December 2019 Minutes

CALL TO ORDER

Board Members Present

  • Martin Knobloch, Chair,
  • Ofer Maor, Secretary
  • Richard Greenberg, Member at Large
  • Chengxi Wang, Member at Large

Not Present

  • Owen Pendlebury, Vice Chair
  • Sherif Mansour, Treasurer
  • Gary Robinson, Member at Large

Guests

  • Mike
  • Grant
  • Emily
  • Kelly
  • Lisa
  • Vandana
  • Tome
  • Haral
  • Sibah
CHANGES TO THE AGENDA
APPROVAL OF MINUTES
REPORTS

Organizational KPIs

  • Members: 2,763 (down 32 from Last month)
  • Momentum: 652.5K visitors to websites in Nov (2,690 decrease to 2018)
  • Operations
    • 96.4% of Service Desk tickets closed within SLA (worse from 99.3% last month)
    • 100% of Non-Funding tickets were closed within SLA (better from 99.3% last month)
  • Money: $99K Operating, $1.3M cash assets.

Financial

Tom Pappas presented a brief financial update. The highlight below were shared with the Board prior to the meeting. Tom wanted to bring to the Board’s attention that 2019 will be an audit year. This means that the December close will likely stay open longer than usual to ensure accurate coding.

  • Revenue: On an accrual basis, total revenue YTD through Nov 2019 was $3,294K as compared to the plan of $4,590K. The results are WORSE by $1,296K, with Conference income being $1,074K below the 2019 budget
  • Expenses: Total spending YTD is LESS than budget by $1,253K due to under spending in most of the depts. ( Conference expenses are under budget by $794K, and is further offset by the under spending in most depts YTD, except for Professional services)
  • Net Income/Loss: YTD Net income, on a combined Accrual basis is $74K which is worse than budget by $43K.
  • Chapter Funds: US bal is $809K ( which is DOWN $18K from the Oct bal of $827K which now includes the almost $94K posted to Ca chapters for 2019 Apsec Cali but before APSEC EU and US 2018 and 2019 as well as some 2018 Regional splits). EU Ch bal is $59K. Also US Proj bal is $165.5K. (which is down $6K from Oct 19)
  • With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll etc) of $214K added to the $1,029K of Ch/Proj balances is $1,243K , as compared to the $1,342K of cash, leaves us Positive Oper. Cash of $99K, for the time being. On avg our monthly expenses are about $135K so at $99K of Oper cash we have less than one month of reserve. Also Open AR is $333K, which when collected will help immensely, and will add almost 2.5 more months of reserve.

Executive Director Report

No verbal report supplied, see below for comments shared with the Board prior to the meeting.

Attachements

OLD BUSINESS

(1) Resolution passed at September 2019 Board Meeting

  • Question regarding language. Staff re-listened to recording and the passed motion is below
  • Resolved, beginning January 1, 2020 the Foundation has decided to change the profit splits of the Global AppSec events. The split will be no less than 90% to the Foundation and no more than 10% to local Chapters. The Chapter will have the option to give the funds back to the Foundation or the Community Fund. If there is no current active Chapter in the area the full 100% will be given to the Foundation. Ofer Maor motions, Richard Greenberg seconds. Passes: 6-0. In Favor: 6 (Ofer Maor, Owen Pendlebury, Richard Greenberg, Gary Robinson, Sherif Mansour and Chenxi Wang) Against: 0, Abstained: 1 (Martin Knobloch).

  • There was no action required as this was provided as informational.
NEW BUSINESS

(1) Resolved that One-Year Individual Membership regional pricing will be $20 per year for residents of bottom 50% of Adjusted net national income per capita (current US$) countries. https://data.worldbank.org/indicator/NY.ADJ.NNTY.PC.CD

  • VOTE: Martin made the motion and Richard 2nd. The motion passed unanimously.

(2) Set time for January Board Member Onboarding video call (4hrs). Discuss Strategy and assign Board Member roles.

  • Members agreed to keep the 3rd TUE for monthly calls and will move the time up 2hrs earlier in the day.
  • ACTION: Martin will circulate a Doodle invite to arrange a convenient time for the 4-hr onboarding call.
  • VOTE: No vote was taken approved by unanimous consent

(3) Approval of the 2020 Operating Plan

  • Board members discussed various items on the draft plan. Particular comments included:
    • Goal #1 should be modified to capture the staff role of promoting 2020 Top Ten not imply work on the Project itself
    • Goal #6 (Satisfaction) metric should be raised to 10%
    • Chapter Operations will be revised following an expected proposal from Richard and Sherif regarding chapter operations. That proposal will be first shared with Mike McCamon for input prior to public distribution.
  • The motion was tabled.

(4) Approval the OWASP 2020 Budget

  • Board Members discussed the draft budget. There were a variety of questions for staff but no formal action items were assigned.
  • The motion was tabled.

(5) Update the Mission Statement:

  • From: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
  • To: The Open Web Application Security Project (OWASP) is a nonprofit foundation improving the security of software. Through community-led open source software projects, over 260 local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

  • Following a brief discussion the two primary pieces of feedback were:
    • Remove “Open Web Application Security Project” and just have the name be OWASP
    • Remove specific metric on number of chapters to keep the statement evergreen
  • The motion was tabled.
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
ADJOURNMENT

Executive Director Report

Website

Work continues to get the website launched before December 20th. In our view this is a great time of the year to relaunch our website. Our plan is launch and then have two weeks for fast-follow on key issues/concerns over the slower traffic holiday season. Key tasks either ready for testing, in testing or complete include:

  • SEO Mapping of old/new link format/structure (over 70% of inbound traffic re-mapped by THU)
  • Primary nav content items (work in progress with Governance and Policies)
  • Projects either updated or migrated
  • Chapters either updated or migrated
  • Updated Donation workflow
  • Updated Membership onboard/renewal
  • Responsive design for desktop/tablet/mobile

Migration of Projects and Chapters continues at a slow pace. Right at 15% of Projects (126 of 148) have not updated their pages on the website and only 7.2% of Chapters (257 of 277) have completed the work. After a great deal of work and deliberation we have elected to programmatically migrate pages that have not been updated by leaders to also include a disclaimer page explaining why the page may not perform as expected. This means all Chapter pages, regardless of Leader participation, will have an end-point at launch. This is critical to maintain SEO integrity.

After a variety of conversations, there is only really one substantive outstanding issue raised by the community (more accurately ~ four people), and it concerns URL structure. We have brainstormed several solutions and are in contact with GitHub on how we might implement these changes. Our current estimate is to make this change - even with GitHub’s help - is likely 40-60hrs of rework/retooling. If GitHub cannot help us with migrating credentials, it could easily double the LOE of this work item. And worse still, all of this work would fall on Harold who already has high priority items like SEO link mapping that are far more critical for launch. We have not closed the door on this change; but we are hesitant to delay the project at this time.

Again the complete plan and milestone list is https://www2.owasp.org/www-staff/projects/201912-Website-Launch.html

Projects Summit

Work continues in our planning for our first Projects Summit for February 27-29, 2020 in Cancun, Mexico. We have signed the contract for the venue and plan to open Project Applications just after the first of the year. Project details: https://www2.owasp.org/www-staff/projects/202002-Projects-Summit-Q1

Conferences

Interest in joining Program Teams is light (only three applicants thus far). We are now promoting this opportunity on our Twitter accounts and will be doing some additional email campaigns to increase buzz about these opportunities. Both Global Conference contracts are signed and project plans are online at:

  • https://www2.owasp.org/www-staff/projects/202006-GlobalAppSec-Dublin
  • https://www2.owasp.org/www-staff/projects/202010-Global-AppSec-SF

Reports are that BlackHat London OWASP presence was a success. Staff supported local members in hosting the booth. AppSec California sales are going well and are at $294,950. You can check the current status at https://www2.owasp.org/www-staff/projects/202001-event-appsec-california.html

Preparing for 2020

The Operating Plan has been available for Board review these past several weeks. Whatever feedback I’ve been receiving I have been iterating and plan to have a budget ready for Board approval at the December call. https://www2.owasp.org/www-staff/operating-plan/2020

Miscellaneous

  • Due to the holidays, we have cancelled the December Connector
  • Our new Membership/Donation form will collect GDPR consent, something that our current system does not. There is staff project (Email Cleanup & GDPR https://www2.owasp.org/www-staff/projects/201910-Email-Cleanup.html) that we intend to complete next month that will scrub our entire email lists to get us into compliance.
  • Our donation form will allow visitors to be listed as a supporter of Chapters and Projects