Friday 7 June 2013

Why the need to enable the use of OWASP chapter funds

I just send the text below to the OWASP Leaders list, which was part of this thread

My answer was to  Tim's comment and I started a new thread with it

-------------

Tim's solution (see below) is great and we should apply it now (using data from the last year). The only thing I would change is to remove the C (soft cap) and  P (hard cap). This would have a net positive result for all chapters (and not move the money to the 'OWASP mothership' which is a very sensitive topic).

For the ones really interested in this thread/topic, you should read the amazing Seth Godin's post Non-profits have a charter to be innovators which really explains why OWASP (as an organisation) as the DUTY and moral responsibility to spend its available funds, to experiment, to get things done, etc....)


The other very important question is WHY!  (as explained by the also amazing 'Why how what' presentation by Simon Sinek)   

Why does OWASP need money?
Why do chapters need money? 
Why should owasp leaders use their political/business/personal capital in becoming a 'vendor' for OWASP?

In my view, OWASP needs money to Get Stuff Done!

And although there is always an idea that OWASP funds will be massively wasted, the reality (just look back at History) is that It is very hard to spend OWASP Money

The best examples are the dormant funds in the Chapters, the Project Reboot funds that have barely been used and (my failed attempt) at the GSD project (Get Stuff Done) which has 3k USD that any of you could spend TODAY

As I mentioned in my OWASP Revenue Splits and the "Non-profits have a charter to be innovators" post, OWASP has a 'How to spend the money' problem and in the 160k USD available to OWASP Chapters and Projects (written in April 2012 hence the smaller amount) I wrote:

In fact, the 160k USD currently available, shows that the model is not working as well as it should, i.e. OWASP leaders are not spending (i.e. investing) the money make available to them!

I think there are two reasons for it:
  • spending money in an organization like OWASP is not easy
  • there is an idea that 'money should be kept' in the bank since it is not wise to spend it all (i.e. be fiscally conservative)
The problem here is that the amount of missed opportunities caused by the non-spending on these funds ie enormous, but because that is very hard to measure (how do you quantify missed opportunities?), it is hard to visualize the solutions and ideas we have not executed on.

I think that one way to help the chapters to spend the $ allocated to them is for them to 'invest' in OWASP Projects under a program like the one I present at OWASP Project Reboot 2012 - Here is a better model

What is great about such 'owasp chapters global fund' is that:
  • It moves the discussion from 'how much money do I have' to 'what should I do with the funds available'
  • It really supports the chapters that don't have a lot of funds today
  • It can also also benefit chapters with substancial funds today, since there is no reason why they can't also access those resources
  • it promotes accountability and ownership of funds allocated
  • it puts an 'artificial' timeline on the use of funds allocated (i.e. there is a 'pressure' to deliver)
  • it helps to find the OWASP leaders who know how to spend OWASP funds and make magic happen (like Fabio with the Latam and EU tours)
  • It empowers action, and promotes the idea that 'we trust our chapter leaders to do the right thing'
  • it documents the places where OWASP funds are used (making those ideas/actions easy to replicated)
  • it also documents the failed experiments (which are healthy, but don't need to be repeated :)  ). 
  • it stops the 'ownership of funds' and 'lets keep it in a safe place' that we currently have
  • It can dramatically simplify how the funds are accessed since there will be a central point of contact and pot (with better/faster processes that world worldwide)
  • it turns up the volume/pressure on the '% of OWASP funds used',  since everytime something that could happen, doesn't happen, OWASP misses an opportunity (and we need some 'urgency' and focus on 'not lossing those opportunities). 
See the rules I wrote down at the GSD project for how this could work in practice.

Like I mentioned before, I don't really care about where the money is, and what percentages there are in place (in fact history is showing us how divisive those splits can be). The point is that OWASP Funds MUST be available to Who wants to use them!

And as I listed in I wish that OWASP in 2014 ...., it would be great that one day we will have at OWASP:
  • ....
  • a model where OWASP leaders are empowered to make financial decisions/commitments and spend the available OWASP funds in the way they believe is best, with no (very little) questions asked and very fast approval cycles (see the GSD project for details)
  • ....

Dinis Cruz


On 6 June 2013 17:35, Tim <tim.morgan@owasp.org> wrote:

Yes, this is what came to my mind as well.  Incorporating Dinis
suggestion and some of my own ideas, what about this:

Individual membership dues: 75% to chapter, 25% to foundation
Corporate membership dues: 25% to chapter, 75% to foundation
Conference/event profits: 25% to chapter, 75% to foundation

Let C be the chapter funds "soft" cap
Let P be the shared chapter pool "hard" cap

Once per year, do the following:
 For any chapter with funds greater than C, move %50 of any excess
 funds C into a shared chapter pool

 If the the chapter pool is greater than P, move all excess funds to
 the global foundation


Any chapters can "overdraw" their chapter account and pull from the
chapter pool.  Perhaps some kind of limit should be put on how much
any given chapter pulls from the shared pool in a year.


Reasoning:

I think individual membership dues are important to keep with the
chapter.  It encourages contribution and participation at the local
level.  Corporate membership is probably not quite the same in that
way.  Also, I'm guessing individual membership dues are not the
biggest contributor to chapter funds right now (whereas conferences
and corporate contributions probably are), so it isn't going to cause
a big lockup of funds by putting more of the individual dues toward a
chapter.

In this system, the shared chapter pool is not so much different than
what we are doing this year in 2013 where a $500 overdraw was offered
to poor chapters.  I think this overdraw ability is *very* useful to
new chapters.

Of course all suggested numbers above are negotiable, it's just a
framework for more fairly unlocking excess funds.
tim