, corrupted, lost, destroyed, arrive
                        late or incomplete, or contain viruses. The
                        sender therefore does not accept liability for
                        any errors or omissions in the contents of this
                        message, which arise as a result of e-mail
                        transmission. </span><span
                        style="background-color:rgb(255,255,255);font-family:'Courier
                        New',Courier,mono">No employee or agent is
                        authorized to conclude any binding agreement on
                        behalf of ProactiveRISK with another party by
                        email.</span></font>
                    <div style="font-size:1.3em"><span
                        style="font-family:'Courier
                        New',Courier,mono;background-color:rgb(255,255,255)"><br>
                      </span></div>
                    <br>
                    _______________________________________________<br>
                    Owasp-board mailing list<br>
                    <a moz-do-not-send="true"
                      href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
                    <a moz-do-not-send="true"
                      href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                      rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                    <br>
                  </div>
                </blockquote>
              </div>
              <br>
            </div>
          </div>
        </blockquote>
        <blockquote type="cite">
          <div><span>_______________________________________________</span><br>
            <span>Owasp-board mailing list</span><br>
            <span><a moz-do-not-send="true"
                href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
          </div>
        </blockquote>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Governance mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Governance@lists.owasp.org">Governance@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/governance">https://lists.owasp.org/mailman/listinfo/governance</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  </body>
</html>