February 2020 Videoconference

Meeting Details

  • Date: 2020-02-18
  • Time: 12PM US Eastern, UTC 1700 convert
  • Location: Remote
  • Call-in: Zoom Meeting

Agenda

CALL TO ORDER
CHANGES TO THE AGENDA
APPROVAL OF MINUTES

January 2020 Meeting Minutes

REPORTS

Organizational KPIs

  • Membership 2,772 (24 increase from Last Month)
  • Momentum: 679K visitors to website last month (649K compared to 2019; increase of 4.6%)
  • Operations:
    • 90.1% of Service Desk tickets closed within SLA (worse from 99.2% last month)
    • 95.8% of Non-Funding tickets were closed within SLA (better from 82.6% last month)
  • Money: TBD

Financial

Revenue: On an accrual basis, total revenue YTD through Dec 2019 was $3,377.8K as compared to the plan of $4,780K. The results are WORSE by $1,402.2K, with Conference income being $1,145K below the 2019 budget

Expenses: Total spending YTD is LESS than budget by $1,301.9K due to under spending in most of the depts. ( Conference expenses are under budget by $794K, and is further offset by the under spending in most depts YTD, except for Professional services)

Net Income/Loss: YTD Net income, on a combined Accrual basis is $-50.3K which is worse than budget by $-100.3K.

Chapter Funds: US bal is $824.K ( which is UP $15K from the Nov bal of $809K which now includes the almost $94K posted to Ca chapters for 2019 Apsec Cali but before APSEC EU and US 2018 and 2019 as well as some 2018 Regional splits). EU Ch bal is $60.3K. Also US Proj bal is $167K. (which is UP $5K from Oct 19). EU Proj bal is $-5.6K ( this will be offset into the US Proj balances for the final YE close as will the EU Ch balances)

With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll etc) of $120K added to the $1,048K of Ch/Proj balances is $1,168K , as compared to the $1,138 K of cash, leaves us Negative Oper. Cash of $30K, for the time being. . Also Open AR is $456K, ( it is now down to $310K so some has been collected and the remaining I am told is all good AR). So if there all to be collected we would have about $426K of Oper cash exclusive of what is owed to Chapters, and on avg our monthly expenses are about $135K which is just over 3 months of Oper cash reserve exclusive of the $1,138K we have in cash in the bank on 12.31.19.

Executive Director Report

Please see notes below.

OLD BUSINESS

(1) 2020 OWASP Board Officer Elections

(2) Approval of the 2020 Operating Plan

(3) Update the Mission Statement:

  • From: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
  • To: OWASP is a nonprofit foundation improving the security of software. Through community-led open source software projects, local chapters worldwide, members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure our lives.

(4) Motion approve the Signatory Policy Version 2.

NEW BUSINESS

Sherif Mansour: Discussion & Feedback on OWASP Community Review Proccess https://docs.google.com/document/d/14gzKJTXBChI59FPq1_K0-OUJiS3V2G2c_hNN4x382dA/edit

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
ADJOURNMENT

Executive Director Report

Website

While the website was successfully launched last month, there is still ongoing work to migrate and resolve outstanding bugs and SEO enhancements. After the first full week following our launch, we were capturing 78% of all traffic into the new site. As of last week that number has climbed to 89.3%. The team meets weekly with our SEO firm to continue to work the long tail of search traffic. Donation and Membership systems are operational with ongoing minor enhancements. Staff can now query membership database through Slack.

Unfortunately content migration by chapters and projects is still incomplete. As of this report, only 72 of 291 chapters have migrated their content (25%), and 47 of 145 (32%) of Projects have migrated.

The new Events is in final development and should be available for testing as early as the week of February 17th with a planned launch for February 28th. The system is being designed to completely replace our need to use Regonline AND Eventbrite. Harold has been working on an “event template” that can be used instead of the current system of Eventbrite and local Wordpress systems. This new system once fully implemented will save the foundation close to $25,000 per year.

Projects Summit

Final plans are in place for the first Projects Summit on February 27-29, 2020 in Cancun, Mexico. The selected projects included: Juice Shop, OWASP DefectDojo, OWASP Application Security Open Curriculum Project along with ASVS Standard and Cheatsheets Series which neither now plan to attend. Total registrations at this point are 23 including staff offsite. The program and contract were conceived for 50 attendees. We have been actively working to reduce our room commitment but have only thus far secured minor changes. Following the event we will do a postmortem on why there was so little interest. We directly contacted project leaders no fewer than five times - and also did direct outreach.

Project details: https://owasp.org/www-staff/projects/202002-Projects-Summit-Q1

Conferences

San Francisco Program Team has been selected and Dublin Team is well underway. Dublin CfP/CfT round one closes at the end of February. San Francisco has 25 sponsors under contract for $379,245 and Dublin has 12 sponsors signed for $90,549. Project plans are online at:

  • https://owasp.org/www-staff/projects/202006-GlobalAppSec-Dublin
  • https://owasp.org/www-staff/projects/202010-Global-AppSec-SF

We just learned that BlackHat Asia has been postponed due to coronavirus. There are no lost costs due to this cancellation by the event organizer.

Preparing for 2020

The Operating Plan has been available for Board review these past several months. I have removed the objectionable language from the Chapters Initiative and placed this on our agenda for February call. https://owasp.org/www-board/meetings/202001.html

Miscellaneous

  • Staff Semi-Annual Offsite will be in February 27-28.
  • Annual Member Survey was sent to member and the broader mailing lists. Last year it was only sent to the broader list so this year we will have more accurate member information
  • As always, most major staff projects are all listed with milestones at https://owasp.org/www-staff/