Committee Supervison of Events Rational
Management and oversight of OWASP Global AppSec and Regional Events should stay under the purview of the Global Conferences Committee. The Conferences Committee is comprised of members who have the experience, knowledge and experience to ensure that larger OWASP events are run in a manner consistent with the values of the foundation as well as in an open and fiscally responsible manor. Over the past 2 years under the Conferences Committee’s leadership, we’ve seen OWASP grow from having one, perhaps two global events each year to having a Global AppSec Conference in North America, South America, Europe and Asia every year in addition to increasing the number of regional and local events we participate in worldwide. Under GCC stewardship we have also seen a significant increase in profitability for events that provide the engine to drive OWASP’s activities worldwide.
OWASP conferences and events are the flagship of our outreach activities and of equal importance are vital to the very existence of OWASP. It is the revenues that OWASP makes from conferences that allow the foundation to fund all aspects of it’s operations, projects, chapters as well as some of our most successful outreach activities such as the summit. Last year conference income accounted for 77% of OWASP's annual income and brought in a total profit of $240,399.71 (up 151% from 2009). The Conferences Committee has demonstrated its ability to conduct a significant outreach effort while continuing to ensure that the foundation has the funding it needs to continue executing this mission. Placing this responsibility in the hands of the Chapters Committee, whose mission is to provide support to local chapters, and removing it from the Conferences Committee, who have the specific expertise in planning and executing events would be in my opinion irresponsible.
I will admit that the majority of the Global Conferences Committee resources and time are focused on the larger events. When it comes to the smaller events we mostly provide foundation funds, guidance when asked and leave the vast majority of the planning to the local team, rarely getting involved. Comparatively, smaller events (under 100 attendees) do not have as significant impact to the foundation as a whole and in general do not generate significant income (last year they represented 0.88% or $2065.07 of total event income). While these smaller events are critical to outreach efforts and need to be coordinated with the rest of the OWASP event schedule I believe that the Chapters Committee may be capable of managing these size events (as they typically only involve a single chapter); however, they could also continue to be managed by the Conferences Committee.
There are some areas where the Conferences Committee needs to improve. I agree with the sentiment that we do not clearly define the differences between the "type" of event or level support between Global AppSec, Regional and Local events. We also need to continue our work of spreading out the OWASP Global Event Calendar as we are still very heavy in the second part of the year. I will also admit that not every decision the Global Conferences Committee has made has been popular however sometimes unpopular or difficult decisions need to be made for the greater good. I will say that all of the decisions made by the conferences committee have been conducted in the most open and democratic way possible. We conduct almost all of our business on the maligning list for all to see and contribute and we vote on almost every decision so that those who have been validated by their peers to serve on the committee can have their say in the process. The conferences committee was even the first to develop a self governance document which was adopted in part or in whole by several of the other committees, including chapters. Considering the massive responsibility placed on the conferences committee in both leading the outreach effort and in ensure the foundation has sufficient operating income to continue it’s existence I’d say the Global Conferences Committee is doing a great job and don’t see the reason or rationale for making any move that would obstruct them from continuing to do great work on behalf of OWASP.