March 2021 Videoconference

Meeting Details

• Date: 23 March 2021
• Time: 12PM US Eastern, UTC 1700 convert
• Location: Remote
• Call-in: Zoom Meeting

Agenda

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES

• Previous Meeting Minutes
• Special Meeting Minutes

REPORTS

Staff reports:

• Executive Director
• Finance
• Chapters and Membership
• Events
• Operations
• Projects and Technology

Operating Plan Status

Organizational KPIs

e-Votes to read into minutes

Motion to approve the 2021 Budget

Background: Each year, the Foundation sets a budget to match its operating plan and priorities. This year is slightly different, with a survival mode budget. This budget has the lowest expectation of income and expenses for many years, with the expectation that as the vaccination rollout proceeds, life can start to get back to normal. We might be able to exceed this budget. If that doesn’t happen, this budget has a very slim profit. With careful stewardship of our funds throughout the year, there’s every likelihood that we will not make a loss. The significant risk is events: the previous events director did not prepare a formal budget. Many of the events had to change. Therefore, we envisage some ad hoc requests for event budgets to allow events to go ahead where the Foundation thinks they will be profitable. The only planned events are LASCON and AppSec Australia, both regional AppSec Days events. Lastly, this budget assumes that there will be finance reform, making allowances for limited awards & scholarships, grants, and expenses.

Update: The draft Budget was tabled in the February board meeting after concerns and discussions, and Tom Pappas and the Foundation made corrections in the intervening period with meetings between Kelly Santalucia, Tom Pappas, Grant Ongers, and Andrew van der Stock. This revised budget is conservative in nearly all estimates, with many opportunities to exceed and risks where income may fall flat. It will be vital that expenses are carefully managed throughout the year. All Board members voted. The majority selected this time slot by preference, with only one Board member voting “if need be”. The Vote will need to be a majority vote (4/7 votes) to pass.

• Draft 2021 Budget

Motion: “Resolved, the 2021 OWASP Foundation budget is formally approved. Grant Ongers motions, Vandana Verma seconds”

Vote:

• Martin Knobloch - Yes
• Grant Ongers - Yes
• Joubin Jabbari - Yes
• Owen Pendlebury - Yes
• Vandana Verma - Yes
• Sherif Mansour - Yes
• Bil Cory - Absent

Passed: 6-0

NEW BUSINESS

Consent Package

Background The following pull request contains routine/standard/non-controversial changes are motioned for a vote without discussion. The changes address gender-neutral phrasing, minor typos/grammar corrections, and related minor issues identified by our lawyers during the bylaw review.

• March Consent Pull Request

• Sponsor: Sherif Mansour
• Second: Vandana Verma

Motion “Resolved, the Board consent votes to minor changes to the bylaws to address grammar, routine, and non-controversial changes to the OWASP Foundation bylaws.”

Motion to conduct an independent board evluation for the OWASP Foundation

Background: The OWASP Foundation has not had a recent independent board evaluation for some time. Periodic Board evaluations are standard practice for boards. Through Board Source, the current Board training provider, we have a single annual complimentary board evaluation service at no additional cost.

Motion: “Resolved, that the board directs the OWASP Foundation to schedule and conduct a board evaluation for the OWASP Foundation with our existing Board training provider (Board Source).”

• Sponsor: Sherif Mansour
• Second: Grant Ongers

Motion for Developer Outreach Program

Background: OWASP has a huge list of projects but developers have very little knowledge about them. With the developer engagement program, we will do the following things to bring them closer to OWASP.

Motion to pass Grants Policy

Background Grants help fulfill our mission to improve the security of software globally. Any OWASP Member, Chapter, Project, Committee, or Event may create grants for mission-related activities or deliverables, including sabbaticals. This policy creates financially responsible funding mechanisms and a consistent and transparent process to approve, fund, and deliver grant outcomes.

Motion “Resolved, the OWASP Board passes the new Grants policy. The Board directs the OWASP Foundation to consult with the community and create procedures for its safe and effective operation no later than April 30th, 2021.”

• Grants Policy Draft (WIP)

• Grants Policy Draft (WIP) Feedback

• Sponsor: Grant Ongers
• Second: Sherif Mansour

Motion to pass Awards & Scholarship Policy

Background This policy encourages our community to establish awards or prizes for OWASP competitions and scholarships and travel assistance for OWASP events. Awards recognize high-impact members, chapters, initiatives, projects, or as prizes for OWASP competitions. Scholarships fulfill our mission to underserved and disadvantaged communities and individuals, improving equity and access for those who need assistance. This policy creates financially responsible funding mechanisms, published eligibility and selection criteria, and a consistent and transparent process to award prizes or recipients.

Motion “Resolved, the OWASP Board passes the new Awards and Scholarships policy. The Board directs the OWASP Foundation to consult with the community and create procedures for its safe and effective operation no later than April 30th, 2021.”

• Awards and Scholarship Draft (WIP)

• Awards and Scholarship Draft (WIP) Feedback

• Sponsor: Vandana Verma
• Second: Grant Ongers

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Education Committee feedback to Board

The Education and Training Committee have asked for ten minutes to allow the two projects currently under their remit How to get into AppSec and Application Security Curriculum to show the Board what they have done, what they have planned, how they work with the committee and what they would like from the Board to continue their mission.

Update on bylaws

A quick update on bylaw update progress by Sherif Mansour.

Developer Outreach Program - Vandana Verma

A program for developer community and developer engagement program. We work with developers to engage them to the security programs that OWASP currently has. This will be in the form of a Project.

Project members will everage the current projects catering to the developers

• Help developers based on different languages
• Engage with the Outreach community to spread the word to the developers
• Have a Developer Security summit in June.

The staff will be helping with below items

• Setting up a section for developers
• We will be sharing the projects around the engagement program
• Sharing socials about the program
• Inviting developers to share the specific language related content

Membership Operations - Vandana Verma

• Lifetime membership for lower income countries
• Removal of auto-renew edge case (no reminders)
• How to deal with this issue specific instance
• How do we deal with this going forward in bylaws

ADJOURNMENT

Adjournment motion

The next general Board meeting is on April 27, at 12 pm US Eastern Daylight Saving Time.

• April General Board Meeting

Sponsor: Sherif Mansour Second: TBA