Committee Supervison of Events Rational

I believe we need to better define the Global AppSec/Regional/Local break. I'd recommend any event larger than 100 expected attendees (Things that are clearly chapter meeting, such as NY chapter meetings excluded) would be under the Conferences Committee purview. Events expecting less than 100 attendees would all be classified as local events (unless they are deemed "conferences" for a specific reason), managed by the Chapters Committee and put into OCMS for GCC awareness when working the larger schedule items.

My Rationale: the Conferences Committee has the experience and knowledge regarding larger events i.e. conferences and the chapters committee does not have this focus. Larger events (over 100 expected attendees) and would benefit from knowledge and guidance of the conferences committee who has the experience with larger events.

Additionally, one of the conferences committee's major goals (and a primary reason for OCMS's existence) is to conflicting scheduling of events. Larger events, including those with a regional draw need to be carefully managed as we are currently experiencing attendee, speaker, and sponsor fatigue with our schedule that's mostly in the second half of the year. Local events IMO are more for GConfC awareness and tracking of the "official" event schedule, they rarely cost much (although almost all request some sort of funding/schwag and foundation support) and I can't think of a single local event that's turned a profit (many don't' charge a fee). Personally I feel that the GChapC would be a fine venue to coordinate these activities so long as the GConfC still get awareness of them (Fore scheduling purposes).

While I will agree that most of the labor is done by the local team (GCC is working on ways to help provide additional "effort" support), all of the financial risk is taken on by the foundation. It is OWASP Foundation funds that pay for venues, deposits, food, and the foundation that takes on the risk of any loss (which has happened in the past). Conference income accounts for 77% of OWASP's annual income. In 2010 Conferences brought in a total profit of $240,399.71 (up 151% from 2009 even counting the $34,991.87 of which was allocated directly to local chapters budgets) while OWASP's overall net was $4,972.63. Conferences and their profits are what make OWASP possible without these funds we could not put on events like the OWASP Summit (total cost to the foundation was $224,799.05, only $44,095.65 came from chapters in the form of donations, individual travel sponsorships, or forfeiture). While I agree its important to empower chapters and local leaders to make smart decisions and as a result the GCC has provided, for the first time, profit sharing for local chapters for events in 2010. The financial benifits of OWASP events is far too crutial to the ongoing support of the OWASP mission to be removed from the oversight and experience of the people who have held sucesseful events in the past and have proven that they can effectively manage these activities.

Additionally, as a Co-Chair of one of the larger regional events, I wholeheartedly agree with keeping the events under the GConfC. From a foundation perspective I'd argue that AppSec DC uses even less labor resources than LASCON does (at this point, AppSecDC is completely self sufficient other than the need of capital from the foundation to get us started). However the AppSec DC Team puts on our event for the benefit of Application Security awareness by engaging key stakeholders (the US Government). We do not do it to bolster our local budget, we did it for the betterment of OWASP and will continue to do so as long as we are allowed. The Chapters Committee should continue to have oversight of chapter meetings, the chapter handbook, local sponsorships etc but for the larger events, they need the experience of someone who has planned large scale events. Perhaps number of attendees isn't the best metric to use the GConfC has been using more subjective delineators for over a year now with success, however I felt that might be a way to compromise and clearly define who had oversight of what.