January 2020 Minutes

CALL TO ORDER

Board Members Present

  • Martin Knobloch, Chair
  • Owen Pendlebury, Vice Chair
  • Sherif Mansour, Treasurer
  • Richard Greenberg, Member at Large
  • Gary Robinson, Member at Large
  • Grant Ongers, Member at Large
  • Vandana Verma, Member at Large

Guests

  • Mike McCamon
  • Emily Berman
  • Harold Blankenship
  • Kelly Santalucia
  • Dawn Aitken
  • Lisa Jones
  • Sibah Poede
CHANGES TO THE AGENDA
APPROVAL OF MINUTES
REPORTS

Organizational KPIs

  • Members: 2,748 (down 15 from Last month)
  • Momentum: 572K visitors to websites in Dec (533 increase to 2018)
  • Operations
    • 99.2% of Service Desk tickets closed within SLA (better from 96.4% last month)
    • 82.6% of Non-Funding tickets were closed within SLA (worse from 100% last month)
  • Money: TBD

Financial

  • Tabled- Action: Mike McCamon will send next week when available from Virtual.

Executive Director Report

Please find below

OLD BUSINESS

(1) Approval of the 2020 Operating Plan - Tabled - Action: all Board Members will submit their input and final version by February.

(2) Approval the OWASP 2020 Budget Motion: To approve the 2020 Budget, Owen Pendlebury motioned, Sherif Mansour second

  • Vote:
  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes
  • Martin Knobloch - Yes
  • Richard Greenberg - Yes
  • Gary Robinson - abstain
  • Vandana Verma - Yes
  • Passed: 6-0

(3) Update the Mission Statement: - Tabled - Action: Mike McCamon will send Board the mission statement and the Board will review during their 4 hour virtual meeting.

  • From: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
  • To: OWASP is a nonprofit foundation improving the security of software. Through community-led open source software projects, local chapters worldwide, members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure our lives.
NEW BUSINESS

(1) Officer Elections - Tabled, Board will vote later in the month.

(2) Motion to modify treatment of Restricted Gifts. Restricted gifts are subject to a 15% administration and processing discount. Unspent Restricted gift balances become unrestricted at the end of each calendar year. Owen Pendlebury motioned, Martin Knobloch, second.

  • Vote:
  • Grant Ongers - Yes
  • Gary Robinson - Yes
  • Martin Knobloch - Yes
  • Sherif Mansour - Yes
  • Vandana Verma - Yes
  • Richard Greenberg - Yes
  • Owen Pendlebury - Yes
  • Passed: 7-0

(3) Motion to authorize the Executive Director, exercising all necessary due diligence and care, as individually authorized to obligate the funds of the OWASP Foundation (OWASP), to execute agreements reflecting those obligations, and to further delegate this authority as deemed appropriate, for the purpose of organizing and hosting a Global AppSec in Berlin on or before June 10, 2021 with a total expense budget not to exceed 565,000 EUROS. - Owen Pendlebury motioned, Martin Knobloch second.

  • Vote:
  • Martin Knobloch - Yes
  • Gary Robinson - Yes
  • Grant Ongers - Yes
  • Vandana Verma - Yes
  • Sherif Mansour - Yes
  • Richard Greenberg - Yes
  • Owen Pendlebury - Yes
  • Passed: 7-0

(4) Motion approve the Signatory Policy Version 2. Tabled - Board will discuss during their 4 hour virtual meeting.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

(1) Staff has been working on a variety of policy documents for the Foundation. When possible the Board is encouraged to review and provide feedback for the following: Donation, Expense Reimbursement, and Membership.

(2) New Website

  • There are still quite a bit of Chapters and Projects who have not updated their new page.
  • Anyone who finds any errors are to submit a ticket for Harold Blankenship to review.

(3) Project Summit - Staff will be notifying Projects who were accepted for the Project Summit.

(4) Global AppSec Dublin 2020

  • The Project Team has been selected and have met already.
  • CFP opens on Monday.
  • Action: Emily Berman to share list of Project Team and call details to the Board.
ADJOURNMENT

Executive Director Report

Website

The website was launched on WED, January 15th. Our original plan was to launch over the Christmas holiday but ultimately we elected to give the community another two weeks of time to migrated their content.

As of this report, only 66 of 285 chapters to have migrated their content (23%), and 38 of 145 (26%) of Projects have migrated. It was decided that at launch if a chapter or project has yet to migrate we would take a snapshot of those pages and place it on the affected chapter/project with a warning and link to /migrated_content. Harold also wrote code to stand up an accurate leaders.md file for each project/chapter so going forward the leadership of record for OWASP will be contained on the respective web page.

Traffic since launch has stayed constant. We took an 80/20 approach to SEO/Redirects and thus far the trendline is tracking against that goal. There is still traffic going to the old wiki but they are long-tail links. We have disabled editing the wiki as the new website is the path forward.

Migration of the new website coincided with our retirement of Fontiva for Membership management and renewal. Membership information is stored in both Stripe and Mailchimp. Mailchimp is now being used for membership contact (onboarding/renewal). Individuals can check their membership status without a password through the /manage-membership page. Donations are now being processed on Stripe as well. We are in the process of retiring other paths for these user actions.

Our next web project will be an Events tool. We are several weeks behind schedule on that project but are working to pull in that timeline.

Projects Summit

Work continues in our planning for our first Projects Summit for February 27-29, 2020 in Cancun, Mexico. As of this writing we have seven projects that have applied. Total number of project-reported attendees is less around 20. Application process closes on Sunday. Project leaders have received no less than five notices regarding this opportunity. Project details: https://owasp.org/www-staff/projects/202002-Projects-Summit-Q1

Conferences

Program Team for Dublin has been selected and meetings have begun for this June event. San Francisco Program Team nominations is closing this week. Both microsites are online but are not taking registrations. Both Global Conference contracts are signed and project plans are online at:

  • https://owasp.org/www-staff/projects/202006-GlobalAppSec-Dublin
  • https://owasp.org/www-staff/projects/202010-Global-AppSec-SF

Staff is prepared to execute an agreement for Berlin 2021 and there is a Board resolution on tomorrow’s agenda.

AppSec California sales are winding down with $320,000USD in sponsorship sales. 72% of standard event sponsorships for AppSec California were consumed by Corporate Sponsors. This means there is ALREADY $230,000 revenue booked just from these sponsors for our Global AppSec events.You can check the current status at https://owasp.org/www-staff/projects/202001-event-appsec-california

Preparing for 2020

The Operating Plan has been available for Board review these past several months and a budet for over a month. These items are again on our agenda for January call. https://owasp.org/www-board/meetings/202001.html

Honorary Memberships

Staff is no longer processing Honorary Membership requests. Upon review of our policies and ByLaws the Board needs to define a new process for this pathway to membership. Updates coming shortly.

Policy Work

While we had the goal to completely update the Foundation’s policies prior to the website launch, we are making good progress. I am recommending the Board adopt our new Donations, (https://owasp.org/www-policy/operational/donations.html), Expense (https://owasp.org/www-policy/operational/expense-reimbursement.html), Membership (https://owasp.org/www-policy/operational/membership.html, and Signatory (https://owasp.org/www-policy/operational/signatory2) policies. Very shortly and prior to the board meeting I will be sending a narrative on substantive changes worth noting.

Miscellaneous

  • Non-funding ticket SLA breach have been on the rise due to primarily a lack of staffing while closing the website migration.