March 7, 2011

= Committee Updates =

Budget
Technology budget $91.20 available (domains purchased), all others unchanged

Accomplishments

 * OCMS Launched
 * 2012 Call for Global AppSecs launche

Priorities

 * Global Sponsorships
 * OWASP Track

Items for Approval

 * OWASP/First Relationship

Partnership agreement between OWASP and FIRST. Already has the concurrence of the GCC


 *  Conference Profit Sharing Model

GCC approval on Jan 11th 2011 meeting Meeting Minutes

Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. Additional Details
 * Global AppSec Conference - 25% of event profits with a $5,000 USD cap ($10,000 for multi-chapter events)
 * Regional/Theme Events - 30% of event profits with a $4,000 USD cap
 * Local Events - 50% of profits with a $3000 USD cap


 * GCC Representative Funding

The board had asked the GCC to discuss the funding mechanism for GCC representation at events (GCC budget or against individual conferences). This was discussed and voted upon at the Feb GCC meeting and the committee decided that it would be best to manage these funds out of a GCC travel budget for supporting events. The GCC felt that, as at the end of the day it's all the foundation's money, the benefits of rolling this travel under the conference budget (therefore showing more "expenses" to their budget, allegedly encouraging them to earn more money to break "even") did not outweigh the "perceived" costs of offering conferences direct on-site support and then "charging" them for it. As the travel costs are likely to have a small impact on a Global AppSec Budget (approx $2000/trip) it's not likely going to impact the bottom line of the conference and would not likely be the sole motivating factor for planners to get additional sponsorship income. The potential soft costs to the ability of the GCC to conduct it's oversight role may be significantly impacted by making the planners pay a "tax" that is wholly internal to the organizations accounting and has no real allocation. Additionally, in the cases where a conference planner said "thanks but no thanks" to a GCC rep at their conference, the larger goals of better contract management, event feedback and assessments would not be achieved.

In short, the GCC recommends to the board that this funding stream be placed under the GCC budget as originally requested in the amount of $10,000.

Other Items
GCC Representative Roles and Responsibilities at Events

The GCC will now send a representative to all Global AppSec Events and to other regional events as budget allows. This member of the GCC will be identified early and assigned to liaise with the conference planners and provide a single point of contact for interfacing with the committee. They will also work with Dave to go through "training" for signature authority on contracts less than or equal to $15,000 USD in the scope of the assigned conference. While on-site the GCC representative will provide logistical, contracting and other on-site support as well as report back to the committee in the following areas (from the GCC 2011 Comprehensive plan):

GCC member shall:
 * interface with the local planning committee at least 1 month before trip (attend planning call)
 * Interact with planners/attendees while at conference
 * Interact with Sponsors
 * Sign conference contracts under $15,000 (once approved)
 * At the next GCC meeting the traveling member will be expected to
 * Provide an post trip report covering
 * Assessment of facility
 * Event Marketing Strategy
 * Examination of Event Budget
 * Estimation of Speaker Quality
 * Sponsor engagement/cost-effectiveness & feedback
 * Any notable comments from planners/attendees
 * Any unique outstanding elements
 * Any issues

Projects
GPC Updates:

The projects committee has drafted a detailed budget proposal to support four (4) GPC initiatives. For each initiative, the budget outlines projected estimates based on market research and describes exactly how and when the funds would be utilized. The budget also provides a detailed (12 pages long!), well thought out plan with concrete goals and tangible deliverables in order to evaluate initiative success. The four initiatives include: Project Hosting, GPC Working Sessions, Project Support, and Project Incentives.
 * Projects Committee 2011 Budget Proposal

The Global Projects Committee 2011 Budget Proposal can be found here.


 * The GPC has welcomed three (3) new members (Chris Schmidt, Justin Searle, and Larry Casey) and is looking forward to welcoming Keith Turpin upon completion of his application (Keith has already participated in GPC Meetings).
 * Project Hosting RFP in final review
 * Fleshing out the proposed OWASP Project Lifecycle
 * Recent addition of "OWASP Enterprise"
 * Hinges on Project Hosting to manage lifecycle and Project Incentives to drive adoption by leaders
 * Current Project Status Overview

Membership
•	We have two new members (Helen Gao, Ofer Maor) and both have a focus on expanding international participation. To increase international participation we are looking to possibly decrease the Individual Membership fees as well as explore different benefits that will make Membership more palatable / interesting to non-American and non-Western European individuals.

•	In addition to increasing International Membership we are also looking to increase the number of Organizational Supporters from non-vendor companies. This is in-line with the Industry Committee’s reinvigorated focus on Industry participants.

•	We are exploring the possibility of making an @owasp.org email address a membership benefit. In addition to being a benefit, this will also help to streamline communication to OWASP Members for “official” business such as voting.

•	Next meeting is next Tuesday and that is when we will follow up on TODOs from the 2011 Summit.

Industry
Discussion Points

-Dublin -Brazil -US -China
 * Conference reach out via organizers and local chapters
 * Contact list for Industry by vertical
 * Budget proposal: https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN#gid=0
 * Corporate member structure
 * Corp Survey regarding OWASP projects and effectiveness
 * Metrics report by Vertical
 * Industry alignment by vertical

Connections
I'm sorry I could not make this call. The connections committee is still at 2 members - and we are adding 2 soon.

We are:

1) Updating the OWASP blog

2) Running the OWASP twitter account

3) Handling any press inquiries and forwarding those to the right people and maintaining http://www.owasp.org/index.php/OWASP_Connections_Committee and http://www.owasp.org/index.php/Press

4) Running the podcast series (next show up this week)

We do not hold committee meetings. We hold "working sessions" on an constant but unscheduled basis.

Education
Education Committee will be meeting in March.

Chapters
= Other Foundation Business =


 * Remove the "board member representative" requirement for the Global Committees. 

This idea was intiated as a mechanism to provide the committeess with a "line" to the board. It has evolved, however, into a percieved "veto" option for the board. Instead, I recommend we implement a "requirement" for the Global Committee chair to present their committee progress to the Board during the meetings. This moves the requirement of participation from the Board and provides the Committee an opportunity to present items that require vote. Board members should be allowed to participate as a committee member, but should not be considered a committee chair or looked to as a committee member who has privelages above other committee members.


 * Approve $5K in funding for the Global Membership, Global Conferences, and Global Chapter Committees for operational support

These three committees have initiatives for 2011 as defined during the summit. These initiatives will require many "tasks" that are time consuming and will require uninterrupted hours to complete. I would like the committee chair to "approve" the selection. These contracted staff will be supervised by me, the Operations Director. Tasks managed and outcomes tracked as directed by the committee chairs.

Job Description


 * Status of Tesauro Consulting Inititive

Is the OWASP Board going to continue working on the Core Values, Core Purpose, and so on, or is this going to be assigned to the Global Committee Chairs to finish?


 * Status of New OWASP Hosting on Rackspace cloud.

Rackspace has agreed in principal to host OWASP for free on their cloud infrastructure. I have a meeting this week (March 10th) with the CTO & CISO to nail down the particulars and get an agreement in place.