Wednesday, February 22, 2012

Approval of LASCON Exception


From The OWASP Board (Michael Coates michael.coates@owasp.org)

We wanted to thank everyone for the open, honest, and respectful discussion of the Lascon exception issue.  The board has considered the information provided by all parties as well as the principles and mission of OWASP.  After discussion and deliberation we've reached the following decision:

The OWASP Board has voted to approve the following:

Approve LASCON Exception per current chapter & committee rules with the recommendation that LASCON considers the objectives provided by the Board for the new policy. Further, this is the second and final exception for LASCON.

The updated chapter/conference policy must be approved within 45 days or LASCON exception is revoked.

Recommendations for the New Policy

The OWASP board would like the conferences and chapters committees to work together to jointly draft and approve an update to the policies governing chapters and conference events. We appreciate all the hard work that the committees have put forth to grow our chapters and conferences to its current state.  We've accomplished some great things and this is another situation where we have to review and adjust as a result of our continued growth and success as an organization (a good problem to have).

As global committee members you are in the best place to determine the specifics of this policy; however, we would like to set an overall direction that will be worked towards and we’ve outlined the following objectives that should be considered for the updated chapter and conference policies.  

We encourage the committees to review these guiding objectives and work to build a structure that will encourage the growth of OWASP and our mission.  
  • Guiding Objectives
    • We would like to see chapter empowerment through a profit sharing model that is in line with our core value of Innovation
    • We have concerns over the use of profit caps on gains from specific events
    • We would like some sort of annual review, requirements, or rules to address the issue of stale chapter funds in excessive amounts
    • We would like some periodic recap on funds spent by chapters to help ensure funds are appointed on items aligned with the “OWASP Mission”.
    • We recognize there could be concerns over conflicting large chapter events and our core global conferences. Controls should be added to prevent this conflict (perhaps CFP blackout periods in regions within X months of a global event)
    • We would like a dedicated committee with continual and significant control over the core OWASP global events (i.e. conference committee
    • Foundation has resources that can be are being provided to local chapter events but we need these costs to be accounted for in the chapter's event planning
    • Controls are needed to prevent chapters from over-committing on financial costs
    • Final policy and structure created by the committees should ensure, as much as is possible, that there is no incentive for chapters to form legal entities in their own countries.  Any such activity has significant implications for the foundation and must be discussed and coordinated  with the Foundation Board.
  • Infrastructure
    • Chapters must use established technology methods (such as regonline) any time money is handled
    • CFPs need to use established OWASP procedures
    • A single “source of truth” is needed for all events so that OWASP employees can best assist all events.  These include events under either  committee’s purview.
  • Branding
    • Naming standard enforced for all events (e.g. OWASP X)
    • Logo standards that includes OWASP on all logos, event sites, collateral, etc
Thanks for the significant efforts that have been made thus far and we look forward to the updated policy/policies that can take OWASP and our growing member and chapter base to the next level.
Lastly, Kate will update the official vote record to reflect our vote and capture the above guiding objectives on the wiki.

-The OWASP Board

Michael Coates
michael.coates@owasp.org

No comments: