January 2020 Videoconference

Meeting Details



December 17, 2019 Meeting Minutes


Organizational KPIs

  • Members: 2,748 (down 15 from Last month)
  • Momentum: 572K visitors to websites in Dec (533 increase to 2018)
  • Operations
    • 99.2% of Service Desk tickets closed within SLA (better from 96.4% last month)
    • 82.6% of Non-Funding tickets were closed within SLA (worse from 100% last month)
  • Money: TBD


Executive Director Report

Please find below


(1) Approval of the 2020 Operating Plan

(2) Approval the OWASP 2020 Budget

(3) Update the Mission Statement:

  • From: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
  • To: OWASP is a nonprofit foundation improving the security of software. Through community-led open source software projects, local chapters worldwide, members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure our lives.

(1) Officer Elections

(2) Motion to modify treatment of Restricted Gifts. Restricted gifts are subject to a 15% administration and processing discount. Unspent Restricted gift balances become unrestricted at the end of each calendar year.

(3) Motion to authorize the Executive Director, exercising all necessary due diligence and care, as individually authorized to obligate the funds of the OWASP Foundation (OWASP), to execute agreements reflecting those obligations, and to further delegate this authority as deemed appropriate, for the purpose of organizing and hosting a Global AppSec in Berlin on or before June 10, 2021 with a total expense budget not to exceed 565,000 EUROS.

(4) Motion approve the Signatory Policy Version 2.


(1) Staff has been working on a variety of policy documents for the Foundation. When possible the Board is encouraged to review and provide feedback for the following: Donation, Expense Reimbursement, and Membership.


Executive Director Report


The website was launched on WED, January 15th. Our original plan was to launch over the Christmas holiday but ultimately we elected to give the community another two weeks of time to migrated their content.

As of this report, only 66 of 285 chapters to have migrated their content (23%), and 38 of 145 (26%) of Projects have migrated. It was decided that at launch if a chapter or project has yet to migrate we would take a snapshot of those pages and place it on the affected chapter/project with a warning and link to /migrated_content. Harold also wrote code to stand up an accurate leaders.md file for each project/chapter so going forward the leadership of record for OWASP will be contained on the respective web page.

Traffic since launch has stayed constant. We took an 80/20 approach to SEO/Redirects and thus far the trendline is tracking against that goal. There is still traffic going to the old wiki but they are long-tail links. We have disabled editing the wiki as the new website is the path forward.

Migration of the new website coincided with our retirement of Fontiva for Membership management and renewal. Membership information is stored in both Stripe and Mailchimp. Mailchimp is now being used for membership contact (onboarding/renewal). Individuals can check their membership status without a password through the /manage-membership page. Donations are now being processed on Stripe as well. We are in the process of retiring other paths for these user actions.

Our next web project will be an Events tool. We are several weeks behind schedule on that project but are working to pull in that timeline.

Projects Summit

Work continues in our planning for our first Projects Summit for February 27-29, 2020 in Cancun, Mexico. As of this writing we have seven projects that have applied. Total number of project-reported attendees is less around 20. Application process closes on Sunday. Project leaders have received no less than five notices regarding this opportunity. Project details: https://owasp.org/www-staff/projects/202002-Projects-Summit-Q1


Program Team for Dublin has been selected and meetings have begun for this June event. San Francisco Program Team nominations is closing this week. Both microsites are online but are not taking registrations. Both Global Conference contracts are signed and project plans are online at:

  • https://owasp.org/www-staff/projects/202006-GlobalAppSec-Dublin
  • https://owasp.org/www-staff/projects/202010-Global-AppSec-SF

Staff is prepared to execute an agreement for Berlin 2021 and there is a Board resolution on tomorrow’s agenda.

AppSec California sales are winding down with $320,000USD in sponsorship sales. 72% of standard event sponsorships for AppSec California were consumed by Corporate Sponsors. This means there is ALREADY $230,000 revenue booked just from these sponsors for our Global AppSec events.You can check the current status at https://owasp.org/www-staff/projects/202001-event-appsec-california

Preparing for 2020

The Operating Plan has been available for Board review these past several months and a budet for over a month. These items are again on our agenda for January call. https://owasp.org/www-board/meetings/202001.html

Honorary Memberships

Staff is no longer processing Honorary Membership requests. Upon review of our policies and ByLaws the Board needs to define a new process for this pathway to membership. Updates coming shortly.

Policy Work

While we had the goal to completely update the Foundation’s policies prior to the website launch, we are making good progress. I am recommending the Board adopt our new Donations, (https://owasp.org/www-policy/operational/donations.html), Expense (https://owasp.org/www-policy/operational/expense-reimbursement.html), Membership (https://owasp.org/www-policy/operational/membership.html, and Signatory (https://owasp.org/www-policy/operational/signatory2) policies. Very shortly and prior to the board meeting I will be sending a narrative on substantive changes worth noting.


  • Non-funding ticket SLA breach have been on the rise due to primarily a lack of staffing while closing the website migration.