February 2020 Minutes

CALL TO ORDER

Board Members Present

  • Martin Knobloch, Chair
  • Owen Pendlebury, Vice Chair
  • Sherif Mansour, Treasurer
  • Gary Robinson, Member at Large
  • Grant Ongers, Member at Large
  • Vandana Verma, Member at Large
  • Richard Greenberg, Member at Large (arrived late)

Guests

  • Mike McCamon
  • Emily Berman
  • Kelly Santalucia
  • Dawn Aitken
  • Lisa Jones
  • Tom Pappas
  • Justin Ferguson
  • Bjorn Kimminich
CHANGES TO THE AGENDA
APPROVAL OF MINUTES

Motion: approval of January 2020 minutes, Martin Knobloch motioned, Owen Pendlebury second.

Vote:

  • Vandana Verma - Yes
  • Owen Pendlebury - Yes
  • Gary Robinson - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes:
  • Martin Knobloch - Yes

Passed: 6-0

REPORTS

Organizational KPIs

Membership 2,772 (24 increase from Last Month) Momentum: 679K visitors to website last month (649K compared to 2019; increase of 4.6%) Operations: 90.1% of Service Desk tickets closed within SLA (worse from 99.2% last month) 95.8% of Non-Funding tickets were closed within SLA (better from 82.6% last month) Money: TBD

Financial

Revenue: On an accrual basis, total revenue YTD through Dec 2019 was $3,377.8K as compared to the plan of $4,780K. The results are WORSE by $1,402.2K, with Conference income being $1,145K below the 2019 budget

Expenses: Total spending YTD is LESS than budget by $1,301.9K due to under spending in most of the depts. ( Conference expenses are under budget by $794K, and is further offset by the under spending in most depts YTD, except for Professional services)

Net Income/Loss: YTD Net income, on a combined Accrual basis is $-50.3K which is worse than budget by $-100.3K.

Chapter Funds: US bal is $824.K ( which is UP $15K from the Nov bal of $809K which now includes the almost $94K posted to Ca chapters for 2019 Apsec Cali but before APSEC EU and US 2018 and 2019 as well as some 2018 Regional splits). EU Ch bal is $60.3K. Also US Proj bal is $167K. (which is UP $5K from Oct 19). EU Proj bal is $-5.6K ( this will be offset into the US Proj balances for the final YE close as will the EU Ch balances)

With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll etc) of $120K added to the $1,048K of Ch/Proj balances is $1,168K , as compared to the $1,138 K of cash, leaves us Negative Oper. Cash of $30K, for the time being. . Also Open AR is $456K, ( it is now down to $310K so some has been collected and the remaining I am told is all good AR). So if there all to be collected we would have about $426K of Oper cash exclusive of what is owed to Chapters, and on avg our monthly expenses are about $135K which is just over 3 months of Oper cash reserve exclusive of the $1,138K we have in cash in the bank on 12.31.19.

FY2019 Preliminary Board Summary FY2019 Preliminary Balance Sheet Executive Director Report Please see notes below.

OLD BUSINESS

(1) 2020 OWASP Board Officer Elections

Board Chairman Nominee - Owen Pendlebury

Vote:

  • Vandana Verma - Yes
  • Owen Pendlebury - Yes
  • Gary Robinson - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes
  • Martin Knobloch - Yes

Passed: 6-0

Vice Chairman Nominee - Sherif Mansour

Vote:

  • Vanda Verma - Yes
  • Owen Pendlebury - Yes
  • Gary Robinson - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes
  • Martin Knobloch - Yes

Passed: 6-0

Treasuer Nominee - Vandana Verma

Vote:

  • Vandana Verma - Yes
  • Owen Pendlebury - Yes
  • Gary Robinson - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes
  • Martin Knobloch - Yes

Passed: 6-0

Secretary Nominee - Gary Robinson

Vote:

  • Vandana Verma - Yes
  • Owen Pendlebury - Yes
  • Gary Robinson - Yes
  • Sherif Robinson - Yes
  • Grant Ongers - Yes
  • Martin Knobloch - Yes

Passed: 6-0

(2) Approval of the 2020 Operating Plan

Motion: To approved 2020 Operating Plan excluding mission statement.

Vote:

  • Sherif Mansour - Yes
  • Martin Knobloch - Yes
  • Richard Greenberg - Yes
  • Gary Robinson - Yes
  • Grant Ongers - Yes
  • Vandana Verma - Yes
  • Owen Pendlebury - Yes

Passed: 7-0

(3) Update the Mission Statement - Tabled

Action: Owen Pendlebury to share updated mission statement and Mike McCamon to share with community.

From: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

To: OWASP is a nonprofit foundation improving the security of software. Through community-led open source software projects, local chapters worldwide, members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure our lives.

(4) Motion approve the Signatory Policy Version 2. - Tabled

NEW BUSINESS

Sherif Mansour: Discussion & Feedback on OWASP Community Review Proccess https://docs.google.com/document/d/14gzKJTXBChI59FPq1_K0-OUJiS3V2G2c_hNN4x382dA/edit

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Executive Director Report

Website

While the website was successfully launched last month, there is still ongoing work to migrate and resolve outstanding bugs and SEO enhancements. After the first full week following our launch, we were capturing 78% of all traffic into the new site. As of last week that number has climbed to 89.3%. The team meets weekly with our SEO firm to continue to work the long tail of search traffic. Donation and Membership systems are operational with ongoing minor enhancements. Staff can now query membership database through Slack.

Unfortunately content migration by chapters and projects is still incomplete. As of this report, only 72 of 291 chapters have migrated their content (25%), and 47 of 145 (32%) of Projects have migrated.

The new Events is in final development and should be available for testing as early as the week of February 17th with a planned launch for February 28th. The system is being designed to completely replace our need to use Regonline AND Eventbrite. Harold has been working on an “event template” that can be used instead of the current system of Eventbrite and local Wordpress systems. This new system once fully implemented will save the foundation close to $25,000 per year.

Projects Summit

Final plans are in place for the first Projects Summit on February 27-29, 2020 in Cancun, Mexico. The selected projects included: Juice Shop, OWASP DefectDojo, OWASP Application Security Open Curriculum Project along with ASVS Standard and Cheatsheets Series which neither now plan to attend. Total registrations at this point are 23 including staff offsite. The program and contract were conceived for 50 attendees. We have been actively working to reduce our room commitment but have only thus far secured minor changes. Following the event we will do a postmortem on why there was so little interest. We directly contacted project leaders no fewer than five times - and also did direct outreach.

Project details: https://owasp.org/www-staff/projects/202002-Projects-Summit-Q1

Conferences

San Francisco Program Team has been selected and Dublin Team is well underway. Dublin CfP/CfT round one closes at the end of February. San Francisco has 25 sponsors under contract for $379,245 and Dublin has 12 sponsors signed for $90,549. Project plans are online at:

https://owasp.org/www-staff/projects/202006-GlobalAppSec-Dublin https://owasp.org/www-staff/projects/202010-Global-AppSec-SF We just learned that BlackHat Asia has been postponed due to coronavirus. There are no lost costs due to this cancellation by the event organizer.

Tom Pappas - P&L for AppSec California 2020 should be available at the end of March.

Action:

  • Emily Berman to update Dublin project page, pricing is incorrect.
  • Mike McCamon - have a report available that shows comparative year to year on events.
  • Vandana Verma to follow up with Kelly Santalucia regarding HCL as potential sponsor.

Preparing for 2020

The Operating Plan has been available for Board review these past several months. I have removed the objectionable language from the Chapters Initiative and placed this on our agenda for February call. https://owasp.org/www-board/meetings/202001.html

Miscellaneous

Staff Semi-Annual Offsite will be in February 27-28. Annual Member Survey was sent to member and the broader mailing lists. Last year it was only sent to the broader list so this year we will have more accurate member information As always, most major staff projects are all listed with milestones at https://owasp.org/www-staff/

Adjournment