September 2023 Agenda/Minutes

Meeting Details

• Date: 26 September 2023
• Time: 12PM US Eastern, UTC 1600 convert
• Location: Remote
• Zoom Recording

Agenda

CALL TO ORDER

Board Members

• Vandana Verma Sehgal
• Grant Ongers
• Avi Douglen
• Matt Tesauro
• Ricardo Griffith
• Bil Corry.

Guests

• Dawn Aitken
• Harold Blankenship
• Kelly Santalucia
• Lauren Thomas

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Vote to make the agenda provided the agenda for the meeting: Motioned: Grant Seconded: Matt Ricardo - Yes Avi - Yes Bil - Yes Vandana - Yes Matt - Yes Grant - Yes

APPROVAL OF MINUTES

• Previous Meeting Minutes - August 2023

PRE-READING MATERIAL

• Executive Director Board Summary
• Finance Board Narrative - Delayed until October
• Finance Board Package - Delayed until October

REPORTS

Staff reports

• Executive Director
• Finance
• Operations - see Board Summary
• Chapters and Membership - see Board Summary
• Projects and Technology - see Board Summary
• Events and Corporate Support - see Board Summary

e-Votes and Special Meeting Motions to read into minutes

Motion to move funds from Citizens Bank to Chase

Motion: Motion: “Resolved that the Executive Director is authorised to transfer the residual OWASP funds of Citizens Bank to OWASP accounts in Chase, approximately $USD 1.8m, and close the accounts, as required and at his discretion.”

Sponsor: Grant Second: Ricardo

• Avi - yes
• Bil - yes
• Ricardo - yes
• Matt - yes
• Grant - yes

Motion to revoke the deprecated Project Spending and Project Sponsorship policies

Background: This policy was marked as deprecated without a record of the board vote. This motion clarifies the deprecation.

Motion: “Resolved that the board revokes the Project Spending Policy and Project Sponsorship Policy effective immediately.”

Sponsor: Grant Second: Avi

• Bil - yes
• Avi - yes
• Matt - yes
• Ricardo - yes
• Grant - yes

Motion: Remove OWASPx from OWASP event types

Background: The OWASPx event type has proven to be problematic for the Foundation in terms of oversight, legality, and staff involvement.

Motion: “Resolved that OWASPx is removed as an OWASP event type and will be removed from the web site, event policy, and any other relevant areas.”

Sponsor: Grant Second: Avi

• Vandana - yes
• Ricardo - yes
• Matt - yes
• Bil - yes
• Avi - yes
• Grant - yes

Motion: Dissolve the Compliance Committee and appoint Compliance Officers

Background: The Compliance Committee is not technically a committee per the OWASP Committee policy and needs to be formalized as a group of Compliance Officers.

Motion: “Resolved that the Compliance Committee is dissolved as an OWASP Committee per the Committee Policy as of the 1st of January 2024 and instead the Board should appoint Compliance Officers to fulfil the duties laid out in the Whistleblower Policy. Compliance Officers are officers of OWASP for the purposes of D&O insurance.”

Sponsor: Bil Second: Avi

• Matt - yes
• Ricardo - yes
• Vandana - yes
• Bil - yes
• Avi - yes
• Grant - abstain

NEW BUSINESS

Motion: Adopt the policy for Force Majeure and Sanctions

Note: Tabled the policy agenda items until legal review is confirmed.

Background: The draft policy for Force Majeure and Sanctions was previously published and went through the Policy Review process and is ready to be formalized

Motion: “Resolved that the OWASP Foundation adopts the policy for Force Majeure and Sanctions”

Sponsor: Grant
Second: Avi

Motion: Adopt the Privacy Policy

Background: The draft Privacy policy was previously published and went through the Policy Review process and is ready to be formalized

Motion: “Resolved that the OWASP Foundation adopts the policy for Privacy”

Sponsor: Grant Second: Avi

Motion: Adopt the Whistleblower & Anti-retaliation Policy

Background: The draft Whistleblower & Anti-retaliation policy was previously published and went through the Policy Review process and is ready to be formalized

Motion: “Resolved that the OWASP Foundation adopts the Whistleblower & Anti-relation policy”

Sponsor: Grant Second: Avi

Discussion about the AMS replacement

Background: The current implementation of the backend processes for association management, including membership, is fractured and requires custom processes to maintain which can consume staff time and resources. In order to rectify this, what can the board do to prioritize a new AMS? What resources or budget is needed?

The board requests that the ED make the AMS replacement a priority.

Discussion on the OWASP Board Special Meeting in the Netherlands, 2023-09-11 through 2023-09-13

Background Overview of the special meeting and its outcomes and direction

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

Adjournment motion

The next general Board meeting is on 24 October 2023, at 12 pm US Eastern Time.

• October 2023

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Chair (Grant) Second: Richardo