March 2020 Videoconference
CALL TO ORDER
CHANGES TO THE AGENDA
APPROVAL OF MINUTES
- Membership 2,710 (62 decrease from Last Month)
- Momentum: 597K vistiors to website (619K compared to 2019; decrease of 3.6%)
- 100% of Service Desk tickets closed within SLA (better from 90.1% last month)
- 94.2% of Non-Funding tickets were closed within SLA (worse from 95.8% last month)
- Money: $1.260M Cash on hand. YTD Net income is $88.6K (compared to budget -$90.1K which is better by $178.7K).
Revenue: On an accrual basis, total revenue, YTD was $627.5K as compared to the budget of $619K. The results are BETTER by $8.5K, with Conference income being $100.1K ahead of the 2020 budget, offsetting the other revenue lines that were under budget
Expenses: Total spending YTD 2020 is LESS than budget by $170.2K due to under spending in most of the depts. ( Conference expenses are under budget by $33.6K, though I am not sure that all the Apsec Cali 2020 bills as well as the Feb Summit bill, are in at this point.
Net Income/Loss: YTD 2020 Net income, on a combined Accrual basis is $88.6K which is BETTER than the YTD 2020 budget of negative -$90.1K by $178.7K.
Chapter Funds: US bal is $817.2K which is down $3.2K from the Jan 20 bal of $820.4K. EU Ch bal is $59.3K. Also US Proj bal is $178.9K. (which is UP $5K from Jan 20). EU Proj bal is $-5K ( this will be offset into the US Proj balances for the final YE close as will the EU Ch balances)
With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll, Apsec EU deferred revenue of $109.6K etc) of $187.7K added to the $1,050.4K of Ch/Proj balances is $1,238.1K , as compared to the $1,260.8K of cash, leaves us Positive Oper. Cash of $22.7K, for the time being(which is $33.7K better than Jan 20). Also Open AR is $280K which is down $30K from the Jan 20 balance of $310K. So if they were all to be collected we would have about $302.7K of Oper cash exclusive of what is owed to Chapters, and on avg our monthly expenses are about $135K which is just over 2 months of Oper cash reserve exclusive of the $1,260.8K we have in cash in the bank on 2.29.20.
Executive Director Report
(see detailed report below)
(1) Motion approve the Signatory Policy Version 2.
(2) OWASP Foundation ED & Staff to present Global AppSec Events key milestones and event health indicators. This is based on lessons learned from 2019 - Foundation also need to provide info on what where the major operational savings and overall challenges for the previous events. Focus on COVID-19 Related activity
(3) Update the Mission Statement(DRAFT): https://docs.google.com/document/d/1ZZiE-lHKvk8_IWzG04Kjcbp0cr5J23B2CjOVokRilPo/edit Push to April
Sherif Mansour: Discussion & Feedback on OWASP Community Review Proccess
Sherif Mansour: review and provide feedback for the following:
- Release Public Statement regarding Corona Virus statement for all the OWASP meets
- Alternate for hosting the meetings
- Status update on membership proposal (Project, Chapter and new leaders)
- Smooth operation of website which includes
- Validation of ported pages
- Testing before pushing to production
- Better guidance to community for the website update (e.g In the migration guide, can we add the steps on how to test the website locally, how to remove the website update flags once the website is updated and how to report issues with the website)
- Listing of Chapters who have not updated the websites (as of today the site is not listing the chapters which have not updated the website)
- Feedback from the community on the Board meeting discussions.
- In order to finalize and formlize policy, we need to develop process to fairly evaluate comments added in Github regarding the proposals for:
- Tiered chapters
- Approved chapter expenditures
- Need to update: https://owasp.org/committees/ to add the Outreach Committee
- Need project plan to market OWASP:
- to get more visibility for projects and
- to solicite more donations
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
PRELIMINARY Member Survey Reports
Executive Director Report
As usual, work continues on various website projects. Our Events Tool launched for Dublin as scheduled and we were taking live registrations until then event’s postponement. There are several small features yet to complete with this project and we will look to offer it to regional events in the back half of the year.
The last week of February the main site’s proxy server had some issues that prevented the site from serving pages. Technically it would eventually serve the pages, but we mark 30sec page load as an outage. Harold, and Matt Tesaro (member and project leader) triaged the site and there is an active staff project to remediate this issue with a new scalable proxy server configuration. More details can be found https://owasp.org/www-staff/projects/202003-DNS-VM-migration.html
Additionally we have added public monitoring of our web site status and performance at http://stats.pingdom.com/q0cazn7mmdfs. As of this morning, the past seven days avg response time is <460ms for our main site which is very respectable.
We have a new Global Events template design which has been launched with Global AppSec San Francisco https://sf.globalappec.org. It is a design which more closely aligns with our corporate site which gives us greater brand continuity and it’s data structure more closely aligns with our other repos. Of note, Harold designed this template to make it trivial for us to stand up future event sites without the need of using Wordpress or Eventbrite in the future.
Harold has also been working on a variety of automations that are possible with our normalized data structure. As you have already seen by going to owasp.org/chapters and owasp.org/projects you can see which have yet to migrate. Harold just added https://owasp.org/chapters/status/ that allows you to see which chapters have recently migrated. Also you can visit https://owasp.org/chapters/leaders/ and https://owasp.org/projects/leaders/ to find current leadership of our chapters and projects respectively.
Logistically the Projects Summit was a complete success. Unfortunately only seven project members attended the event. Given the low attendance, the COVID-19 crisis, and the backloading of events into Fall/Winter, staff is considering CANCELLING the planned Summer Summit until further notice. We had already slowed down the venue selection process due to low interest, and are under no financial obligations at this time.
The Dublin event has been postponed until February 15-19, 2021. The website has been updated, sponsors for 2020 notified, and refunds issued for registants. Sponsorship revenue for Dublin is €119,899 of which €54,924 has already been paid. https://owasp.org/www-staff/projects/202102-GlobalAppSec-Dublin.html
San Francisco Program Team has opened the CfT and CfP. Kelly has already been actively selling the event and has $398,245 contracted revenue against a budget of $725,000. We are tracking to plan on key milestones which can be found, along with contracted sponsors at https://owasp.org/www-staff/projects/202010-Global-AppSec-SF
Lisa submitted our DEFCON application. Last year’s volunteer coordinator has been unresponsive. Plans for BlackHat US are underway for August 1-6 and BlackHat Asia has been rescheduled to September 29 - October 2, 2020. OWASP will be participating in both events.
COVID-19 Chapter Meeting Alternatives
Staff has been researching tools to accommodate hosting virtual chapter meetings during the coronavirus pandemic. We are nearing a close to this research but the factors include (1) cost - primarily focused on free solutions if possible, (2) flexibility - the crisis will pass so we don’t want to lock into a long-term arrangement or setup, (3) Credentials - we want to avoid having ALL chapter leaders share a limited number of paid accounts (like Zoom webinar) due to date/time collisions, and (4) Scalability to as many as 200 attendees per meeting. Harold has recommended we use Google Meet until July 1 https://owasp.org/remote-meetings/
The member survey closed February 22nd. Preliminary reports are attached to this month’s board meeting agenda. Over the next few weeks I will prepare a narrative and compare the findings to 2019. PLEASE NOTE, there are two different survey participant groups: members and non-members. The first is labeled Member Survey with the sample being members of record 13-February-2020, and the second is labeled Community Survey which is comprised of our entire email list (~50K) that excluded the Member list.
Earlier this month we terminated our contract with Fonteva. Since 2013, the OWASP Foundation has used this software embedded into SalesForce to handle membership. With our new system we were able to move away from this software product. At the same time, we are migrating to a more modern, and less complicated CRM for staff. CopperCRM tightly integrates with G-Suite and is simple to customize for our needs. Harold and I are working to complete this project by the end of March 2021. We do not anticipate any major issues with this migration.
- As always, most major staff projects are all listed with milestones at https://owasp.org/www-staff/