January 2022 Agenda/Minutes

MEETING DETAILS/MINUTES

Agenda

CALL TO ORDER

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

APPROVAL OF MINUTES

Vote

  • Glenn ten Cate - Yes
  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Joubin Jabbari - abstain
  • Avi Douglen - Yes
  • Vandana Verma Sehgal- Yes

Passed: 6-0

PRE-READING MATERIAL

ELECTION OF 2022 OFFICERS

The first official business at the first general public meeting must be to elect Board officers. The outgoing officers are the pro tem officers until their incoming officers are elected. Board reports should be conducted after the election of new officers.

Outgoing Chair conducts the election of the incoming Chair

RONR 12th ed. 46:47 Sherif Mansour, as the outgoing 2021 Chair, will conduct the nomination, election, and confirmation of the incoming Chair. Once the new Chair is confirmed, the new Chair will immediately become the new OWASP Chair, and conduct the rest of the meeting.

Board Officer duties

The incoming Board should be aware of the duties of each of the officers when electing or confirming a Director as an officer of the Board.

  • Chair - Serve as the principal executive officer of the Foundation, including fiduciary responsibilities, leaders and direction, and organizational responsibilities (see link for all details)
  • Vice Chair - performs Chair responsibilities when the chair is not available
  • Secretary - “maintains records of the board and ensures effective management of organization’s records, manages minutes of board meetings, ensures minutes are distributed shortly after each meeting, is sufficiently familiar with legal documents (articles, by­laws, IRS letters, etc.) to note applicability during meetings […]”
  • Treasurer - “manages finances of the organization, administers fiscal matters of the organization, provides annual budget to the board for member’s approval, ensures development and board review of financial policies and procedures.”

  • OWASP Bylaws - Authority and duties of officers

Robert’s Rules of Order, Newly Revised Election Procedure

This is the first year that the Board officers will be confirmed or elected following the RONR rules of procedure using the RONR nominations from the floor process. There are other methods, such as mail ballots or mass voting, but these methods are not how we’ve traditionally elected officers. Nominations should be taken from the floor (RONR 12th ed. 46:6), speak if desired (46:27-29), if more than one nominee, an election held via ballot of those present (46:30). Finally, an affirmative simple majority motion is used to confirm the sole or majority nominee by the incoming Board (46:35).

Script / precis for RONR nomination from the floor process, followed by a confirmation vote

  • RONR 12th ed. 46:19 “For the 2022 position, a nomination has been received for person. Are there any other nominations?”
  • RONR 12th ed. 46:20 “Are there any other nominations for position? <pause> Without objection, nominations are now closed.”
  • RONR 12th ed. 46:27-29 Optional debate if desired by one or more nominees, otherwise move to confirm the nomination.
  • RONR 12th ed. 46:30 Election. If more than one nominee for a position, the Chair shall ask for votes to be cast for each of the nominees. The nominee with a majority of votes will be the new officer for that position. If there is no majority, decide on a method to break the tie, such as voting between the tied nominees until only one remains.
  • RONR 12th ed. 46:50 If there is no votes, no majority, or a tie, the incoming 2022 Board shall discuss a motion to determine the method of further balloting for this position. This could include following 46:31, which requires re-voting until a majority is obtained for a nominee, or allowing the outgoing Chair a vote to break a tie, or some other method.
  • RONR 12th ed. 46:35 Conduct an affirmative, simple majority vote for motions confirming each officer position (see below).

Election of 2022 Chair

Background RONR 12th ed. 46:47 Sherif Mansour, as the outgoing 2021 Chair, will conduct this nomination and vote to confirm the 2022 Chair.

Motion: “Resolved, nominee is elected Chair.” - Vandana Verma Sehgal nominee

Sponsor: Sherif Mansour, 2021 Chair Second: Grant Ongers

Vote

  • Martin Knobloch - Yes
  • Bil Corry - Yes
  • Joubin Jabbari - Yes
  • Glen ten Cate - Yes
  • Avi Douglen - Yes
  • Grant Ongers - Yes
  • Vandana Verma Sehgal - Yes

Passed: 7-0

Once the new Chair is elected, the new Chair will then become the new OWASP Chair, and conduct the remainder of the meeting.

Election of 2022 Vice Chair

Background The new Chair should follow the RONR script / precis process (see above) to nominate and confirm the 2022 Vice Chair.

Motion: “Resolved, nominee is elected Vice Chair.” - Grant Ongers nominee

Sponsor: Vandana Verma Shegal, 2022 Chair Second:

Vote

  • Martin Knobloch - Yes
  • Bil Corry - Yes
  • Joubin Jabbari - Yes
  • Glenn ten Cate - Yes
  • Avi Douglen - Yes
  • Vandana Verma Sehgal - Yes
  • Grant Ongers - Yes

Passed: 7-0

Election of 2022 Secretary

Background The new Chair should follow the RONR script / precis process (see above) to nominate and confirm the 2022 Secretary.

Motion: “Resolved, nominee is elected Secretary.” - nominee is Avi Douglen

Sponsor: Vandana Verma Sehgal Second: TBA

Vote

  • Glenn ten Cate - Yes
  • Martin Knobloch - Yes
  • Joubin Jabbari - Yes
  • Avi Douglen - Yes
  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Vandana Verma Sehgal - Yes

Passed: 7-0

Election of 2022 Treasurer

Background The new Chair should follow the RONR script / precis process (see above) to nominate and confirm the 2022 Treasurer.

Motion: “Resolved, nominee is elected Treasurer.” - nominee is Glenn ten Cate

Sponsor: Vandana Verma Sehgal Second: TBA

Vote

  • Joubin Jabbari - Yes
  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Avi Douglen - Yes
  • Glenn ten Cate - Yes
  • Vandana Verma Sehgal - Yes

Passed: 7-0

REPORTS

Staff reports

Concluded eVotes to be read into the minutes

N/A

NEW BUSINESS

Motion to approve the 2022 Budget

Background Each year, the Foundation sets a budget to match its operating plan and priorities. The 2022 budget is conservative in both income and expenses, as demonstrated in 2020-2021. The budget assumes recovery from the pandemic will continue to be slow and highly variable. Our main budget priorities are to reform customer experience and reduce operational costs by platform simplification, market and promote OWASP and projects more generally, improve our outreach to developers and executives, and establish sponsored scholarships to OWASP events for the Diversity, Inclusion, and Women in AppSec Committee.

The most significant financial risk is AppSec Global San Francisco. The event requires 500 attendees to be profitable. Although this is likely considering its location, sponsors have been wary of sponsoring or attending in person events with standard large event COVID controls and entrance requirements. The Board should consider mitigating strategies, such as the Linux Foundation’s successful strategy of requiring fully vaccinated participation to encourage both sponsors and registrants to feel safe to sponsor, register, and attend such a large event. It is likely that this event will only be attended by US residents due to the uncertain travel situation.

Motion: “Resolved, that the OWASP 2022 Operating Budget is approved.”

Sponsor: Grant Ongers Second: Vandana Verma Sehgal

Vote

  • Grant Ongers - Yes
  • Joubin Jabbari - Yes
  • Martin Knobloch - Yes
  • Bil Corry - Yes
  • Glenn ten Cate - Yes
  • Vandana Verma Sehgal - Yes
  • Avi Douglen - Yes

Passed: 7-0

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Marketing Plan Status Update

Jim Cudahy from Virtual Inc’s marketing team will go through the initial draft of the OWASP marketing plan. The Board is welcome to discuss the results and findings with Jim, as these results and recommendations will lead to OWASP’s first ever marketing plan. We don’t have a lot of money set aside for marketing to balance our budget this year, so using it in a focused, mission centric, and strategic way will make the most of every dollar, hopefully recouping more than our marketing spend.

ADJOURNMENT

Adjournment motion

The next general Board meeting is on February 22 2022, at 12 pm US Eastern Time.

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Vandana Verma Sehgal Second: Grant Ongers


Staff Reports

Executive Director

January 2021 saw us working on the draft budget, which has been finalized.

Three policies are currently progressing through the policy review process: chapter policy with regional chapters, privacy, and whistleblower. We would encourage greater participation in reviewing them, particularly the privacy policy, which will need to be reviewed by competent legal counsel once done. The remaining policies which need completing are anti-trust / competition policy, social media, and travel. You will see the beginnings of the anti-trust / compete statements in this month’s Board meeting. We need to do this as the Board and projects are often being worked on by volunteers from different firms. The social media policy will allow for community moderation and content creation by members, such as direct access to HootSuite or YouTube or other platforms, and lay down the requirements for leaders to pass on accounts to all co-leaders, which means we might be able to simplify other policies containing similar language. Travel is essential before the Board and Foundation travel, but also puts in place reasonable policy for all approved travel to ensure that hard earned Foundation funds cannot be abused by putting in guardrails / safeguards.

We are identifying all our business requirements for a new association management platform, taking requirements from all staff. Soon we will be validating some of these with the community to make sure that we have everything covered. Unlike in the past, ALL business requirements must be documented and validated first to ensure we know the requirements can be used to select the right platform, by categorizing into “can do without”, “nice to have”, or “mandatory” before selecting a platform. We don’t want to end up in the situation we had before with the Salesforce/Fonteva platform being too inflexible and a difficult CX for users, or our current system which struggles to do basic things like give us an accurate member list to run elections and has high opportunity costs, such as consuming considerable staff time to do basic things like update images in events.

There are many good AMS out there, some of which have chapter and local event functionality, which may mean a dramatic reduction in costs whilst also improving our customer experience. The key goals of the AMS are to dramatically improve customer experience, ensure most functions are ready to go day one and are achievable with no or very limited glue logic on our side. The AMS must be internationalization friendly, mobile first/accessible, and completely self-service. All workflows must complete without human intervention or requiring staff to get involved in any process whilst implementing as much of our bylaws and policies as possible. Mundane but critical administrivia tasks, such as member/chapter/meeting/event registration, member/chapter/event maintenance, donations, chapter/event attendance and ticketing, checking membership status at the door for meetings or events, hopefully chapter and project expenses, corporate membership, etc must be completely automated so members can do more without logging tickets and get immediate solutions to their needs. It must scale - I don’t want us to be changing the AMS again any time soon. We must be assured that the system will ingest as much information as we can give it and become our single source of truth for all things membership and chapter related (and hopefully some events, too), and cope with membership and chapter activity growth of at least an order of magnitude from today’s numbers, without increasing headcount or diminishing access to services in any way. Depending on how many disparate systems we can retire, a new AMS could reduce our overheads as well, and provide a more integrated CX. If all of this comes off and depending on the platform, staff will have a lot more time to do more for our programs, and be proactive instead of reactive.

Finance

In the Board Summary presentation, I will hand over to Tom Pappas to take you through the budget income, spending, and profit areas in the 2022 Budget.

After discussing the Budget breakdown, Tom will go through the end of financial year finance package and narrative.

Chapters and Membership

total members: 5556    this month:380
        one: 3574    two:1117
        lifetime: 775    student:0
        complimentary: 90    honorary:0

Events and Corporate Support

Please see the Events Section in the Board Summary Slides

Operations

We are in the process of setting up a Board of Directors page on our website Requested all Board Members to send me a short bio to post on Board of Directors page Received all signed Annual Conflict of Interest Questionnaire from Board Members We are waiting for an update on the new credit cards from Virtual

Projects and Technology

Technology:

  • Moved nightly maintenance away from Azure Functions to Runbooks; now way more reliable.
  • Email for members/leaders cleanup was also moved to Runbooks as part of the move and testing was completed successfully. Resuming within the next two weeks after communication to the community.
  • Moved to Meetup GraphQL for backend systems