Chapter Handbook: Managing Money

Revision as of 15:27, 15 January 2010 by Oshezaf (talk | contribs)

Jump to: navigation, search

Managing money

What can money be spend on?

Chapter expenses should be use to the local chapter and be inline with the OWASP foundation goals, code of ethics and principles.

Common expenses include:

  • Meeting venue rental.
  • Refreshments for a meeting.
  • Promotion of a meeting.
  • Travel for speakers.

In case of doubt if an expense is inline with the OWASP principles, get advise from the Global Chapter Committee

How should expenses be authorized

A chapter should have a treasurer who is in charge of money. This person can be the leader. His/her name should be communicated to the Global Chapter Committee.

A chapter can have any procedure for authorizing expenses as long as it is also authorized by the treasurer and documented. As a documentation the treasurer must, in addition to any bookkeeping required by local authorities, keep a list of expenses made. This list should be made public, preferably on the Wiki, and if not possible, than provide it to the Global Chapter Committee on a quarterly basis.

Mailing list and Invites

List Usage

The local chapter mailing list should be used mostly to inform list members about local OWASP activities. Such a list should be large in nature, include people who do not care about OWASP on a day to day basis and therefore have little traffic.Professional web application security directed to the global relevant mailing lists.

There are some cases local professional discussion is also in place, most notably when practitioners prefer to discuss in their native thong. To do so start a second list. Feel free to contact OWASP if you want this second list to use OWASP infrastructure.

Recruiting List Members

It is extremely important to grow the size of the list. This is the primary source from which people learn about meetings and the larger the list, the more successful the meetings. Needless to say, list members need not be OWASP paying members.

There are three primary methods to add members to the list:

Automatically registering attendees to an event to the list

While this may seem unorthodox at first, when done correctly this is the most effective way to enlist new members. Since meeting attendees are usually interested to learn about future meetings, this usually works fine. Just:

  • Enlist all meeting attendees.
  • Send an email to the meeting attendees summarizing the meetings
  • In this e-mail, along side the usual thanks and the location of the presentations, inform that you enlisted attendees to the list, that the list is mostly just for meeting announcements and that anyone is free to contact you to be removed.
  • Promptly remove who ever ask for it.
Offer to enlist whomever you meet and mention OWASP to

Since OWASP is (hopefully) something you are proud of doing, it usually pops up in professional conversations, whenever this happens, offer to register the person to the list to get notifications on future meetings. You might actually break the ice and get a business card you would not otherwise get!

Meeting invites

Even if initially sent through the list itself, meeting invites are often forwarded. Add to the invite itself reference to the mailing list.

Invites & RSVPs

The e-mail to the mailing list is the prime method of letting people know about OWASP meetings. Some other useful methods are:

  • Ask your speakers to send invites to their circle
  • Ask people on the list to forward to people in their organization.
  • Use your own personal contacts. Since OWASP is not a commercial organization, this would be usually acceptable by your business contacts. Again, this might actually help you keep in touch with them.

You might also want to use event invites instead of e-mail messages. These services provide different advantages such as integration with the attendee calendar and RSVP management, but on the other hand might seem more commercial and obtrusive.

You can send vent invites using the following tools:

  • Direct calendar invites - one can do that using a dedicated Google calendar account.
  • The tool most used by OWASP chapters is Eventbrite which is free for non for profit.
  • Others use Meetup, which while not free is priced very low.
  • Yet others use Doodle

The simplest way to keep track of attendees is Excel. It works just fine. 

  • v

It is helpful to send calendar invites to people who RSVPed in order to fix the date on their calendar. 

CPE credits