March 2021 Minutes

MEETING DETAILS

AGENDA

CALL TO ORDER

Board Members

  • Sherif Mansour
  • Vandana Verma
  • Owen Pendlebury
  • Bil Corry
  • Joubin Jabbari
  • Grant Ongers

Guests

  • Andrew van der Stock
  • Tom Pappas
  • Dawn Aitken
  • Harold Blankenship
  • Lisa Jones
  • Kelly Santalucia
  • various community members

CHANGES TO THE AGENDA

APPROVAL OF MINUTES

Vote

  • Owen Pendlebury - Yes
  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Sherif Mansour - Yes
  • Joubin Jabbari - Yes
  • Vandana Verma - Yes

Passed: 6-0

Vote

  • Owen Pendlebury - Yes
  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Sherif Mansour - Yes
  • Joubin Jabbari - Yes
  • Vandana Verma - Yes

Passed: 6-0

REPORTS

Staff reports:

Operating Plan Status

Organizational KPIs

KPI Summary

KPI March Delta
Members 3,818 8.46%
Visitors 801,114 14.01%
OSD SLA met 88.90% 3.73%
NSRF SLA met 90.00% -9.27%
YTD net income $(40,693) $(8,745)
Cash assets $1,127,120 $(84,246)

e-Votes to read into minutes

Motion to approve the 2021 Budget - VOTE POSTED

Background: Each year, the Foundation sets a budget to match its operating plan and priorities. This year is slightly different, with a survival mode budget. This budget has the lowest expectation of income and expenses for many years, with the expectation that as the vaccination rollout proceeds, life can start to get back to normal. We might be able to exceed this budget. If that doesn’t happen, this budget has a very slim profit. With careful stewardship of our funds throughout the year, there’s every likelihood that we will not make a loss. The significant risk is events: the previous events director did not prepare a formal budget. Many of the events had to change. Therefore, we envisage some ad hoc requests for event budgets to allow events to go ahead where the Foundation thinks they will be profitable. The only planned events are LASCON and AppSec Australia, both regional AppSec Days events. Lastly, this budget assumes that there will be finance reform, making allowances for limited awards & scholarships, grants, and expenses.

Update: The draft Budget was tabled in the February board meeting after concerns and discussions, and Tom Pappas and the Foundation made corrections in the intervening period with meetings between Kelly Santalucia, Tom Pappas, Grant Ongers, and Andrew van der Stock. This revised budget is conservative in nearly all estimates, with many opportunities to exceed and risks where income may fall flat. It will be vital that expenses are carefully managed throughout the year. All Board members voted. The majority selected this time slot by preference, with only one Board member voting “if need be”. The Vote will need to be a majority vote (4/7 votes) to pass.

Motion: “Resolved, the 2021 OWASP Foundation budget is formally approved. Grant Ongers motions, Vandana Verma seconds”

Vote:

  • Martin Knobloch - Yes
  • Grant Ongers - Yes
  • Joubin Jabbari - Yes
  • Owen Pendlebury - Yes
  • Vandana Verma - Yes
  • Sherif Mansour - Yes
  • Bil Cory - Absent

Passed: 6-0

NEW BUSINESS

Background The following pull request contains routine/standard/non-controversial changes are motioned for a vote without discussion. The changes address gender-neutral phrasing, minor typos/grammar corrections, and related minor issues identified by our lawyers during the bylaw review.

Motion “Resolved, the Board consent votes to minor changes to the bylaws to address grammar, routine, and non-controversial changes to the OWASP Foundation bylaws. Sherif Mansour motions, Vandana Verma seconds”

Vote

  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Owen Pendlebury - Yes
  • Vandana Verma - Yes
  • Joubin Jabbari - Yes
  • Sherif Mansour - Yes

Passed: 6-0

Motion to conduct an independent board evaluation for the OWASP Foundation

Background: The OWASP Foundation has not had a recent independent board evaluation for some time. Periodic Board evaluations are standard practice for boards. Through Board Source, the current Board training provider, we have a single annual complimentary board evaluation service at no additional cost.

Motion: “Resolved, that the board directs the OWASP Foundation to schedule and conduct a board evaluation for the OWASP Foundation with our existing Board training provider (Board Source).”

  • Sponsor: Sherif Mansour
  • Second: Grant Ongers

Action: Andrew to get information regarding the evaluation process. Example: time committment, etc.

Motion for Developer Outreach Program

Background: OWASP has a huge list of projects but developers have very little knowledge about them. With the developer engagement program, we will do the following things to bring them closer to OWASP.

See below

Motion to pass Grants Policy

Background Grants help fulfill our mission to improve the security of software globally. Any OWASP Member, Chapter, Project, Committee, or Event may create grants for mission-related activities or deliverables, including sabbaticals. This policy creates financially responsible funding mechanisms and a consistent and transparent process to approve, fund, and deliver grant outcomes.

Motion “Resolved, the OWASP Board passes the new Grants policy. The Board directs the OWASP Foundation to consult with the community and create procedures for its safe and effective operation no later than April 30th, 2021. Grant Ongers motions and Sherif Mansour seconds”

Vote

  • Grant Ongers - Yes
  • Bil Corry - Yes
  • Vandana Verma - Yes
  • Joubin Jabbari - Yes
  • Owen Pendlebury - Yes
  • Sherif Mansour - Yes

Passed: 6-0

Motion to pass Awards & Scholarship Policy

Background This policy encourages our community to establish awards or prizes for OWASP competitions and scholarships and travel assistance for OWASP events. Awards recognize high-impact members, chapters, initiatives, projects, or as prizes for OWASP competitions. Scholarships fulfill our mission to underserved and disadvantaged communities and individuals, improving equity and access for those who need assistance. This policy creates financially responsible funding mechanisms, published eligibility and selection criteria, and a consistent and transparent process to award prizes or recipients.

Motion “Resolved, the OWASP Board passes the new Awards and Scholarships policy. The Board directs the OWASP Foundation to consult with the community and create procedures for its safe and effective operation no later than April 30th, 2021. Vandana Verma motions and Grant Ongers seconds”

Vote

  • Bil Corry - Yes
  • Vandana Verma - Yes
  • Joubin Jabbari - Yes
  • Owen Pendlebury - Yes
  • Grant Ongers - Yes
  • Sherif Mansour - Yes

Passed: 6-0

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Education Committee feedback to Board

The Education and Training Committee have asked for ten minutes to allow the two projects currently under their remit How to get into AppSec and Application Security Curriculum to show the Board what they have done, what they have planned, how they work with the committee and what they would like from the Board to continue their mission.

Action: Committee will provide a wider road map in April since these projects will need funding in the future.**

Update on Bylaws

A quick update on bylaw update progress by Sherif Mansour.

Update

  • impact changes to the bylaws requirements a subcommittee
  • entire sections to rewrite
  • may require legal/professional help

Action

  • Sherif will send draft recommendations to the rest of the Board
  • To build a subcommittee
  • Sherif will get a quote on the cost of legal

Developer Outreach Program - Vandana Verma

A program for developer community and developer engagement program. We work with developers to engage them to the security programs that OWASP currently has. This will be in the form of a Project.

Project members will everage the current projects catering to the developers

  • Help developers based on different languages
  • Engage with the Outreach community to spread the word to the developers
  • Have a Developer Security summit in June.

The staff will be helping with below items

  • Setting up a section for developers
  • We will be sharing the projects around the engagement program
  • Sharing socials about the program
  • Inviting developers to share the specific language related content

Sherif - should set up as Project, Committee or the Outreach Committee

Membership Operations - Vandana Verma

  • Lifetime membership for lower income countries
  • Removal of auto-renew edge case (no reminders)
  • How to deal with this issue specific instance
  • How do we deal with this going forward in bylaws

ADJOURNMENT

Adjournment motion

The next general Board meeting is on April 27, at 12 pm US Eastern Daylight Saving Time.

Sponsor: Sherif Mansour Second: Vandana Verma