July 2020 Minutes


Meeting Details

  • Date: 2020-07-28
  • Time: 12PM US Eastern, UTC 1700 convert
  • Location: Remote
  • Call-in: Zoom Meeting

  • Meeting recording

Call to Order


Board Members

  • Owen Pendlebury
  • Martin Knobloch
  • Richard Greenberg (arrived at 12:09)
  • Gary Robinson
  • Vandana Verma
  • Grant Ongers
  • Sherif Mansour

Guests

  • Mike McCamon
  • Tom Pappas
  • Dawn Aitken
  • Kelly Santalucia
  • Harold Blankenship
  • Lisa Jones
  • Various community members
CHANGES TO THE AGENDA

Priority items

  • Approving Education Committee (Grant Ongers)

Motion: Approve the OWASP Educational Committee, Grant Ongers motioned, Owen Pendlebury seconds

Vote

  • Martin Knobloch - Yes
  • Vandana Verma - Yes
  • Gary Robinson - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes
  • Richard Greenberg - Yes
  • Owen Pendlebury - Yes

Passes: 7-0

  • Discussing regional event cancellations and impact on our finances (needs a sponsor)

Action: staff to determine what kind of tooling we can offer for support to the Chapters for local events. Example: virtual program

  • Adjourning August 2020 meeting until September (needs a sponsor)

Motion: To cancel the August 2020 Board Meeting. Martin Knobloch motions, Owen Pendlebury seconds

Vote

  • Martin Knobloch - Yes
  • Vandana Verma - No
  • Gary Robinson - No
  • Sherif Mansour - No
  • Grant Ongers - No
  • Richard Greenberg - No
  • Owen Pendlebury - No

Not Passed: 6-1

Move to e-vote or table:

  • Motion for Board training; directing Foundation staff to implement a new operational procedure (Sherif) Sherif Mansour, Gary Robinson - move to e-vote
  • Motion for Compliance Committee changes to bylaws to address Board eligibilty clarifications (needs a sponsor) Owen Pendlebury, Vandana Verma - tabled
  • Motion for new Honorary members (needs a sponsor) Martin Knobloch, Owen Pendlebury - work with Andrew for procedure and will be e-votes going forward

Agenda


APPROVAL OF MINUTES

Previous Meeting Minutes

Motion: to approve June 2020 Board Minutes, Owen Pendlebury motions and Vandana Verma seconds

Vote:

  • Martin Knobloch - Yes
  • Vandana Verma - Yes
  • Gary Robinson - Yes
  • Sherif Mansour - Yes
  • Grant Ongers - Yes
  • Owen Pendlebury - Yes

Passes: 6-0

REPORTS

Organizational KPIs

  • Membership 3,219 (Up 61 from Last Month)
  • Momentum: 554K visitors to website last month (descrease of 7% compared to 2019)
  • Operations:
  • 92% of Service Desk tickets closed within SLA ( up from 85% last month)
  • 93% of Non-Funding tickets were closed within SLA (up from 83% last month)
  • Cash on hand: $1.756K USD in cash assets,
  • YTD 2020 Net income, on a combined Accrual basis is -$111.8K which is BETTER than the YTD 2020 budget/”Z” forecast of negative -$166.5K by $54.7K or $125K WORSE than the May 2020 close positive variance of $179.7K.

Financial

With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll, deferred revenue for events such as Apsec EU, Lascon, Apsec US etc that may not happen) of $627K added to the $1,061K of Ch/Proj balances is $1,688K , as compared to the $1,465K of cash, leaves us a Negative Oper. Cash balance of $223K, if all the Chapters and Projects spent all their funds ( I have held out the $113K of PPP federal funding as the chance of it being forgiven is fairly high). This Oper cash deficit is $44K less than it was at the end of May, which is an improvement. Also Open AR is $233K which is down $38K from the May balance of $271K, which when collected would balance out the Oper cash deficit. While we are not currently in a “cash” deficit position, we do need to be cognizant that with the continued travel and meeting restrictions on gatherings which has severely affected our events, if we do not make some of this up with our on line offerings our cash position will become an issue as we move through the rest of the fiscal year. I did see the email noting that Apsec Cali has been cancelled as an “in person” event. It would greatly benefit the Foundation if we were to put on a significant “online event” in its place, not only to help with our Cash flow, but being the first event coming out of the Holidays, could be a significant opportunity for us.

At this point in the year with all that is going on while we are still ahead of budget for Net Income though as noted above, our “above budget net income” eroded $125K from May to June. This trend will continue, so we need to be cautious as we move through the rest of the year, looking for additional sources of revenue while being cautious with expenses.

Full finance officer report

Highlights are in KPI

Executive Director Report

Highlights:

  • Busy first month
  • Regional Conferences are cancelled, what is our next move
  • Policies are going through Community Review Process
  • Elections are on track, call for Candidates on August 15, comms very soon. Needs Compliance Committee package to pass
  • AppSec Global is getting back on track, but it will be challenging
  • Joined Linux Foundation

Executive Director report

OLD BUSINESS

Actions form June 2020 Meeting

  • Tom to setup bi-weekly meetings with Vandana (Treasurer) (Done)
  • Martin to work to remove inactive individuals form ING bank account (Done)
  • Staff to come up with guidelines for Honorary Membership (Done - community review in process)
  • Richard to send Mike email regarding Leaders List moderation
  • Dawn to add votes to voting history (Done)
  • Board and staff to finalize decision on Global AppSec San Francisco. Mike and Emily to submit documentation for options (Done)
  • Dawn to add page to website for Elections (Waiting for timeline approval, but done)
 OUT-OF-CYCLE MOTIONS 

As reported by the Executive Director

July 15, 2020

Motion: “Cancel AppSec SF contract, approve full virtual event

“I motion that in light of a July 30th deadline to cancel the AppSec San Francisco hotel contract, that the OWASP Foundation shall direct Foundation staff to enter into negotiations and cancel the contract prior to July 30. There could be a $16k cancellation fee, which might be waived prior to July 30 due to force Majeure provisions.”

and

“I motion a subsidiary motion that directs staff to make the Global AppSec SF event a full virtual event to be held at the same time, within the 2020 Budget Model “Z” parameters, authorizing staff to enter into contracts for virtual platforms and services, establishing and marketing new virtual event and corporate sponsorship packages, and a transition model for the existing event and corporate sponsors, and other necessary changes to achieve a full virtual event.”

e-vote Doodle can be found here: https://doodle.com/poll/nxkzwbpfbg6vfzwh

Both main and subsidiary motions are contained within one single vote, which went as follows:

Sponsor: Grant Ongers Second: Owen Pendlebury

Vote: - POSTED

  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes
  • Gary Robinson - Yes
  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Vandana Verma - No vote
  • Richard Greenberg - No vote

Passes: 5-0

July 16, 2020

Motion: “I motion that OWASP directs the Executive Director to join the Linux Foundation as an Association Member.”

e-vote Doodle can be found here:

https://doodle.com/poll/i9nfdgsmvbswp2mq**

Sponsor: Sherif Mansour Second: Grant Ongers

Vote - POSTED:

  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes
  • Gary Robinson - Abstain
  • Vandana Verma - Yes
  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Richard Greenberg - No Vote

Passes: 5-0

July 17, 2020

Motion: “I motion that the bylaws be updated to permit and detail the governance of the reinstatement process, as follows:

Section 4.03a Resumption of Terminated Membership and Activities

The Board of Directors, by the affirmative vote of two-thirds of all members of the Board, may reinstate a Terminated Member to permit full participation in all OWASP activities, chapters, projects, events, committees, and duties, including OWASP Leadership and paid membership.

https://doodle.com/poll/zei5y7et5mbruuwv”

Sponsor: Martin Knobloch Second: Grant Ongers

Vote - POSTED

  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes
  • Gary Robinson - Yes
  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Vandana Verma - No vote
  • Richard Greenberg - No vote

Passes 5-0

Motion: “I motion that Christian Heinrich of Sydney, Australia is again permitted to participate in all OWASP activities and paid membership, subject to OWASP’s bylaws, policies, procedures, and OWASP’s Code of Conduct and Code of Ethics.”

e-vote Doodle can be found here:

https://doodle.com/poll/eecfrzaacdpvmhm6**

Sponsor: Martin Knobloch Second: Grant Ongers

Vote - POSTED:

  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes
  • Gary Robinson - Yes
  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Vandana Verma - Yes (NB: amended from no vote; Yes vote accepted via global-board post on July 21, as that was before the Doodle poll was closed by the ED).
  • Richard Greenberg - No vote

  • Record of Vandana’s vote

Passes: 6-0

Motion: “I motion as a subsidiary motion that the Board nominates Sherif Mansour to the Linux Foundation’s future entity Board for a period of no more than 12 months, to be succeeded by OWASP’s Technology and Projects Director, upon Sherif Mansour stepping down or at the end of the 12 months, whichever comes first.”

This motion was accidentally left off the July 2020 Board meeting. It has been updated by request of the Board.

e-vote Doodle can be found here:

https://doodle.com/poll/t9qvpcerszx29d23**

Sponsor: Sherif Mansour Second: Grant Ongers

Vote - POSTED

  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes
  • Gary Robinson - Abstain
  • Martin Knobloch - No
  • Grant Ongers - Yes
  • Vandana Verma - Yes
  • Richard Greenberg - No vote

Passes: 4 Yes-1 No-1 Abstain

NEW BUSINESS
  • Motion: To instruct the OWASP Foundation to refresh the OWASP BoD learning material requirements. Going forward the foundation can regularly review and recommend changes to BoD learning materials. The updated materials will need to be approved by the sitting board at the time, and all current/new board members for 2021 onwards will need to take on the required learning material. *Sherif Mansour - tabled it

  • Motion: Proposal to form an Education & Training Committee. Adrian Winckles had proposed and circulated to the leaders list and have got the required members with no negative feedback. Grant Ongers (vote above)

  • Discussion: Review submitted honorary memberships, to be approved via e-vote, or alternatively give the Foundation staff guidelines for operational admittence whilst we wait for membership policy review. Honorary membership applications

  • Motion: to address Compliance Committee bylaw recommendations on Board member eligibility after lapses in good standing, by addressing perception or actuality of conflicts of interest members must pay for their own membership, ensuring that bylaws, policies and procedures, that members are responsible for maintaining their good standing, provide a grace period to address lapses in good standing, update the Board of Directors Committment Agreement to reflect these changes, confirm the missing bylaw change passed by the Board in 2017, and direct staff to operationalize timely updates to policy, procedure and bylaw changes after successful Board votes, and clarify eligibility rules regarding Board member vacancy bylaws to reflect the outcome of the most recent Compliance Committee recommendation. SponsorTBA

  • Updated Bylaws highlighted in yellow
  • Updated Board landing page
  • Updated Board Committment Agreement
  • New Bylaw and Policy Update Policy

  • Suggested Motion: The Board directs Foundation event staff to run Selected OWASP regional events as global virtual events on a best efforts basis to avoid full cancellation of these vital OWASP events. Additionally, the Board directs Foundation staff to ensure that there is a procedure to ensure that there is adequate notice and communication between OWASP regional event teams of any potential cancellations, unavailability, or inability to run Selected Events. Selected regional events for the purposes of this motion should only be selected if they would otherwise be canceled, or the organization team is unavailable or unable to help, Foundation staff have sufficient capacity, the event doesn’t conflict with existing global events, and the event has revenue over $100k USD and be previously profitable. SponsorTBA

Context

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
ADJOURNMENT
  • Motion: To adjourn the Board until September 2020.

“It is resolved that due to expected lack of quorum through Board member annual leave, there be no scheduled August 2020 Board meeting. The lack of an August Board meeting will not count towards or harm attendance requirements for any Board member. The next OWASP Board meeting will be held on September 22, 2020 at 12 pm US Eastern Time. Any e-Votes held during this period will follow the normal rules of procedure, and be confirmed in the September minutes.”

Sponsor: TBA Seconded: TBA

Votes: TBA