October 2022 Agenda/Minutes

Meeting Details

Agenda

CALL TO ORDER

Board Members

  • Avi Douglen
  • Glenn ten Cate
  • Martin Knobloch
  • Joubin Jabbari
  • Bil Corry

Guests

  • Andrew van der Stock
  • Kelly Santalucia
  • Harold Blankenship
  • Dawn Aitken
  • Lisa Jones
  • Lauren Thomas
  • Shelby Graham
  • Vikrant Shah
  • Sam Stepanyan

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

APPROVAL OF MINUTES

Vote:

  • Vandana Verma: (absent)
  • Grant Ongers: (absent)
  • Avi Douglen: Yes
  • Glenn ten Cate: Yes
  • Martin Knobloch: Abstain
  • Joubin Jabbari: Yes
  • Bil Corry: Yes

Passes 4-0, 1 Abstain

PRE-READING MATERIAL

REPORTS

NEW BUSINESS

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Discussion on Board funding priorities

Glenn ten Cate will lead a discussion on funding priorities for the 2023 budget. The Board will discuss the following topics:

  • Outreach funding for conferences and events
  • Training & Education materials for flagship projects
  • Marketing program for the OWASP projects
  • OWASP Staff
  • Conference growth
  • Investing in Diversity efforts
  • Scholarships (conference and training)

Discussion on Linux Foundation - OpenSSF collaboration

Glenn ten Cate will lead a discussion on how to work as an organisation more closely together with LFX. The Board will discuss the following topics:

Areas where we can work together instead of working in silo’s

  • Outreach
  • Projects
  • training & Education

Discussion on Outreach Committee Ambassador program

Discussion on Outreach Ambassadors is Tabled

  • Glenn ten Cate motioned, Martin Knobloch seconded

Vote:

  • Vandana Verma: (absent)
  • Grant Ongers: (absent)
  • Avi Douglen: Yes
  • Glenn ten Cate: Yes
  • Martin Knobloch: Yes
  • Joubin Jabbari: Yes
  • Bil Corry: Yes

Passes 5-0, Discussion is tabled and postponed till next meeting

Spyros will lead a discussion on the Outreach Committee Ambassador program. From the discussion paper:

“It seems that there is limited understanding of OWASP around the wider developer community. Whilst people may have heard of the OWASP Top 10, it is not clear that they are familiar with other projects which could help them or that they can/should be more involved in OWASP events.

Aim

To increase awareness and understanding of OWASP among the wider developer community.

In particular:

  • Encourage new members to join by highlighting the benefits
  • Encourage new corporate supporters by highlighting the importance of the organization
  • Encourage greater involvement in the local chapter
  • Showcase the variety of projects and resources which OWASP provides

Proposal Summary

Creation of an OWASP ambassador role who would attend meetups and conferences and provide more in-depth information about getting into OWASP.”

Discussion on Committee Officer Elections

Background: According to the Committees Policy, OWASP Committees should be holding elections for their Officers on yearly basis:

Elections for Committee leadership shall be held simultaneously as Board elections in that year, using the same mechanisms and timelines. Committees may choose to vote in a subset of officers each year, or the entire committee once every two years.

Similarly several of the Committee Officers may not be eligible to continue in their role:

the same term duration and term limits shall apply as defined in the OWASP bylaws for Board members.

  1. We need to ensure all the committees (with the exception of the Compliance committee as noted in the policy) are holding elections and refreshing their officers.
  2. There is a special case that needs to be discussed - the merging of the WIA/DIA and the Outreach committees creates an edge case scenario.

ADJOURNMENT

Adjournment motion

The next general Board meeting will be in person at Global AppSec San Francisco, on November 16, at 7 pm US Pacific Time. The next regular Board meeting is on November 22, at 12 pm US Eastern Time.

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Avi D Second: Martin


Staff Reports

Executive Director

See OWASP Foundation Board Summary

Finance

Attached please find the financial package for OWASP US which represents financial performance for the nine months of 2022 ended September 30th, 2022.

Regarding the Dissolution process for VZW, we have received and approved the proposal for the incorporation of a Foundation in the Netherlands and hope to have that begin in the next month or so.

The financials ONLY consider the US activities through September 2022 YTD.

Statement of Activities – Accrual Basis

The following is a summary of the YTD Statement of Activities:

Revenue: On an accrual basis (EARNED Revenue), total revenue through September 2022, is $1,204,828 vs 2022 Budget of $1,214,000 or $9,172 under of Budget as of 9.31.22 (excluding the “grant” that has not arrived actual revenue is $90,828 ahead of Budget thru 9.30.22)

The reasons for this include:

  • Actual, recognized Corp Membership at $417,403 was $229,903 AHEAD of the YTD 2022 Budget of $187,500
  • Actual recognized Individual Membership at $216,021 (an increase of $23,337 from YTD as of 8.31.22) is now only $8,979 UNDER the YTD 2022 Budget of $225,000
  • Actual recognized Donations, YTD of $120,552 was $45,448, UNDER the YTD budgeted amount of $166,000 (however $100,000 of the shortfall is due to the budgeted/estimated Grant that has not occurred as of 9.30.22, so actual donations are $54,552 ahead of budget through 9.30.22, due to a “true up” of the MoD Security project donation, through 8.31.22. Also, GSOC was budgeted at $6K – last period we recorded $10K of income, however, Howard noted the invoice recorded was actually for Google’s ASVS project and has been reclassed accordingly.
  • YTD Event income of $449,442 was $153,058 UNDER the YTD budget of $602,500. The largest drivers of this difference are the fact that the budget includes $200,000 in expected revenue for ASIA Pacific virtual event sponsorships and $25,000 in expected revenue for ASIA Pacific registration revenue. Actual revenue was $46,250 for sponsorships and $11,000 for registrations.
  • Merch and Trademark income is UNDER Budget by $31,591, combined, YTD

Expenses: On an accrual basis (INCURRED), total expenses through September 2022, were $1,060,740 as compared to an approved YTD budget of $1,234,549. The results are OWASP is $173,809 UNDER the approved YTD 2022 budget for expenses (though excluding the budgeted expenses associated with the “grant” of $90,000, which has not occurred yet, in the 2022 Budget actual expenses are only $83,809 below budget thru 9.30.22, though the $4,000 the board approved for the Grant Writer was allocated here so actual expense are $87,809 under budget through 9.30.22).

The reasons for this Variance to YTD include:

  • Projects were $126,505 under budget excluding the $90,000 (actual is $86,000 due to $4,000 for grant writer in 9.30.22) for the estimated “grant” expenses that have not occurred, actual underspending in Projects is only $40,505 due to underspending on Projects and marketing.
  • Events are Under Budget by $16,300 due to budgeted spend for ASIA Pacific that OWASP did not incur
  • Chapters and Outreach were a combined $43,197 Under budget due primarily under spending in Chapter spending, Marketing and timing of YM platform fees
  • G&A was over budget by $20,798 due to payment of pending Legal fees offset by underspending on EU expenses compared to Budget as of 9.30.22
  • All other depts were a combined under budget in spending by $3,302

Net Income/Loss: Net Profit (Loss) as of September 30th, 2022, is $144,088. The approved budgeted net profit (loss) was Negative -$20,549. The actual net profit is AHEAD of budget by $164,637 due to underspending in certain areas and exceeding the Revenue budget YTD 2022 aside from budgeted Global AppSec Asia Pacific conference income. Net income is down from 8.31.22 by $11,654.

Months of Operational Reserve: With a cash balance of $ 2,133,871 it is $192,138 MORE than 8.31.22 and $946,587 more than the 9.30.21 balance or a 79.73% (9% more than 8.31.22) increase in our cash balance in a continually challenging Pandemic year is a fantastic achievement and a testament to the OWASP Staff and the OWASP Community’s support of the Foundation. If we segregate the AP and assumed Project balance we would have approximately $1,975,758 ($113,973 more than 8.31.22) or 16.3 months of reserve at the $121,000 of avg monthly Operating expenses (1 more month than 8.31.22) and 11.2 months of reserve at the $180K of avg of all monthly expenses (this includes all the event expenses and is an additional month compared to 8.31.22). Again, a very good metric as the Non-Profit industry avg months of Operational reserve is 6 months.

As we approach the back half of 2022, we need to be mindful that the AppSec US event is a significant amount of our budgeted FY 22 Net income so we should focus on maximizing revenue while keeping expenses in line with the budget. We should also be mindful of our operating expenses and not exceed the budget for FY22 for the remaining months of 2022, unless they bring us a significant return on the investment.

I will see you all on Wed Oct. 26th for the Board call.