January 2025 Agenda/Minutes

Meeting Details

• Date: 28 January 2025
• Time: 12PM US EST, UTC 1700 convert
• Location: Remote
• Call-in: Video Recording

Agenda

Acting Chair Avi Douglen called the meeting to order and welcomed all attendees, including new Board members starting their first Board meeting: Harold Blankenship, Ashwini Siddhi and Diego Silva Martins. Special recognition was given to previous Board members: Matt Tesauro, Bil Corry whose Board terms ended, as well as to Kevin Johnson, who resigned from the Board at the beginning of 2025.

CALL TO ORDER

Board Members Present:

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Sam Stepanyan
• Ashwini Siddhi
• Avi Douglen
• Diego Silva Martins

Guests

• Andrew van der Stock
• Chris Barbeau
• Christian Capellan
• Dawn Aitken
• Kelly Santalucia
• Lauren Thomas
• Shruti Kulkarni
• Starr Brown
• Heather Kennedy
• Hayden Corry
• Matt Coles
• Izar Tarandach

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

APPROVAL OF MINUTES

• Previous Meeting Minutes - December 2024

Board Members

• Ricardo Griffith: YES
• Sam Stepanyan: YES
• Harold Blankenship: YES
• Ashwini Siddhi: YES
• Diego Silva Martins: YES
• Steve Springett: YES
• Avi Douglen: YES

Results

Passes 7-0

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• Finance December 2024 Management Report
• Finance December 2024 AR Aging Summary
• Finance December 2024 Uncategorized Income
• Finance December 2024 Uncategorized Expense

e-Votes and Special Meeting Motions to read into minutes

Motion to appoint Diego Martins to the Board of Directors

Background In light of Kevin Johnson’s resignation from the OWASP Board of Directors, a motion is proposed to appoint Diego Silva Martins to fill the remainder of his term.

• e-Vote

Motion: “Resolved, that the Board appoints Diego Silva Martins to the OWASP Board of Directors, effective immediately, to serve for the remainder of Kevin Johnson’s term.”

• e-Vote Results

Board Members

• Ricardo Griffith: YES
• Sam Stepanyan: YES
• Harold Blankenship: YES
• Ashwini Siddhi: YES
• Steve Springett: YES
• Avi Douglen: ABSTAIN

Sponsor: Ricardo Griffith Second: Avi Douglen

Results: Passes 5 YES, 0 NO, 1 ABSTAIN

NEW BUSINESS

Motion to Elect Chair

Background The previous Chair will conduct nominations from the floor for the position of Chair. The Chair will then call for a vote. Once elected, the new Chair will assume the role of Chair for the remainder of the meeting.

Motion: “Resolved, that the 2025 Chair of the Board of Directors is elected as follows: Ricardo Griffith”

Sponsor: Avi Douglen Second: Sam Stepanyan

Board Members

• Ricardo Griffith: YES
• Sam Stepanyan: YES
• Harold Blankenship: YES
• Ashwini Siddhi: YES
• Diego Silva Martins: YES
• Steve Springett: YES
• Avi Douglen: YES

Results: Passes 7-0

At this point, the acting Chair (Avi Douglen) handed the meeting over to the new Chair (Ricardo Griffith), who will run the rest of the meeting.

Motion to Elect Vice Chair

Background The Chair will conduct nominations from the floor for the position of Vice Chair. The Chair will then call for a vote.

Motion: “Resolved, that the 2025 Vice Chair of the Board of Directors is elected as follows: Steve Springett”

Sponsor: Ricardo Griffith Second: Diego Martins

Board Members

• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Harold Blankenship: YES
• Ricardo Griffith: YES
• Sam Stepanyan: YES
• Steve Springett: YES

Results: Passes 7-0

Motion to Elect Treasurer

Background The Chair will conduct nominations from the floor for the position of Treasurer. The Chair will then call for a vote.

Motion: “Resolved, that the 2025 Treasurer of the Board of Directors is elected as follows: Harold Blankenship”

Sponsor: Ricardo Griffith Second: Diego Martins

Board Members

• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Harold Blankenship: YES
• Ricardo Griffith: YES
• Sam Stepanyan: YES
• Steve Springett: YES

Results: Passes 7-0

Motion to Elect Secretary

Background The Chair will conduct nominations from the floor for the position of Secretary. The Chair will then call for a vote. Once elected, the new Secretary will assume the role of Secretary for the remainder of the meeting, collecting minutes from the previous Secretary as necessary.

Motion: “Resolved, that the 2025 Secretary of the Board of Directors is elected as follows: Sam Stepanyan”

Sponsor: Harold Blankenship Second: Ricardo Griffith

• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Harold Blankenship: YES
• Ricardo Griffith: YES
• Sam Stepanyan: YES
• Steve Springett: YES

Results: Passes 7-0

Executive Reports

• OWASP Foundation Board Summary

Andrew van der Stock - Executive Director

• Staff virtual meeting planned for February 19-20.

• Board Strategy Summit in Amsterdam, April 7-9.

• OWASP EU Entity Update:
  • Issues with the existing EU entity persist.
  • New OWASP EU entity being created.
  • At least one Belgian director needed, preferably three.
• BugCrowd VDP signed
• Benevity update:
  • Benevity, an employer donation matching program, has been reinstated.
  • OWASP received no donations in two years, leading to its lapse.
  • A renewed effort will be made to communicate Benevity’s availability to members and potential donors.
• Membership & Chapters Update:
  • Glue Up system implementation ongoing.
  • Chapters reassigned to Hayden Corry for support.
  • Focus on increasing local sponsorship to manage chapter expenses.
  • Chapter tickets reduced by over 50%

Finance Report by Chris Barbeau - The Charity CFO

• Finance December 2024 Management Report
• Finance December 2024 AR Aging Summary
• Finance December 2024 Uncategorized Income

• Finance December 2024 Uncategorized Expense

• Budget & Financial Health:

  • $1.7M cash balance at the end of the month
  • $500K in certificates of deposit (CDs).
  • Total Net Assets: $2,840,000
  • 2024 Net Income: $993,000, exceeding projections.
  • Suggestion to revisit cash sweeps accounts.
  • Conference sponsorships performed better than expected.

• Outstanding Items:

  • Finalizing FY23 audit (positive outcome anticipated).
  • Addressing chapter expenses and improving tracking of accounts receivable.

Question from meeting guest: Matt Coles

“Does OWASP have any exposure to cryptocurrency and or ability to accept or plan to accept cryptocurrency”

Answer by Andrew van Der Stock: “No plans due to complexity and administrative overhead”

Education Committee Status Update and Charter Proposal Discussion

Shruti Kulkarni (Education & Training Committee officer) presented the Education Committee’s status update:

• Committee Charter Update:
  • Draft Charter approved by the Committee is issued for the community review and comments - the link is available in the #leaders Slack channel
• OWASP Approved Training:
  • Discussions happened at the Project Summit in November 2024
  • Process established for training outside of AppSec events.
  • Events Committee to review submissions.
  • Blog post announcement pending.

• OWASP Certified Secure Developer (OCSD) Proposal:

  • Two levels: Foundation (language-neutral) & Advanced (language-specific).

  • Certification process to be defined, including pricing, renewals, and professional education requirements.

  • Certification platform discussions ongoing.

Discussion on the 2025 Budget

Background The 2025 Budget is nearing completion. There was discussion about allocating budget towards website redesign and certification programs. The 2025 Budget is being finalized and will be sent for eVote an e-vote or a vote at the next Board meeting.

Chapter Support - Glue Up Discussion

Background Starr Brown to provide an update on Glue Up chapter support and the status of the Chapter Support program.

The issues with GlueUp discussed in the meeting included:

• Permissions Problem: Giving event privileges to chapter leaders also granted them access to financials and global AppSec event settings, which was a security risk.
• Backend Limitations: OWASP’s specific use case required modifications to GlueUp’s backend to properly separate roles and access levels.
• Chapters Not Fully Integrated Yet: While membership functions were operational, full chapter support was still in progress, requiring manual processing of some chapter tickets.
• Unexpected Behaviors: Some members’ statuses were not displaying correctly, such as lifetime members not being recognized in the system.
• Ongoing discussions with GlueUp support are expected to resolve the issues soon

Barcelona Global AppSec 2025 Conference Update

Background The Barcelona website (https://barcelona.globalappsec.org) is now up. A quick update on our marketing activities around Barcelona from Lauren Thomas:

• Early Bird Sales Performance:

  • 205% increase compared to San Francisco.
  • 107% increase compared to Lisbon.

• Local Tickets:

  • Special pricing for attendees from Barcelona to improve accessibility.

• Marketing Strategy:

  • Expanded LinkedIn ads, promotions, and developer outreach.

• Outreach to Developer Conferences

  • DeveloperWeek 2025 engagement planned.

Discussion on Policy Review

Background Sam will lead a discussion on policy review priorities and schedule for 2025. We are looking for approximately 1/3rd of all policies to be reviewed in 2025.

• Policies Under Review:

  • Committee policy
  • Chapter Policy
  • Membership Policy
  • Elections Policy
  • Force Majeure & Sanctions Policy
  • Expense Policy

• Next Steps:

  • Committees to review and refine their respective policies.
  • Schedule working group sessions for board-led policy discussions

New Committees

Background Funding and Communications committees are proposed to be formed. The Board will discuss the formation of these committees. Governance of the committee policy, especially relating to the terms, elections, and procedures being followed by committees.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Any Other Business

• Funding Committee formation discussed.
• Diversity & Inclusion Committee charter being developed.
• Communication Committee - Andrew to provide updates in February.

Action Items:

• Finalize 2025 budget, make it available to the Board and send for eVote before the next Board meeting - Andrew
• Communicate Benevity’s availability to members and potential donors - Andrew
• Provide progress on Glue Up integration for chapters - Andrew/Starr
• Continue EU entity setup and compliance efforts - Andrew
• Set up a Doodle for the Policy Review working group - Andrew
• Prepare a list of policies to be reviewed by the working group - Sam
• Propose a Policy/Process of reviewing and approving Policies and bylaws including the 30-day community review requirement - Andrew
• Reach out to Brian Reed re: setting up Communications Committee and finalizing its Charter - Andrew
• Ask Brian Reed to attend the next Board meeting - Andrew
• Prepare the Draft Agenda for the Board Strategy Summit in Amsterdam - Ricardo
• Finalize the Charter for the Diversity and Inclusion Committee and socialize it - Avi

ADJOURNMENT

Adjournment motion

The next general Board meeting is on February 25 2025, at 12 pm US Eastern Time.

• February 2025

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith (Chair) Second: Avi Douglen