February 2023 Agenda/Minutes

Meeting Details

Agenda

CALL TO ORDER

Board Members

  • Grant Ongers, Avi Douglen, Glenn ten Cate, Mark Curphey, Matt Tesauro, Bil Corry.

Guests Andrew van der Stock, Shelby Graham, Dawn Aitken, Harold Blankenship, Lisa Jones, Kelly Santalucia, Lauren Thomas

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

APPROVAL OF MINUTES

Previous Meeting Minutes - January 2023

Vote

  • Grant Ongers - Yes
  • Avi Douglen - Yes
  • Matt Tesauro - Yes
  • Bil Corry - Yes
  • Glenn ten Cate - Yes
  • Mark Curphey - Yes

Previous Meeting Minutes - February 14 2023

Vote

  • Grant Ongers - Yes
  • Avi Douglen - Yes
  • Matt Tesauro - Yes
  • Bil Corry - Yes
  • Glenn ten Cate - Yes
  • Mark Curphey - Yes

Previous Meeting Minutes - February 15 2023

Vote

  • Grant Ongers - Yes
  • Avi Douglen - Yes
  • Matt Tesauro - Yes
  • Bil Corry - Yes
  • Glenn ten Cate - Yes
  • Mark Curphey - Abstain

Previous Meeting Minutes - February 23 2023

Vote

  • Grant Ongers - Yes
  • Avi Douglen - Yes
  • Matt Tesauro - Yes
  • Bil Corry - Yes
  • Glenn ten Cate - Abstain
  • Mark Curphey - Yes

PRE-READING MATERIAL

REPORTS

Staff reports

NEW BUSINESS

NetGuru Website Redesign

Background Mark engaged NetGuru to do a POC and teaser for a much more functional website. That teaser is available here and you should check it out!

They now have presented us with an estimate to make this real for all of the OWASP site, including Chapters and Events. Grant has asked Andrew to share this plan and estimate with the board and ask them to consider funding this request.

OWASP Foundation Economy Plus Travel Policy Exception

Background Recently, the Board voted to require Economy travel for all flights. The Board wishes to discuss an exception to this policy for Foundation staff for flights over 7 hours total flight time.

Motion: “Resolved, that the Board approves an exception to the Travel Policy for Foundation staff for flights over 7 hours total flight time to permit Economy Plus travel or next step up from economy.”

Sponsor: Matt Tesauro Second: Avi Douglen

Vote

  • Grant Ongers - Yes
  • Avi Douglen - Yes
  • Matt Tesauro - Yes
  • Bil Corry - Yes
  • Glenn ten Cate - No
  • Mark Curphey - No

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

CREST OVS / OWASP Foundation collaboration update

Background CREST would like to present a check to OWASP Foundation for 15% of OVS revenue 2022 to OWASP, and to describe the trajectory of the project and 2023+ activities. Presented by Nick Benson.

New hire(s): Roles and Responsibilities

The Board wishes to discuss hiring strategy and to define at least one of the roles.

Discussion on Community Review Process

The Board wishes to discuss the community review process and how it can be improved.

Diversity and Inclusion (D&I) Committee Needs a Charter

The Board wishes to discuss the D&I Committee update charter, and discuss an appointment of a Board member liaison to the Committee (and other committees as well).

ADJOURNMENT

Adjournment motion

The next general Board meeting is on 28 March 2023, at 12 pm US Eastern Time.

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Chair (Grant Ongers) Second: Avi


Staff Reports

Executive Director

Please see slides

Finance

Attached please find the financial package for OWASP US which represents financial performance for the month ended January 31st, 2023.

The financials ONLY consider the US activities through January 2023 YTD.

Statement of Activities – Accrual Basis

The following is a summary of the YTD Statement of Activities:

  • Revenue: On an accrual basis (EARNED Revenue), total revenue through January 2023, is $56,229 vs 2023 DRAFT Budget of $71,709 or $15,408 under the DRAFT Budget as of 1.31.23. The reasons for this include:
    • Actual, recognized Corp Membership at $26,083 was $11,417 UNDER of the YTD 2023 DRAFT Budget of $37,500.
    • Actual recognized Individual Membership at $23,691 was $1,309 UNDER the YTD 2023 DRAFT Budget of $25,000.
    • Actual, recognized Project & Technology income at $5,368 was AHEAD of the YTD 2023 DRAFT Budget of $0 projected for January. Amounts received include:
      • $500 - 2023 OWASP MASVS Project Donation “Good Samaritan”
      • $4,767.93 - Mobile Security
      • $100 - Zed Attack Proxy
    • Actual recognized Donations of $1,085 were $7,998 UNDER the YTD budgeted amount of $9,083. Donations received included:
      • $26 - UKOGF Foundation Donation
      • $50 - Blackbaud Giving Fund Donation
      • $78 - BrightFunds Donation
      • $430.66 - Stripe Donations
      • $500 - Donation from Cybozu, Inc..Silver Sponsorship invoice to Japan local chapter
    • YTD Event income of $0 in line with budget as no events were held in January.
    • Merch and Trademark income is right in-line with budget.
  • Expenses: On an accrual basis (INCURRED), total expenses through January 2023 were $162,852 as compared to the YTD 2023 DRAFT Budget of $119,442. The results are OWASP is $43,410 OVER the DRAFT YTD 2023 budget for expenses. The reasons for this Variance to YTD include:
    • Project spend was $2,766 under budget.
    • Events are over budget by $39,863 due spend that came in late for Global AppSec San Francisco 2022 conference & BeNeLux Days prizes – bills include:
      • $3,740 for John Poulin – Defense In Depth Training OWASP Global AppSec 2022
      • $12,950 for APPSEC Lead Retrieval services for the first 37 exhibitor/sponsors
      • $201 for Expense Reimbursement - 3 prizes for CTF at OWASP BeNeLux Days - (182.35Euros)
      • $18,410 for Global AppSec San Fran 2022 - Hacking Modern Web & Desktop Apps - Trainer Split
      • $70 Photography Coverage - 2022 Global AppSec San Fran - Parking Per Kelly
      • $708.33 for Hopin monthly expense (this amount is incurred monthly as it is a prepaid expense for the service)
    • Chapters and Outreach were a combined $1,160 under budget
    • G&A was over budget by $2,290 due to payment of Schwabe legal fees, spend recorded to travel fees for keynote speaker, increased bank fees due to foreign transactions in PayPal and increased Stripe activity
    • All other depts were a combined over budget in spending by $5,183 – this is due to having no budget for fundraising and actuals of $5,947 for fundraising due to salary allocation.
  • Net Income/Loss: Net Profit (Loss) as of January 31st, 2023 is $(106,623). The DRAFT budgeted net profit (loss) was $(47,733). The actual net loss is larger than the DRAFT budget by $58,890. This is due to lower actuals for income in membership and donations as well as higher spending for bills that came in late for Global AppSec San Francisco and LASCON. Net income is down from 1.31.22 (last year) by $(82,093).
  • Months of Operational Reserve: The cash balance of $2,715,708 is $31,237 MORE than 12.31.22 and $1,489,369 more than the 1.31.22 balance, or a 82% increase in our cash balance YoY.

The cash reserve figure is a fantastic achievement and a testament to the OWASP Staff and the OWASP Community’s support of the Foundation. If we segregate the AP and assumed Project balance, we would have approximately $2,570,558 ($113,979 more than 12.31.22) or 13.7 months of reserve at the $187K of average monthly operating expenses and 10.4 months of reserve at the $248K of avg of all monthly expenses (this includes all the event expenses and is 3 month less than 12.31.22 as the projected expenses in the DRAFT budget are higher than 2022).

The Non-Profit industry average months of Operational reserve is 6 months.

We should be mindful of our expenses – the current draft budget is projecting a loss for 2023, and though we have cash reserves to invest in operations, projects, or whatever deemed fit, we should try to keep additional travel costs at a minimum where possible.

Please also note, we are missing coding for several items – this includes a $15,007 credit card payment that was made by Caitlin on 1.5.23. The receipts and coding need to be submitted in Jira ASAP. The other items are two payments received without any indication of what the payments are for - $3,750 Wire from OWASP Foundation with no backup and $6,197.89 of Stripe payments with no identification of what the payment is for.