<div dir="ltr">I would be interested to know what would happen to our status as a Foundation. What would happen to the money? I would be surprised if the government would allow a 501c3 charity that serves a public good to hand its bank account over to a professional association that serves its members.<div><br></div><div>On the other hand I have heard it is possible for a c3 to own a c6 and vice versa. So that might be something to research.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>Noreen Whysel</div><div>Community Manager</div><div>OWASP Foundation</div></div></div></div>
<br><div class="gmail_quote">On Thu, Oct 8, 2015 at 1:50 PM, Tony Turner <span dir="ltr"><<a href="mailto:tony.turner@owasp.org" target="_blank">tony.turner@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Tobias, that's exactly what I was getting at in my last email. From my perspective, the only thing I've consistently heard that hinders our mission somewhat is restrictions around getting involved in politics/legislation. While OWASP is referenced by many frameworks around the globe, we do appear to be somewhat limited in our ability to proactively lobby lawmakers to make more sensible laws. Making laws isn't necessarily part of our mission, but making application security visible to those that do make laws certainly falls within our objectives I would say. It's possible that an OWASP project geared around legal frameworks and application security that can be referenced by those more inclined to lobby would fill that gap without the need for restructuring.<div><br></div><div>Has anyone run into other issues that the (c)(3) prohibits that hinders our mission?</div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Thu, Oct 8, 2015 at 1:38 PM, Tobias <span dir="ltr"><<a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Good to see this move to a discussion
      about our organisation structure and not a election campaign one.
      <br>
      <br>
      I like to take this one step further: <br>
      In fact this should at first not be about technical organisational
      structure. <br>
      <b>The key question is what we want to do and then we see whether
        the organisational structure fits that or needs to be changed.</b>
      So we should think about what are the new actions we want to take
      and the things that we no longer want to do, that would require us
      to change from 501(c)3 to 501(c)6? <br>
      <br>
      What are the underlying real reasons to change? <br>
      And of course also what are the disadvantages of changing? <br>
      So far I have not heard much about that... <br>
      I really like to understand what is the need, what is the
      underlying reason for that? <br>
      <br>
      Maybe one data point I can offer from my last two years at the
      board: <br>
      Over the last two years, I did not encounter much problems with
      our current structure. I do not recall cases where we really
      wanted to do something and couldn't, just because we were a
      501(c)3. That was not the problem. Nor did I feel "oh gosh,
      wouldn't it be so much better being a 501(c)6 now....". Don't get
      me wrong, there definitely are differences and actions that are
      non-compatible with a 501(c)3, but IMHO this was never a problem.
      And IMO the spirit of our open sharing community and our aim to
      make the world a more secure place feel well aligned with the
      spirit of a 501(c)3. <br>
      <br>
      To conclude: My personal experience so far is that our current
      structure works well for our community and we don't have much
      problems with restrictions from it. But if someone sees an actual
      problem and need to change, I would love to hear more about it and
      understand it better. Please help me understand what is the issue
      for you? And let us discuss which activity we want to do that
      would need us to change the organisation in order to allow us to
      do it? <br>
      <br>
      Best regards, Tobias<br>
      <br>
      <br>
      <br>
      On 08/10/15 17:35, psiinon wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">From <a href="http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247" target="_blank">http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247</a><br>
        <div><br>
          <div style="margin-left:40px">What is the purpose of an IRC §
            501(c)(6) organization?<br>
            <br>
            A4: The purpose of this type of organization is to serve its
            members<br>
          </div>
          <br>
        </div>
        <div>I dont think that what OWASP should be about - we should be
          all about helping others (to be more secure) not about helping
          OWASP members.<br>
          <br>
          <div style="margin-left:40px">Q5: What are the functions of an
            IRC § 501(c)(3) organization?<br>
            <br>
            A5: The functions of an IRC § 501(c)(3) organization can be
            multitudinous. There are endless types of programs that
            serve charitable, educational, and like ends.<br>
          </div>
        </div>
        <div><br>
        </div>
        <div>OK, so I'm new to this legalise and definitely dont really
          understand the differences, but that sounds much more
          appropriate for OWASP.<br>
          <br>
        </div>
        <div>Simon<br>
        </div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Oct 7, 2015 at 7:57 PM, Tom
          Brennan <span dir="ltr"><<a href="mailto:tomb@proactiverisk.com" target="_blank">tomb@proactiverisk.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div style="word-wrap:break-word">To be fair Jim OWASP is
              not a scientific research or a religious focus.  It is
              focused on “trying to raise awareness for software
              security"
              <div><br>
              </div>
              <div>This was discussed during the interview have a listen
                here   <a href="https://soundcloud.com/owasp-podcast/owasp-board-interview-milton-smith-tobias-gondrom-tom-brannen" target="_blank">https://soundcloud.com/owasp-podcast/owasp-board-interview-milton-smith-tobias-gondrom-tom-brannen</a> </div>
              <div><br>
              </div>
              <div>I also wish to draw your eyes and those of the other
                members (660+ on this leaders list) to the legal review
                of 501(c)3 vs. (c)6 that are BOTH non-profit status</div>
              <div><br>
              </div>
              <div><a href="http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247" target="_blank">http://www.nonprofitlawcenter.com/resDetails.php?item_ref=247</a></div>
              <div><br>
              </div>
              <div>This is not a GOP debate — this is a group of (9)
                people that are volunteering to help the organization
                continue to grow globally and locally.</div>
              <div><span><font color="#888888"><br>
                    <div>
                      <div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">
                        <div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">Tom
                          Brennan</div>
                        <div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><a href="tel:973-506-9304" value="+19735069304" target="_blank">973-506-9304</a></div>
                      </div>
                    </div>
                  </font></span>
                <div>
                  <div>
                    <br>
                    <div>
                      <blockquote type="cite">
                        <div>On Oct 7, 2015, at 2:47 PM, Jim Manico <<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>
                          wrote:</div>
                        <br>
                        <div>
                          <div dir="auto">
                            <div>Tom is trying to shift OWASP away from
                              a charity to a 501c6 trade association.</div>
                            <div><br>
                            </div>
                            <div>If you want to drop our charity and
                              focus on vendor relations then vote for
                              Tom.</div>
                            <div><br>
                            </div>
                            <div>If you care about open source, serving
                              the community, and our values of vendor
                              neutrality and non-commercialism then
                              please consider other candidates.</div>
                            <div><br>
                            </div>
                            <div>
                              <div>--</div>
                              <div>Jim Manico</div>
                              <div>
                                <div>
                                  <div style="word-wrap:break-word">
                                    <div><span style="background-color:rgba(255,255,255,0)">Global
                                        Board Member</span></div>
                                    <span style="background-color:rgba(255,255,255,0)">OWASP
                                      Foundation</span>
                                    <div><a href="https://www.owasp.org/" style="background-color:rgba(255,255,255,0)" target="_blank"><font>https://www.owasp.org</font></a></div>
                                  </div>
                                </div>
                                <div><span style="background-color:rgba(255,255,255,0)">Join
                                    me at <a href="http://appsecusa.org/" target="_blank">AppSecUSA</a> 2015!</span></div>
                              </div>
                            </div>
                            <div><br>
                              On Oct 7, 2015, at 1:42 PM, Tom Brennan
                              <<a href="mailto:tomb@proactiverisk.com" target="_blank">tomb@proactiverisk.com</a>>
                              wrote:<br>
                              <br>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div dir="ltr">OWASP Foundation Inc.,
                                  announced the 2015 International Board
                                  of Director candidates and I am
                                  throwing my hat in the ring again.<br>
                                  <br>
                                  I am requesting your support and vote
                                  this October 7th 2015 – WHY ME you
                                  ask…. read, watch and hear the details
                                  here:
                                  <div><br>
                                  </div>
                                  <div><a href="http://www.proactiverisk.com/2016-owasp/" target="_blank">http://www.proactiverisk.com/2016-owasp/</a></div>
                                  <div><br>
                                  </div>
                                  <div>Semper Fi,</div>
                                  <div>Tom Brennan</div>
                                  <div><br>
                                  </div>
                                </div>
                                <br>
                                <font size="1"><span>WARNING:
                                    E-mail transmission cannot be
                                    guaranteed to be secure or
                                    error-free as information could be
                                    intercepted, corrupted, lost,
                                    destroyed, arrive late or
                                    incomplete, or contain viruses. The
                                    sender therefore does not accept
                                    liability for any errors or
                                    omissions in the contents of this
                                    message, which arise as a result of
                                    e-mail transmission. </span><span>No employee or
                                    agent is authorized to conclude any
                                    binding agreement on behalf of
                                    ProactiveRISK with another party by
                                    email.</span></font>
                                <div style="font-size:1.3em"><span><br>
                                  </span></div>
                              </div>
                            </blockquote>
                            <blockquote type="cite">
                              <div><span>_______________________________________________</span><br>
                                <span>OWASP-Leaders mailing list</span><br>
                                <span><a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a></span><br>
                                <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                              </div>
                            </blockquote>
                          </div>
                        </div>
                      </blockquote>
                    </div>
                    <br>
                  </div>
                </div>
              </div>
            </div>
            <div>
              <div>
                <br>
                <font size="1"><span>WARNING:
                    E-mail transmission cannot be guaranteed to be
                    secure or error-free as information could be
                    intercepted, corrupted, lost, destroyed, arrive late
                    or incomplete, or contain viruses. The sender
                    therefore does not accept liability for any errors
                    or omissions in the contents of this message, which
                    arise as a result of e-mail transmission. </span><span>No employee or agent is
                    authorized to conclude any binding agreement on
                    behalf of ProactiveRISK with another party by email.</span></font>
                <div style="font-size:1.3em"><span><br>
                  </span></div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
            <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all"><span><font color="#888888">
        <br>
        -- <br>
        <div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP
            ZAP</a> Project leader<br>
        </div>
      </font></span></div><span><font color="#888888">
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
OWASP-Leaders mailing list
<a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </font></span></blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
OWASP-Leaders mailing list<br>
<a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br></div></div><span class="HOEnZb"><font color="#888888"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><font color="#888888">Tony Turner<br>OWASP Orlando Chapter Founder/Co-Leader</font></div><div><font color="#888888">WAFEC Project Leader</font></div><div><font color="#888888">STING Game Project Leader<br><a href="mailto:tony.turner@owasp.org" target="_blank">tony.turner@owasp.org</a></font><div><a href="https://www.owasp.org/index.php/Orlando" target="_blank">https://www.owasp.org/index.php/Orlando</a></div></div></div></div></div></div></div></div>
</font></span></div>
<br>_______________________________________________<br>
OWASP-Leaders mailing list<br>
<a href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
<br></blockquote></div><br></div>