December 2019 Videoconference
- Date: 2019-12-17
- Time: 2PM US Eastern convert
- Location: Remote
- Call-in: Zoom Meeting
- Meeting ID: 337 156 503
- One tap mobile, +19294362866,,337156503# US (New York), +16699006833,,337156503# US (San Jose)
- Find your local number: https://zoom.us/u/adTRZ9HHmR
CALL TO ORDER
Roll Call Board Members
- Martin Knobloch, Chair,
- Owen Pendlebury, Vice Chair
- Sherif Mansour, Treasurer
- Ofer Maor, Secretary
- Richard Greenberg, Member at Large
- Gary Robinson, Member at Large
- Chengxi Wang, Member at Large.
CHANGES TO THE AGENDA
APPROVAL OF MINUTES
- Members: 2,763 (down 32 from Last month)
- Momentum: 652.5K visitors to websites in Nov (2,690 decrease to 2018)
- 96.4% of Service Desk tickets closed within SLA (worse from 99.3% last month)
- 100% of Non-Funding tickets were closed within SLA (better from 99.3% last month)
- Money: $99K Operating, $1.3M cash assets.
- Revenue: On an accrual basis, total revenue YTD through Nov 2019 was $3,294K as compared to the plan of $4,590K. The results are WORSE by $1,296K, with Conference income being $1,074K below the 2019 budget
- Expenses: Total spending YTD is LESS than budget by $1,253K due to under spending in most of the depts. ( Conference expenses are under budget by $794K, and is further offset by the under spending in most depts YTD, except for Professional services)
- Net Income/Loss: YTD Net income, on a combined Accrual basis is $74K which is worse than budget by $43K.
- Chapter Funds: US bal is $809K ( which is DOWN $18K from the Oct bal of $827K which now includes the almost $94K posted to Ca chapters for 2019 Apsec Cali but before APSEC EU and US 2018 and 2019 as well as some 2018 Regional splits). EU Ch bal is $59K. Also US Proj bal is $165.5K. (which is down $6K from Oct 19)
- With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll etc) of $214K added to the $1,029K of Ch/Proj balances is $1,243K , as compared to the $1,342K of cash, leaves us Positive Oper. Cash of $99K, for the time being. On avg our monthly expenses are about $135K so at $99K of Oper cash we have less than one month of reserve. Also Open AR is $333K, which when collected will help immensely, and will add almost 2.5 more months of reserve.
Executive Director Report
(see below for extended report)
Resolution passed at September 2019 Board Meeting
- Question regarding language. Staff re-listened to recording and the passed motion is below
- Resolved, beginning January 1, 2020 the Foundation has decided to change the profit splits of the Global AppSec events. The split will be no less than 90% to the Foundation and no more than 10% to local Chapters. The Chapter will have the option to give the funds back to the Foundation or the Community Fund. If there is no current active Chapter in the area the full 100% will be given to the Foundation. Ofer Maor motions, Richard Greenberg seconds. Passes: 6-0. In Favor: 6 (Ofer Maor, Owen Pendlebury, Richard Greenberg, Gary Robinson, Sherif Mansour and Chenxi Wang) Against: 0, Abstained: 1 (Martin Knobloch).
Resolved that One-Year Individual Membership regional pricing will be $20 per year for residents of bottom 50% of Adjusted net national income per capita (current US$) countries. https://data.worldbank.org/indicator/NY.ADJ.NNTY.PC.CD
Set time for January Board Member Onboarding video call (4hrs). Discuss Strategy and assign Board Member roles.
Approval of the 2020 Operating Plan
Approval the OWASP 2020 Budget
Update the Mission Statement:
- From: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
- To: The Open Web Application Security Project (OWASP) is a nonprofit foundation improving the security of software. Through community-led open source software projects, over 260 local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
Executive Director Report
Work continues to get the website launched before December 20th. In our view this is a great time of the year to relaunch our website. Our plan is launch and then have two weeks for fast-follow on key issues/concerns over the slower traffic holiday season. Key tasks either ready for testing, in testing or complete include:
- SEO Mapping of old/new link format/structure (over 70% of inbound traffic re-mapped by THU)
- Primary nav content items (work in progress with Governance and Policies)
- Projects either updated or migrated
- Chapters either updated or migrated
- Updated Donation workflow
- Updated Membership onboard/renewal
- Responsive design for desktop/tablet/mobile
Migration of Projects and Chapters continues at a slow pace. Right at 15% of Projects (126 of 148) have not updated their pages on the website and only 7.2% of Chapters (257 of 277) have completed the work. After a great deal of work and deliberation we have elected to programmatically migrate pages that have not been updated by leaders to also include a disclaimer page explaining why the page may not perform as expected. This means all Chapter pages, regardless of Leader participation, will have an end-point at launch. This is critical to maintain SEO integrity.
After a variety of conversations, there is only really one substantive outstanding issue raised by the community (more accurately ~ four people), and it concerns URL structure. We have brainstormed several solutions and are in contact with GitHub on how we might implement these changes. Our current estimate is to make this change - even with GitHub’s help - is likely 40-60hrs of rework/retooling. If GitHub cannot help us with migrating credentials, it could easily double the LOE of this work item. And worse still, all of this work would fall on Harold who already has high priority items like SEO link mapping that are far more critical for launch. We have not closed the door on this change; but we are hesitant to delay the project at this time.
Again the complete plan and milestone list is https://www2.owasp.org/www-staff/projects/201912-Website-Launch.html
Work continues in our planning for our first Projects Summit for February 27-29, 2020 in Cancun, Mexico. We have signed the contract for the venue and plan to open Project Applications just after the first of the year. Project details: https://www2.owasp.org/www-staff/projects/202002-Projects-Summit-Q1
Interest in joining Program Teams is light (only three applicants thus far). We are now promoting this opportunity on our Twitter accounts and will be doing some additional email campaigns to increase buzz about these opportunities. Both Global Conference contracts are signed and project plans are online at:
Reports are that BlackHat London OWASP presence was a success. Staff supported local members in hosting the booth. AppSec California sales are going well and are at $294,950. You can check the current status at https://www2.owasp.org/www-staff/projects/202001-event-appsec-california.html
Preparing for 2020
The Operating Plan has been available for Board review these past several weeks. Whatever feedback I’ve been receiving I have been iterating and plan to have a budget ready for Board approval at the December call. https://www2.owasp.org/www-staff/operating-plan/2020
- Due to the holidays, we have cancelled the December Connector
- Our new Membership/Donation form will collect GDPR consent, something that our current system does not. There is staff project (Email Cleanup & GDPR https://www2.owasp.org/www-staff/projects/201910-Email-Cleanup.html) that we intend to complete next month that will scrub our entire email lists to get us into compliance.
- Our donation form will allow visitors to be listed as a supporter of Chapters and Projects