OWASP - User contributions [en]

October 11, 2016

2016-10-11T22:03:33Z

Tgondrom: /* Secretary Report -Tobias Gondrom */

===Time===
* Date/Time: October 11, 1800 EST [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=11&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

===Notice of Recording===

*Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
*Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.

=== Meeting Minutes===
::- [https://docs.google.com/a/owasp.org/document/d/119FJ2G2EdsVnz8vnxWv0Ee0G3uWMTSVqyxt_1CVrHiY/edit?usp=sharing September meeting minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

* Financial statement
::- [https://docs.google.com/a/owasp.org/document/d/1lKioxigkjwWZhRQNPkCxXA68QOV7pOe9yyDx7NSgplI/edit?usp=sharing Analysis by Tom Pappas on YTD to September 30, 2016]
::- [https://docs.google.com/a/owasp.org/document/d/1lKioxigkjwWZhRQNPkCxXA68QOV7pOe9yyDx7NSgplI/edit?usp=sharing September financial package]

* FY 17 Corporate Sponsorship Rates

::- [https://docs.google.com/a/owasp.org/document/d/1uleQULAICpNG-B1pzI7vKhuydctof4pn8s--PbB96-0/edit?usp=sharing Increase corporate sponsorship levels]

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chair's Report - Matt Konda ===
* Developer Summit
* Bill Approvals, Taxes, Staff Meetings
* OWASP Glue Project

=== Vice Chair's Report - Josh Sokol ===
TBA

=== Treasurer Report - Andrew van der Stock ===

* Financial statement
::- [https://docs.google.com/a/owasp.org/document/d/1lKioxigkjwWZhRQNPkCxXA68QOV7pOe9yyDx7NSgplI/edit?usp=sharing Analysis by Tom Pappas on YTD to September 30, 2016]
::- [https://docs.google.com/a/owasp.org/document/d/1lKioxigkjwWZhRQNPkCxXA68QOV7pOe9yyDx7NSgplI/edit?usp=sharing September financial package]

Based on this information, we are likely to have a reasonable year as long as income is realized in the FY16 financial year. We were looking at about a $150k loss for FY16, and it's currently looking at around $30k loss, which might even improve on that depending on the final training, sponsorship and ticket sales of AppSec USA, and getting on top of our aged receivables, which I believe is a prioritization thing rather than structural.

I am due to meet Tom Pappas on Tuesday during the day. If you want to be a part of the FY 17 budget, please come along - I welcome both existing Board and Board candidates to this discussion. As we are likely to have a near non-profit year, I will be holding the line on unbudgeted expenses if I am re-elected and if the Board will continue to have me as treasurer in 2017. For those Board members with a big project or initiative NOW is the time to get your initiative funded or wait until 2018.

Chapter funds continue to increase. As previously agreed in December 2015's board meeting, I will be sweeping unbudgeted funds from chapters in December 2016. This should become an annual activity to encourage proper financial planning by our larger chapters. I continue to encourage chapter leaders to come up with a plan that is strategically helpful to OWASP's core mission rather than just gold plating their chapter, such as outreach, funding scholarships at Universities, holding a local or regional events, encouraging their members to join and fund on projects of interest to that chapter, and so on. Chapters with a balance of over $5k should present a budget and plan for their funds by December 1. I will personally reach out to these 20-30 affected chapters during October, but would love interested Board members to also help in this process.

Depending on our profitability and end of year bank balance, I am leaning towards a hire of the ED in the early part of 2017. We should be strategic about this role - I personally feel the lack of a financially savvy ED has held us back in 2016, which is reflected in our likely near loss if not zero profit for FY16, especially when considering the financial success of FY15. I encourage the Board to be on the look out for an ED candidate who has strong non-profit financial management, grant writing, and fund raising experience to help us jump to the next level.

Lastly, I will be talking about changes we need to make to bring us into line with good practice at Charity Navigator. We have hit the benchmark lower limit, and FY17 is an audit year for 2016, which will appear in Charity Navigator. If we wish to receive funds from various grant making organisations, we need to strongly align with these good practices, some of which are very simple, some of which are less so. The main one is to make sure it is ultra clear to anyone that our spend on mission is > 80% of our expenses. I will be discussing this with Tom Pappas on Tuesday, as it probably means that we need to make sure that staff costs are allocated to budgets, or demonstrably so. I think we can easily make these benchmarks depending on our financial treatment of expenses.

=== Secretary Report -Tobias Gondrom ===
Nothing to report

=== Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom ===

* Coates - Chapters
TBA

* Carter - Governance
TBA

* Brennan - Projects
- [https://docs.google.com/a/owasp.org/document/d/1WO5tH1t1GU9cLqW8iHIaGUANFossid4xFCmKJq7CSSY/edit?usp=sharing Website]

==Staff Reports==
** [https://docs.google.com/a/owasp.org/document/d/1I09-fAbNanZ5MizuMQXIERnCOFbDxIoeD3197m3nzFs/edit?usp=sharing Director/Operations Update] - Kate
** [TBA Financial Update - Andrew/Tom - See above]
** [https://docs.google.com/a/owasp.org/document/d/1VYI0GC916LmyT_SIymXDvULyxi0U9gSH3fpNukDfPPQ/edit?usp=sharing Event Manager October Report] - Laura Grau
** [https://docs.google.com/a/owasp.org/presentation/d/1iKNXTLb1tlJzutSdCz6giHcI6qIr1oQrjHk49pdYWZU/edit?usp=sharing Project Coordinator Update] - Claudia Casanovas & Matt Tesauro
** [https://docs.google.com/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit[Community Manager Report]] - Tiffany Long - TBA
** [https://www.owasp.org/index.php/September_2016_Membership_Report Membership Report] - Kelly Santalucia

==Old Business==

All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Motion to approve changes to FY17 membership rates (Andrew)
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing

==New Business==

* Discussion on FY17 budget with Tom Pappas (up to 45 minutes)

Tom Pappas and AJV will talk you through our budget process and how to get your budget requests through.

* Discussion on FY17 strategic goals (also includes Tom Pappas) (up to 45 minutes)

This will impact our decisions about budget requests

* Discussion on unbranded chapters receiving funds (Andrew van der Stock, 10 minutes)

* 2017 Virtual AppSec
Example of what we are doing with Mark Miller with [http://www.alldaydevops.com/ All Day Devops]

We have a number of chapters who hold joint meetings, which is fine, but for them to receive money, they should be branded as OWASP meetings, have signed the chapter leader handbook, and are an acknowledged (and recorded in Salesforce) chapter leader. Otherwise we are funding other organisations to hold their meetings, or worse set themselves up to become independent chapters. I'd like to have a discussion with my fellow Board members to alter the Chapter handbook to ensure that funds can only be disbursed to branded chapter meetings, with requests coming from OWASP chapter leaders who have signed the Chapter Leader paperwork.

== Action Items==

* [https://docs.google.com/a/owasp.org/document/d/1uleQULAICpNG-B1pzI7vKhuydctof4pn8s--PbB96-0/edit?usp=sharing Motion to approve FY17 corporate sponsorship levels] (Andrew / Kate) (10 minutes)

* [https://docs.google.com/a/owasp.org/document/d/1oInLPNUQIEd3PLVIVN3LKGeP2ddz5Cb7tdbjH-U2Ckk/edit?usp=sharing Motion from Larry Conklin to appoint two independant directors to the OWASP Board] (Motion by Larry, sponsored by Andrew van der Stock, 10 mins)

==Announcements==
TBA

==Adjournment==
*Next meeting date/time: [https://www.owasp.org/index.php?title=November_9,_2016 November 9 2016 1500-1630 PST] [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

==Motion to close meeting==

OWASP CISO Survey

2016-09-08T17:51:59Z

Tgondrom: /* Other contributors */

__NOTOC__

{| width="100%" cellspacing="0" cellpadding="10"
|- valign="top"
| width="70%" style="background:#d9e9f9" |

= New CISO Survey 2014 Questionnaire is out! =

Please help us and share it with your security manager to fill it out
Questionnaire is available in:
* English: https://www.surveymonkey.com/s/CISOSurvey2014
* Chinese: https://www.surveymonkey.com/s/CISOSurvey2014cn
* Hebrew: https://www.surveymonkey.com/s/CISOSurvey2014iw
* Japanese: https://jp.surveymonkey.com/s/CISOSurvey2014jp

= The CISO Survey and Report 2013 =

CISO Survey 2013 Version 1.0 is published in January 2014.

== Contents ==

* Preamble
** [[CISO Survey 2013: Foreword|Foreword]]
** [[CISO Survey 2013: Executive Summary|Executive Summary]]
** [[CISO Survey 2013: Introduction|Introduction]]

* The CISO Survey Report
** [[CISO Survey 2013: Threats and risks|Threats and risks]]
** [[CISO Survey 2013: Investments and challenges|Investments and challenges]]
** [[CISO Survey 2013: Tools and technology|Tools and technology]]
** [[CISO Survey 2013: Governance and control|Governance and control]]
** [[CISO Survey 2013: Conclusions|Conclusions]]

* Supporting Information
** [[CISO Survey 2013: References|References]]
** [[CISO AppSec Guide: About OWASP|About OWASP]]

* Appendix
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix A: Quick Reference to OWASP Guides & Projects]]
** [[CISO Survey 2013: OWASP project list | Appendix B: References to selection of OWASP Guides and Projects]]

== Licensing ==

The OWASP CISO Survey Report is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

== Register to receive future updates and survey reports ==

If you wish to receive only updates about future releases of the OWASP CISO Survey and related CISO projects, you can register your email address here: https://docs.google.com/forms/d/1DBYIpWcx6IAZNHOXufdkLZKLIQXetwgbxxd7h_mqWN0/viewform
(or in short URL: http://ow.ly/tHeT9 )

(Your contact details will of course be kept strictly confidential and only used to send you updates about new releases of OWASP CISO projects and invitations to participate in the OWASP CISO Survey. And you can of course unsubscribe from this service at any time.)

| width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |

<div style="width:100px;max-height:300px;border:0;margin:0;padding-left:6px;padding-right:6px;overflow:visible;">[[File:CISO-Guide-bar.jpg|link=]]</div>

| width="30%" style="background:#eeeeee" |

[[File:Ciso_survey_report_2013n_300x200.jpg|link=https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf]]

=Credits =

== Project lead and main author ==

* [[User:Tgondrom|Tobias Gondrom]]

== Other contributors ==

Co-authors, contributors and reviewers:

* [[User:Marco-cincy|Marco Morana]]
* [[User:Stephanie_Tan|Stephanie Tan]]
* [[User:Clerkendweller|Colin Watson]]
* [[User:WenJun|WenJun]]
* [[User:EoinKeary|Eoin Keary]] - Originator of initial first set of questions
* [https://www.owasp.org/index.php/OWASP_CISO_Survey_Project#tab=Acknowledgements And further Acknowledgements]: many more helping hands from OWASP chapters around the world and the former Global Industry Committee, providing input, designing questions, translating and sending out the survey questions around the globe. Thank you all! We couldn't have done it without you!

= Further Information =

== CISO Survey ==

The OWASP CISO Survey is also available as
* [https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf Free downloadable PDF]
* [http://www.lulu.com/shop/owasp-foundation/ciso-survey-and-report-2013/paperback/product-21480821.html At cost print on demand color booklet].

For full information about the OWASP CISO Survey Report Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
* [https://www.owasp.org/index.php/OWASP_CISO_Survey_Project CISO Survey Project Page]

== CISO Guide ==
The contributors from the [[Application Security Guide For CISOs]] also provided invaluable input for this survey report.

|}

[[Category:OWASP CISO Survey Project]]

CISO AppSec Guide: People and Organisation

2016-08-18T21:29:08Z

Tgondrom: /* V-2 Organisation */

[[Application Security Guide For CISOs|< Back to the Application Security Guide For CISOs]]
__NOTOC__
= Part V: People and Organisation =

== V-1 Executive Summary ==
After setting up the program, strategy, risk management and policies, let's turn to the people and the organisational structures that can support and enhance the Application Security Strategies.

[[File:CISO-Guide-PPT-orga.jpg]]

== V-2 Organisation ==

=== Organisation Structures Variance ===

In order to analyse what would be good and effective organisation structures, it is useful to analyse the different dimensions of various best practices and their success criteria, strengths and weaknesses.
Organisation Structures can vary greatly from one organisation to the other. And further reviews did show that even if functions my carry the same name, they may still not actually carry the same responsibilities, capabilities or capacites.

Such criteria for organisational structures can be based on
* historical reasons (e.g which department first started to care about Security or simple political calculations).
* company culture (what organisational structure fits best with the company culture)
* individual leader’s abilities and preferences (often if some department leader has a background in one specific area, that may be randomly added into the security functions and equally if the leader is sceptical about some areas, he may decide to leave such functions separately...

=== Frameworks: Organization Design Principles ===

Synergies
* Maximise synergies with related functions
* Customer Value
* Avoid conflicts of interest

* influenced by history and personal strengths of some of the managers
* more mature organizations less concerned with conflicts (as these can be resolved through other means), more oriented towards organizational synergies…

== V-3 People and Education ==

[[File:VA_Metrics.jpg]]

[[ File:Issue_SDLC_metrics.jpg]]

[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

CISO AppSec Guide: People and Organisation

2016-08-18T21:28:17Z

Tgondrom: /* V-2 Organisation */

[[Application Security Guide For CISOs|< Back to the Application Security Guide For CISOs]]
__NOTOC__
= Part V: People and Organisation =

== V-1 Executive Summary ==
After setting up the program, strategy, risk management and policies, let's turn to the people and the organisational structures that can support and enhance the Application Security Strategies.

[[File:CISO-Guide-PPT-orga.jpg]]

== V-2 Organisation ==

=== Organisation Structures Variance ===

In order to analyse what would be good and effective organisation structures, it is useful to analyse the different dimensions of various best practices and their success criteria, strengths and weaknesses.
Organisation Structures can vary greatly from one organisation to the other. And further reviews did show that even if functions my carry the same name, they may still not actually carry the same responsibilities, capabilities or capacites.

Such criteria for organisational structures can be based on
* historical reasons (e.g which department first started to care about Security or simple political calculations).
* company culture (what organisational structure fits best with the company culture)
* individual leader’s abilities and preferences (often if some department leader has a background in one specific area, that may be randomly added into the security functions and equally if the leader is sceptical about some areas, he may decide to leave such functions separately...

=== Frameworks: Organization Design Principles ===

Synergies
* Maximise synergies with related functions
* Customer Value
* Avoid conflicts of interest

== V-3 People and Education ==

[[File:VA_Metrics.jpg]]

[[ File:Issue_SDLC_metrics.jpg]]

[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

CISO AppSec Guide: People and Organisation

2016-08-18T21:19:48Z

Tgondrom:

File:CISO-Guide-PPT-orga.jpg

2016-08-18T21:18:54Z

Tgondrom: Tgondrom uploaded a new version of "File:CISO-Guide-PPT-orga.jpg"

PPT

CISO AppSec Guide: People and Organisation

2016-08-18T21:12:15Z

Tgondrom:

File:CISO-Guide-PPT-orga.jpg

2016-08-18T21:10:20Z

Tgondrom: PPT

PPT

File:CISO-Guide-PPT-org.png

2016-08-18T21:05:14Z

Tgondrom: PPT-org

PPT-org

CISO AppSec Guide: People and Organisation

2016-08-18T20:43:19Z

Tgondrom: adding chapter V: people and organisation

Application Security Guide For CISOs v1.1bis

2016-08-18T20:39:08Z

Tgondrom: /* Contents */

__NOTOC__

{| width="100%" cellspacing="0" cellpadding="10"
|- valign="top"
| width="70%" style="background:#d9e9f9" |

= The CISO Guide =

'''Application Security Guide For CISOs''' Version 1.0 was published in November 2013.

La [[Guía de Seguridad en Aplicaciones para CISOs]] versión 1.0 (Español) fue publicada en marzo de 2015.

== Contents ==

* Preamble
** [[CISO AppSec Guide: Introduction|Introduction]]
** [[CISO AppSec Guide: Executive Summary|Executive Summary]]
** [[CISO AppSec Guide: Foreword|Foreword]]
* The CISO Guide
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
** [[CISO AppSec Guide: Application Security Program|Part III: Application Security Program]]
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
** [[CISO AppSec Guide: People and Organisation|Part V: People and Organisation]]
* Supporting Information
** [[CISO AppSec Guide: References|References]]
** [[CISO AppSec Guide: About OWASP|About OWASP]]
* Appendix
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix A: Value of Data & Cost of an Incident]]
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix B: Quick Reference to OWASP Guides & Projects]]

== Licensing ==

The OWASP Application Security Guide For CISOs is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |

<div style="width:100px;max-height:300px;border:0;margin:0;padding-left:6px;padding-right:6px;overflow:visible;">[[File:CISO-Guide-bar.jpg|link=]]</div>

| width="30%" style="background:#eeeeee" |

=Credits =

== Project lead and main author ==

* [[User:Marco-cincy|Marco Morana]]

== Other contributors ==

Co-authors, contributors and reviewers:

* [[User:Tobias|Tobias Gondrom]]
* [[Eoin_Keary|Eoin Keary]]
* [[User:Andylew|Andy Lewis]]
* [[User:Stephanie_Tan|Stephanie Tan]]
* [[User:Clerkendweller|Colin Watson]]

== Versión en español ==

La [[Guía de Seguridad en Aplicaciones para CISOs]] (Español) fue editada y corregida por Mauro Gioino, Mauro Graziosi y [[User:Cristian_Borghello|Cristian Borghello]].

=== Traductores al español ===

* Daniel J. Fernández
* Franco Cian
* German Chiovetta
* Javier Albano
* Lucas Barbero
* [[User:Walter_Heffel|Walter Heffel]]

= Further Information =

== CISO guide ==

The OWASP CISO Guide is also available as
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf [EN] Download PDF]
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide_es.pdf [ES] Descarga PDF]
* [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html At cost print on demand monochrome book].

For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project CISO Guide Project Page]

== CISO survey ==

The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.

|}

[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

Application Security Guide For CISOs v1.1bis

2016-08-18T20:38:05Z

Tgondrom: /* Contents */ added chapter 5 people and org

__NOTOC__

{| width="100%" cellspacing="0" cellpadding="10"
|- valign="top"
| width="70%" style="background:#d9e9f9" |

= The CISO Guide =

'''Application Security Guide For CISOs''' Version 1.0 was published in November 2013.

La [[Guía de Seguridad en Aplicaciones para CISOs]] versión 1.0 (Español) fue publicada en marzo de 2015.

== Contents ==

* Preamble
** [[CISO AppSec Guide: Introduction|Introduction]]
** [[CISO AppSec Guide: Executive Summary|Executive Summary]]
** [[CISO AppSec Guide: Foreword|Foreword]]
* The CISO Guide
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
** [[CISO AppSec Guide: Application Security Program|Part III: Application Security Program]]
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part V: People and Organisation]]
* Supporting Information
** [[CISO AppSec Guide: References|References]]
** [[CISO AppSec Guide: About OWASP|About OWASP]]
* Appendix
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix A: Value of Data & Cost of an Incident]]
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix B: Quick Reference to OWASP Guides & Projects]]

== Licensing ==

The OWASP Application Security Guide For CISOs is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |

<div style="width:100px;max-height:300px;border:0;margin:0;padding-left:6px;padding-right:6px;overflow:visible;">[[File:CISO-Guide-bar.jpg|link=]]</div>

| width="30%" style="background:#eeeeee" |

=Credits =

== Project lead and main author ==

* [[User:Marco-cincy|Marco Morana]]

== Other contributors ==

Co-authors, contributors and reviewers:

* [[User:Tobias|Tobias Gondrom]]
* [[Eoin_Keary|Eoin Keary]]
* [[User:Andylew|Andy Lewis]]
* [[User:Stephanie_Tan|Stephanie Tan]]
* [[User:Clerkendweller|Colin Watson]]

== Versión en español ==

La [[Guía de Seguridad en Aplicaciones para CISOs]] (Español) fue editada y corregida por Mauro Gioino, Mauro Graziosi y [[User:Cristian_Borghello|Cristian Borghello]].

=== Traductores al español ===

* Daniel J. Fernández
* Franco Cian
* German Chiovetta
* Javier Albano
* Lucas Barbero
* [[User:Walter_Heffel|Walter Heffel]]

= Further Information =

== CISO guide ==

The OWASP CISO Guide is also available as
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf [EN] Download PDF]
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide_es.pdf [ES] Descarga PDF]
* [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html At cost print on demand monochrome book].

For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project CISO Guide Project Page]

== CISO survey ==

The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.

|}

[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

Application Security Guide For CISOs v1.1bis

2016-08-18T20:35:57Z

Tgondrom: creating version 1.1

__NOTOC__

{| width="100%" cellspacing="0" cellpadding="10"
|- valign="top"
| width="70%" style="background:#d9e9f9" |

= The CISO Guide =

'''Application Security Guide For CISOs''' Version 1.0 was published in November 2013.

La [[Guía de Seguridad en Aplicaciones para CISOs]] versión 1.0 (Español) fue publicada en marzo de 2015.

== Contents ==

* Preamble
** [[CISO AppSec Guide: Introduction|Introduction]]
** [[CISO AppSec Guide: Executive Summary|Executive Summary]]
** [[CISO AppSec Guide: Foreword|Foreword]]
* The CISO Guide
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
** [[CISO AppSec Guide: Application Security Program|Part III: Application Security Program]]
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
* Supporting Information
** [[CISO AppSec Guide: References|References]]
** [[CISO AppSec Guide: About OWASP|About OWASP]]
* Appendix
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix A: Value of Data & Cost of an Incident]]
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix B: Quick Reference to OWASP Guides & Projects]]

== Licensing ==

The OWASP Application Security Guide For CISOs is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |

<div style="width:100px;max-height:300px;border:0;margin:0;padding-left:6px;padding-right:6px;overflow:visible;">[[File:CISO-Guide-bar.jpg|link=]]</div>

| width="30%" style="background:#eeeeee" |

=Credits =

== Project lead and main author ==

* [[User:Marco-cincy|Marco Morana]]

== Other contributors ==

Co-authors, contributors and reviewers:

* [[User:Tobias|Tobias Gondrom]]
* [[Eoin_Keary|Eoin Keary]]
* [[User:Andylew|Andy Lewis]]
* [[User:Stephanie_Tan|Stephanie Tan]]
* [[User:Clerkendweller|Colin Watson]]

== Versión en español ==

La [[Guía de Seguridad en Aplicaciones para CISOs]] (Español) fue editada y corregida por Mauro Gioino, Mauro Graziosi y [[User:Cristian_Borghello|Cristian Borghello]].

=== Traductores al español ===

* Daniel J. Fernández
* Franco Cian
* German Chiovetta
* Javier Albano
* Lucas Barbero
* [[User:Walter_Heffel|Walter Heffel]]

= Further Information =

== CISO guide ==

The OWASP CISO Guide is also available as
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf [EN] Download PDF]
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide_es.pdf [ES] Descarga PDF]
* [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html At cost print on demand monochrome book].

For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project CISO Guide Project Page]

== CISO survey ==

The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.

|}

[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

Board

2016-07-01T17:30:28Z

Tgondrom: undeleted the link to May-18 board meeting

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board - Effective January 2016 ==

* [[Matt Konda]] Chicago, USA - matt.konda(at)owasp.org
* [[User:Jsokol|Josh Sokol]] Texas, USA - josh.sokol(at)owasp.org
* [[Andrew van der Stock]] Australia - vanderaj(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - California, USA - michael.coates(at)owasp.org
* [[User:Tgondrom|Tobias Gondrom]] Hong Kong - tobias.gondrom(at)owasp.org
* [[User:brennan|Tom Brennan]] New Jersey, USA - tomb(at)owasp.org

== OWASP Board Elections ==
=== 2016 Election ===
[https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election 2016 Board Election]
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2016 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2016 Meetings ==

* [[July 1, 2016]], 18:00-21:00 CEST, in Rome at AppSecEU - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[July 27, 2016]], 07:00-08:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[August 24, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=24&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[September 21, 2016]] 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=09&day=21&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[October 14, 2016]], at AppSecUSA 18:00 - 21:00 EDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=14&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[November 9, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[November 30, 2016]], 15:00-16:30 PST - placeholder only optional if needed - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[December 14, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

== Past 2016 Meetings ==
* [[May 18, 2016]], 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[April 20, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[March 16, 2016]], 16:00-17:00 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[February 17, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[January 13, 2016]], 16:00-17:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws] 
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements] 
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents] 
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] Postponed until March 9, 2010

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Focus Ideas =

== First suggested priority of Board from Paul ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects Ideas==

* Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
* New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
* Project Summit support & funding
* International Chapter / Region support & funding for projects
* Hire full or part time technical writer to help with project (from Simon, flagship project lead)
* a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea https://whispersystems.org/blog/bithub/). I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
* help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
* make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
* project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
* get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
* conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
* "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
* continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

July 1, 2016

2016-07-01T15:27:12Z

Tgondrom: adding governance report

===Time===
*Date/Time: July 1, 2016/6pm-9pm CEST
* [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

===Location===

[http://www.marriott.com/hotels/travel/romau-rome-marriott-park-hotel/ Rome Marriott-Park Hotel]

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
July 1, 2016 Meeting Minutes
::- TBA

May 18, 2016 Meeting Minutes:
::- https://docs.google.com/document/d/14uLi51kUGcmqIfjZJ0WEe2WZO4_-lUabdPBS4XSz7V0/edit?usp=sharing

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

* OWASP Website Project draft report - post comments on the draft
https://docs.google.com/document/d/1OWo4Er61iK2ySwoJsuCHw9ManGHjiMURuRiQUmMVSuY/edit?usp=sharing

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chair's Report - Matt Konda ===
* Developer Initiatives: Chicago Coder Conference, Goto; Chicago, TechNexus Panel on Security, Chicago FTW Start with Security Panel
* Organizational
** Staff meetings
** Hiring follow through for STC
* Minimal Bill payments
* 1:1 with staff at AppSecEU

=== Vice Chair's Report - Josh Sokol ===
* I've got nothing major to report here so let's save the time for some of the bigger discussions that we need to have.

=== Treasurer Report - Andrew van der Stock ===

From January to around at least April, OWASP had operational reserves far less than the target operational reserve target of six months. This is due to a lack of revenue, unbudgeted expenses, and a split model that favors one strategic goal over all others. Luckily, the success of AppSec EU has made a recovery possible, and provides breathing room until this is resolved.

Unfortunately, the 2016 draft budget was never finished, and it was not approved. We need to approve a revised 2016 budget. There will be a budget working party held in Rome to get through this out of cycle budgeting process that will hopefully put in a reasonable budget for the rest of the year until planning can start again at the October face to face board meeting.

I have created a set of financial motions that address revenue, such as a membership fee increase, additional membership classes, a training program, and to invest $250k of our unused earmarked funds in a structured investment program. These measures will collectively increase our membership, particularly in the developing economies, and improve our bottom line by over $100k per year, with an additional $60-75k over five years from investing the earmarked funds.

We will need to work together on structural reform that addresses the profit splitting more equitably so that future operational reserves do not go below six months, and so we can invest in all of our strategic goals, and not just one. This is not optional, because there is a risk that a future AppSec conference does not do well, as happened in 2012, this could bring OWASP down. We need to address this structural reform so that we can grow to a $5m per year organisation, which has far different issues than we do today.

*Josh Comment: AppSecUSA 2012 was the highest grossing AppSec conference ever held at the time. Not sure where this comment comes from, but it is wrong.

=== Chapters - Michael Coates ===
* Working with Tiffany regarding concerns over a specific chapter election
* Waiting on Sooryen information before further chapter outreach

== Financial information ==

* June financial package
::- TBA

* 2016 Draft Budget
::- TBA

== Financial motions ==

* Motion to invest a portion of unused funds in a ladder CD arrangement
::- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#

* Motion to approve changes to FY17 membership rates
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing

* Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
::- https://docs.google.com/a/owasp.org/document/d/1GTcff47NFDgFCnnFTvaEehdecc-TU2PWjAqc9x470Vw/edit?usp=sharing

* Motion to create an OWASP open training platform
::- https://docs.google.com/document/d/1dZ-6eJyNj5iiTTo9AS5NC77PYwOF0D9aTHz8dmcJGJ0/edit#

=== Secretary Report - ########## ===

* Need to assign this role to a current board member to fill vacancy - [http://www.nonprofitlawblog.com/duties-of-the-secretary-of-a-nonprofit-corporation/ why]

=== Governance report ===
open issues
* replacement of resigned board member Jim. Motion appoint next on voted list from last year for the remainder of the term (until Dec-31, 2016).
* brand management
* copyright statement recommendations
* complaints (several complaints open with compliance team, Matt had as chairman communication with some parties).

(all these topics are important, but not as urgent as getting our expenses in order and deciding on progressing for the ED role, etc. Therefore, I propose to table them until our next board meeting in 3 weeks time, end of July)

=== Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom ===

* Coates - Chapters

* Gondrom - Governance

* Brennan - Projects

==Reports==
* Executive Director/Operations Update - [https://docs.google.com/a/owasp.org/document/d/1gMcPLK_zC_HJJKmqd72bOP66W0XzvAGjMzRabGW6N7M/edit?usp=sharing Rollup Report]
** Financial Update - [Link| Board Summary Combined] [Link| Combined Balance Sheet]
** Director Update - Kate Hartmann - see rollup report above
** Project Coordinator Update -DRAFT[https://docs.google.com/a/owasp.org/presentation/d/1jeTYCaTRw-lqJV0q3OpYiTZCrAwf4T9fKiMjqHccm44/edit?usp=sharing| Claudia Aviles Casanovas Update]
** Membership Update - [https://www.owasp.org/index.php/May_2016_Membership_Report Membership Report] Kelly Santalucia Update]
** [Link| Conference Manager Report] - Laura Grau
** IT Update - [Link| IT Status Report as of 2016-05-17] - Matt Tesauro

=== Community Initiative Reports ===

==Old Business==

All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Motion to create Regional Advisory Councils - Please read final draft. Vote held over from January 2016
::- https://docs.google.com/document/d/16y0acWfeZ_skcO27D-conivvlbSqPbAC1xTY5UfJi_4/edit

==New Business==

* Status of filed Trademarks with the USPO and discussion about brand usage and resources
::- https://www.owasp.org/index.php/Marketing/Resources

* Co-Marketing Agreements with other conferences
::- https://www.owasp.org/index.php/Owasp_Conference_Management_System
::- https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference

== Action Items==

* Approve a 2016 Budget
::- Draft budget forthcoming (AJV)

* Motion to appoint a replacement secretary for the remainder of 2016
::- https://docs.google.com/a/owasp.org/document/d/1ir9P0kz7HQuJqOEpgL4r2yKwLQCR47gLswvliaqzyak/edit?usp=sharing

* Motion to appoint a casual vacancy on the OWASP Global Board for the remainder of 2016
::- https://docs.google.com/a/owasp.org/document/d/1ukMZJ9MdCITjT1t_IWC4pxKZKcqATOu-yFpZ1ruddrc/edit?usp=sharing

* Motion to invest a portion of unused funds in a ladder CD arrangement
::- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#

* Motion to approve changes to FY17 membership rates
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing

* Motion to add a developing nation membership class of $USD 20 annually
::- https://docs.google.com/a/owasp.org/document/d/14OBSW4kcsFsuEGyGg1K8UXkuoYQAzdY49gvXmkUiYyg/edit?usp=sharing

* Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
::- https://docs.google.com/a/owasp.org/document/d/1GTcff47NFDgFCnnFTvaEehdecc-TU2PWjAqc9x470Vw/edit?usp=sharing

* Motion to create an OWASP open training platform
::- https://docs.google.com/document/d/1dZ-6eJyNj5iiTTo9AS5NC77PYwOF0D9aTHz8dmcJGJ0/edit#

==Announcements==

==Adjournment==
*Next meeting date/time: [https://www.owasp.org/index.php?title=July_27,_2016 July 27th]

==Motion to close meeting==

January 13, 2016

2016-01-13T15:32:21Z

Tgondrom: update procedure for board role elections.

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
* [https://www.dropbox.com/s/ficrbm5mot9i2ho/2015-12-09%2015.04%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 9 December 2015 OWASP Board Meeting]

===Time===
* [[January 13, 2016]], 16:00-17:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
* [https://docs.google.com/document/d/1R73i3wAH1Xqi1urlplpELpn0PiDICimwUeWpO7jT9Ro/edit#heading=h.gjdgxs 9 December 2015 OWASP Board Meeting Minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

= Meeting Agenda =
== Call to Order /OWASP Mission ==
Open Meeting - Start Recording, List attendees and Agenda update (only if last-minute changes are needed) (5 min)
* Approve minutes from December 9, 2015.

== Actionable Agenda Topics ==

* (10 minutes) Nominate / select 2016 Board Officers including Compliance Officer
** Further discussion & action as needed on proposal to change title & responsibilities of At-Large Board members as defined in [https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf Bylaws] to more specific focus areas.
** Election follows simple order of electing per role: 1. Chairman, 2.Vicechair, 3. Treasurer, 4. Secretary, 5. Board-member at large (Chapters), 6. Board-member-at-large (Projects), 7. Board-member-at-large (Governance)
** if in the first round no majority can be established for a candidate, there shall be a second voting round between the two leading candidates.
* (10 minutes) - TB - [http://lists.owasp.org/pipermail/owasp-leaders/2016-January/015869.html Proposal] to establish (4) Regional Councils per bylaws [https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf article/section 5.02]

Appoint (10) OWASP Members from each region from Projects/Chapters/Industry
Asia-Pacific Security Council (APSC)
North America Security Council (NASC)
Europe Middle East and Africa Security Council (ESC)
Latin America Security Council (LASC)

== Discussion Topics ==
* (15 minutes) - [https://docs.google.com/document/d/1LHK6wXJQVrc_NP_gbYy2wpiuNze32XkoIhFVL7V39i0/edit?usp=sharing 2016 Strategic Goals] & Budget. Review Updates, Approve as needed.
** [https://docs.google.com/a/owasp.org/spreadsheets/d/1u7jJ9IxvrvbnWkxeMoYhTnYjRrnoR47PyBA5fsJp3FY/edit?usp=sharing Updated 2016 Budget Draft as of January 12, 2016]
* (15 minutes) - Getting the financial fundamentals right - keeping a lid on expenses, understanding our funding envelope (there is no bottomless bucket of cash), and improving income growth AJV
* (10 minutes) - Discuss OWASP IT systems, with a view to consolidation and transformation AJV

== Misc. Topics (10-15 Minutes) ==
* Add here

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* add items

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [name of person adding topic] - topic
** [vote needed | discussion topic]

== Action Item Follow-Up ==
*

== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
*
=== Vice Chairmain's Report - Josh Sokol ===
*
=== Treasurer Report - Fabio Cerullo (Interim, until new Treasurer selected) ===
*
=== Secretary Report - Matt Konda ===
*
=== Updated from Members at Large - Tom Brennan, Michael Coates, Andrew van der Stock & Jim Manico ===

==Reports==
* Executive Director/Operations Update - [https://docs.google.com/document/d/1y4vemp7AC3Kcmv74m8ulSv-AjtQhkZpzUKEosPnaSFo/edit?usp=sharing Executive Director Summary Report for January 2016 P.Ritchie]
** Financial Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKQXk3WF9PMWtJdTQ/view?usp=sharing November 2015 Monthly & YTD Financials, Balance sheet, P&L, Actuals to Budget in excel format]
** Director Update - Kate Hartmann - [https://docs.google.com/a/owasp.org/document/d/1kLXwHn_PhHGjTBDbGJ8WX_wVZw02IULZUdAO8qPK4BU/edit?usp=sharing Kate Hartmann Update]
** Project Manager Update - [link:addme Project Manager Report]
** Community Manager Update - Noreen Whysel [https://docs.google.com/a/owasp.org/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit?usp=sharing - Community Manager Report for January 2016]
** Membership Update - [https://www.owasp.org/index.php/December_2015_Membership_Report December 2015 Membership Report]
** Events Manager Update - [https://www.owasp.org/images/d/d0/January2016ConferenceManagerReport_%281%29.pdf Conference Manager monthly report for January 2016]
** IT Update - [https://docs.google.com/a/owasp.org/document/d/1xJxU3ymp6gUbzBTkrx0nwp1SQ-n-yrRkz1OqECrOFRU/edit?usp=sharing Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

Board

2015-12-30T12:28:26Z

Tgondrom: /* Agenda for 2016 Meetings */ changes due to AppSec USA schedule update

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board 2015 ==

* [[User:Tgondrom|Tobias Gondrom]] - OWASP Chair - Hong Kong - tobias.gondrom(at)owasp.org
* [[User:Jsokol|Josh Sokol]] - Vice Chair - Texas, USA - josh.sokol(at)owasp.org
* [[User:Fabio.e.cerullo|Fabio Cerullo]] - Treasurer - Ireland - fcerullo(at)owasp.org
* [[Matt Konda]] - Secretary - matt.konda(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - Special Projects - San Francisco, CA USA - michael.coates(at)owasp.org
* [[Andrew van der Stock]] - Special Projects - Australia - vanderaj(at)owasp.org
* [[User:Jmanico|Jim Manico]] - Special Projects - Hawaii - jim(at)owasp.org

== OWASP Board Elections ==
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2016 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2016 Meetings ==

* [[January 13, 2016]], 16:00-17:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[February 17, 2016]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[March 16, 2016]], 16:00-17:00 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[April 20, 2016]], 16:00-17:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[May 18, 2016]], 07:00-08:30 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[July 1, 2016]], 18:00-21:00 CEST, in Rome at AppSecEU - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[July 27, 2016]], 07:00-08:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[August 24, 2016]], 16:00-17:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=24&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[September 21, 2016]] 07:00-08:30 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=09&day=21&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[October 14, 2016]], at AppSecUSA 18:00 - 21:00 EDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=14&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 9, 2016]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 30, 2016]], 15:00-16:30 PST - placeholder only optional if needed - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[December 14, 2016]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws] 
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements] 
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents] 
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] Postponed until March 9, 2010

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Focus Ideas =

== First suggested priority of Board from Paul ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects Ideas==

* Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
* New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
* Project Summit support & funding
* International Chapter / Region support & funding for projects
* Hire full or part time technical writer to help with project (from Simon, flagship project lead)
* a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea https://whispersystems.org/blog/bithub/). I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
* help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
* make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
* project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
* get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
* conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
* "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
* continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

Board

2015-12-29T11:07:13Z

Tgondrom: /* Agenda for 2016 Meetings */ correct some minor spelling error

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board 2015 ==

* [[User:Tgondrom|Tobias Gondrom]] - OWASP Chair - Hong Kong - tobias.gondrom(at)owasp.org
* [[User:Jsokol|Josh Sokol]] - Vice Chair - Texas, USA - josh.sokol(at)owasp.org
* [[User:Fabio.e.cerullo|Fabio Cerullo]] - Treasurer - Ireland - fcerullo(at)owasp.org
* [[Matt Konda]] - Secretary - matt.konda(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - Special Projects - San Francisco, CA USA - michael.coates(at)owasp.org
* [[Andrew van der Stock]] - Special Projects - Australia - vanderaj(at)owasp.org
* [[User:Jmanico|Jim Manico]] - Special Projects - Hawaii - jim(at)owasp.org

== OWASP Board Elections ==
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2016 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2016 Meetings ==

* [[January 13, 2015]], 16:00-17:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[February 17, 2015]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[March 16, 2015]], 16:00-17:00 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[April 20, 2015]], 16:00-17:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[May 18, 2015]], 07:00-08:30 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[July 1, 2015]], 18:00-21:00 CEST, in Rome at AppSecEU - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[July 27, 2015]], 07:00-08:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[August 24, 2015]], 16:00-17:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=24&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[September 23 still TBC, 2015]] at AppSecUSA 18:00 - 21:00 EDT - TBC
* [[October 19, 2015]], 07:00-08:30 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=19&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 9, 2015]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 30, 2015]], 15:00-16:30 PST - placeholder only optional if needed - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[December 14, 2015]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws] 
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements] 
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents] 
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] Postponed until March 9, 2010

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Focus Ideas =

== First suggested priority of Board from Paul ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects Ideas==

* Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
* New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
* Project Summit support & funding
* International Chapter / Region support & funding for projects
* Hire full or part time technical writer to help with project (from Simon, flagship project lead)
* a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea https://whispersystems.org/blog/bithub/). I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
* help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
* make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
* project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
* get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
* conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
* "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
* continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

Board

2015-12-29T09:17:09Z

Tgondrom: update with new meeting times for 2016 and moving meetings to archive for 2015

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board 2015 ==

* [[User:Tgondrom|Tobias Gondrom]] - OWASP Chair - Hong Kong - tobias.gondrom(at)owasp.org
* [[User:Jsokol|Josh Sokol]] - Vice Chair - Texas, USA - josh.sokol(at)owasp.org
* [[User:Fabio.e.cerullo|Fabio Cerullo]] - Treasurer - Ireland - fcerullo(at)owasp.org
* [[Matt Konda]] - Secretary - matt.konda(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - Special Projects - San Francisco, CA USA - michael.coates(at)owasp.org
* [[Andrew van der Stock]] - Special Projects - Australia - vanderaj(at)owasp.org
* [[User:Jmanico|Jim Manico]] - Special Projects - Hawaii - jim(at)owasp.org

== OWASP Board Elections ==
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2016 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2016 Meetings ==

* [[January 13, 2015]], 16:00-17:30am PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[February 17, 2015]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[March 16, 2015]], 16:00-17:00 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[April 20, 2015]], 16:00-17:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[May 18, 2015]], 07:00-08:30 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[July 1, 2015]], 18:00-21:00 CEST, in Rome at AppSecEU - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[July 27, 2015]], 07:00-08:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[August 24, 2015]], 16:00-17:00 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=24&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[September 23 still TBC, 2015]] at AppSecUSA 18:00 - 21:00 EDT - TBC
* [[October 19, 2015]], 07:00-08:30 PDT - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=19&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 9, 2015]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 30, 2015]], 15:00-16:30 PST - placeholder only optional if needed - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[December 14, 2015]], 15:00-16:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws] 
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements] 
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents] 
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] Postponed until March 9, 2010

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Focus Ideas =

== First suggested priority of Board from Paul ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects Ideas==

* Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
* New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
* Project Summit support & funding
* International Chapter / Region support & funding for projects
* Hire full or part time technical writer to help with project (from Simon, flagship project lead)
* a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea https://whispersystems.org/blog/bithub/). I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
* help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
* make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
* project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
* get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
* conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
* "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
* continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

Board

2015-11-06T08:23:13Z

Tgondrom: /* Upcoming 2015 Meetings */ activated placeholder

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board 2015 ==

* [[User:Tgondrom|Tobias Gondrom]] - OWASP Chair - Hong Kong - tobias.gondrom(at)owasp.org
* [[User:Jsokol|Josh Sokol]] - Vice Chair - Texas, USA - josh.sokol(at)owasp.org
* [[User:Fabio.e.cerullo|Fabio Cerullo]] - Treasurer - Ireland - fcerullo(at)owasp.org
* [[Matt Konda]] - Secretary - matt.konda(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - Special Projects - San Francisco, CA USA - michael.coates(at)owasp.org
* [[Andrew van der Stock]] - Special Projects - Australia - vanderaj(at)owasp.org
* [[User:Jmanico|Jim Manico]] - Special Projects - Hawaii - jim(at)owasp.org

== OWASP Board Elections ==
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2015 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2015 Meetings ==
* [[November 4, 2015]], 12:00-13:30 PST (moved an hour earlier to allow for 90minute duration to cover more topics like goals and budget) - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=11&day=4&hour=20&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* [[November 18, 2015]], 14:00-15:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=11&day=18&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152)
* [[December 9, 2015]], 15:00-17:00 PST http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=12&day=9&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* based on past experience additional budget and goals meetings may be needed for December 2015.

== Past 2015 Meetings ==
* [[January 14, 2015]], 9am-10am PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[April 29, 2015]], 12:00-13:00 PST
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[June 24, 2015]], 14:00-15:00 PDT
* [[July 22, 2015]], 14:00-15:00 PDT
* [[August 12, 2015]], 16:00-17:00 PST
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[October 14, 2015]], 14:00-15:00 PDT

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws] 
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements] 
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents] 
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] Postponed until March 9, 2010

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Ideas from Paul =

== First suggested priority of Board ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects==
* Project Review & Project Platform - good progress, keep it going
* "more" volunteer engagement to provide more diverse review would be good.
* New Project Ideas - Where is industry going, where will it be in 5 years?
* Project Summit support & funding
* International Chapter / Region support & funding

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

November 4, 2015

2015-11-04T06:23:33Z

Tgondrom: /* Call to Order /OWASP Mission */ add Matt's ideas

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[https://www.dropbox.com/s/3r1kvgds37667sb/2015-09-25%2018.23%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 25 September 2015 OWASP Board Meeting]
* [https://www.dropbox.com/s/0itybmbgcj294hk/2015-10-14%2014.03%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 14 October 2015 OWASP Board Meeting]
* [ Recording of 4 November 2015 OWASP Board Meeting]
===Time===

* November 4 OWASP Board meeting, Start-time is 12:00-13:30 PST
* Start-Time adjusted for Daylight Savings time end. View www.timeanddate.com/worldclock to confirm
* Global Start-Time, November 4 = 10:00 Hawaii; 12:00 Pacific; 14:00 Central; 21:00 London; 22:00 CET
* Global Start-Time, November 5 = 05:00 Tokyo; 07:00 Melbourne

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===

* [https://docs.google.com/a/owasp.org/document/d/1iun7xfeJI9vU0rEbIoix46ge1h_kQ_3WqeAG8e2ctPs/edit?usp=sharing 14 October 2015 OWASP Board Meeting Minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

[https://www.owasp.org/images/e/e8/AppSecUSA2015-Report.pdf Summary Report on AppSecUSA 2015 in San Francisco]

[https://www.dropbox.com/s/yfpk4bs3mq1xhmr/OWASP%20September%202015%20Finance%20report.pptx?dl=0 Financial Summary 2015 plus Summary Forecast for 2016]

= Meeting Agenda =
== Call to Order /OWASP Mission ==
* (5 minutes) - Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed)
* (5 minutes) - Update on Board election & Welcome new attendees (5 minutes)
** [https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election#Election_Results 2015 Board Election Results]

Actionable Agenda Topics
* (5 minutes) - BenchMark Project - Any remaining action re: Company use of OWASP Logo?
** Any discussion & recommendations on updates to Project Review process
* (10 minutes) - Josh Sokol- Proposal to Eliminate "At Large" Board Positions (10 minutes)
** See [http://lists.owasp.org/pipermail/owasp-board/2015-September/016172.html this thread] for the original proposal.

Discussion Topics
* (20 minutes) - 2016 Strategic Goals
** Top 3-4 Project Priorities?
** Training/Education: What's Needed? Objective, Community Served, Output & Implementation. How do we create & motivate a working group on this?
** Advocacy & Liaison: A Priority for 2016? Use Committee 2.0 format to kick-off a task force?

* (10 minutes) - 2016 Budget Priorities based on Goals
** Update on Project & Chapter Level Budgeting - Paul
** Review 'High-Level' Snapshot of 2016 Income, less Fixed Expenses, with remaining "available operating funds" to fuel Goals and Priorities - Paul, All
** [https://www.dropbox.com/s/yfpk4bs3mq1xhmr/OWASP%20September%202015%20Finance%20report.pptx?dl=0 Financial Summary 2015 + 2016 Budget Forecast Same as link & report above]

Misc. Topics (10-15 Minutes)
* Bylaws: OK as is, or more updates proposed? Andrew, All
* Wiki Updates - Status and recommended next steps Jim M., All
* Website Initiative (Matt, 10min)
* Inclusion Initiative (Matt, 10min)
* Developer Outreach Initiative (Matt, 10min)

==Reports==
* Executive Director/Operations Update - [ October Report P.Ritchie]

** Events Manager - Laura Grau [https://www.owasp.org/images/e/e8/AppSecUSA2015-Report.pdf Summary Report AppSecUSA-San Francisco 2015]
** Community Manager Update [https://docs.google.com/a/owasp.org/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit?usp=sharing Report on 2015 Strategic Goals metrics, New Chapters, Communications] - Noreen Whysel
** Director Update - Kate Hartmann -
** Project Coordinator -Claudia Aviles Casanovas Update -
** Membership Update - [https://www.owasp.org/index.php/October_2015_Membership_Report October 2015 Membership Report]
** IT Update:

=== Community Initiative Reports ===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

== Action Items==
*
==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

November 4, 2015

2015-10-28T18:25:25Z

Tgondrom: /* Reports */ removed the role reports in favour of a item based agenda

Board

2015-10-21T18:48:13Z

Tgondrom: /* Agenda for 2015 Meetings */ adjusted meeting times to allow for more time and added placeholder if needed

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board 2015 ==

* [[User:Tgondrom|Tobias Gondrom]] - OWASP Chair - Hong Kong - tobias.gondrom(at)owasp.org
* [[User:Jsokol|Josh Sokol]] - Vice Chair - Texas, USA - josh.sokol(at)owasp.org
* [[User:Fabio.e.cerullo|Fabio Cerullo]] - Treasurer - Ireland - fcerullo(at)owasp.org
* [[Matt Konda]] - Secretary - matt.konda(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - Special Projects - San Francisco, CA USA - michael.coates(at)owasp.org
* [[Andrew van der Stock]] - Special Projects - Australia - vanderaj(at)owasp.org
* [[User:Jmanico|Jim Manico]] - Special Projects - Hawaii - jim(at)owasp.org

== OWASP Board Elections ==
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2015 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2015 Meetings ==
* [[November 4, 2015]], 12:00-13:30 PST (moved an hour earlier to allow for 90minute duration to cover more topics like goals and budget) - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=11&day=4&hour=20&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* (Placeholder for additional meeting if needed: [[November 18, 2015]], 14:00-15:30 PST - http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=11&day=18&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152)
* [[December 9, 2015]], 15:00-17:00 PST http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=12&day=9&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152
* based on past experience additional budget and goals meetings may be needed for December 2015.

== Past 2015 Meetings ==
* [[January 14, 2015]], 9am-10am PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[April 29, 2015]], 12:00-13:00 PST
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[June 24, 2015]], 14:00-15:00 PDT
* [[July 22, 2015]], 14:00-15:00 PDT
* [[August 12, 2015]], 16:00-17:00 PST
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[October 14, 2015]], 14:00-15:00 PDT

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws] 
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements] 
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents] 
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] Postponed until March 9, 2010

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Ideas from Paul =

== First suggested priority of Board ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects==
* Project Review & Project Platform - good progress, keep it going
* "more" volunteer engagement to provide more diverse review would be good.
* New Project Ideas - Where is industry going, where will it be in 5 years?
* Project Summit support & funding
* International Chapter / Region support & funding

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

October 14, 2015

2015-10-09T09:10:55Z

Tgondrom: /* Chairman's Report - Tobias Gondrom */

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[https://www.dropbox.com/s/3r1kvgds37667sb/2015-09-25%2018.23%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 25 September 2015 OWASP Board Meeting]

===Time===

Oct 14 OWASP Board meeting, Start-time is 14:00-15:00 PDT

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chairman's Report - Tobias Gondrom ===
* structuring of meetings (assign durations to each point) - 1min
* remove the section on chairman's and role reports and move to a topic based agenda (3min)
* Start of Budgeting for 2016 discussion & timeline (2min)
* start of review of Strategic Goals for 2015 and Discussion on Strategic Goals for 2016 - timeline (2min)
* evotes procedure: how many days should we wait between second of motion to give all board members time to raise discussion?

=== Vice Chairmain's Report - Josh Sokol ===
* Working on new policies to encourage spending down of chapter and project funds. Proposal under new business.
* Working on a Bylaw change to address Board member attendance policy. Proposal under new business.

=== Treasurer Report - Fabio Cerullo ===
* Paul & Fabio to review Financial report including forecast of Cash flow & cash balance to end of year.
* Discuss High Level summary of Key Funding Categories for 2016 and % Allocation as compared to 2015
** Example: Funding for Project Summit; AppSec Asia; Training/Training Curriculum program; Developer Outreach; etc.

* Topic 2

=== Secretary Report - Matt Konda ===
* Participated in Project Summit
* Working on DevOps oriented projects including:
** Tool
** Documentation
* Working on developer documentation.
* OWASP asked back to Chicago Coder Conference
* Presented at QA Testing conference and submitted for QUEST a national conference.

=== Updated from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===

* Update on bylaws - Andrew van der Stock
* Update on Education strategic goal - Andrew van der Stock
* Update on scope of wiki update project and problem - Jim Manico
* Update on project summit participation and value - Jim Manico

==Reports==
* Executive Director/Operations Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKNHlHbk5teEFQOWM/view?usp=sharing Rollup Report P.Ritchie]
** [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKT1JxNnR6SEpZSm8/view?usp=sharing Sept.2015 State of the Union-As presented at AppSecUSA-SF]
** Financial Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKYVhFZVZmSTFKdmtFMTlUeDFlaERPWDN3dVJJ/view?usp=sharing August 2015 P&L, Balance Sheet, US/EU, Detail Excel report in Accrual format]
*** [https://drive.google.com/file/d/0BxjNZI6rYJRKdW1lRjV0ZWYxSEU/view?usp=sharing Summary Financial Report P&L in ppt format]
** Community Manager Update - Noreen Whysel [https://docs.google.com/a/owasp.org/presentation/d/1t48k4vX8qy6BCvfUkfmjXDoaB4uBXF8lwWCLzucy_dA/edit?usp=sharing Strategic Goals & Metrics for Chapters / Volunteer Program & More]
** Director Update - Kate Hartmann - [https://docs.google.com/document/d/1zw0G37qWpnsgujaC1ZkM-zCn08_UifmFrBfvhM0W3Yw/edit?usp=sharing Kate Hartmann Update]
** Project Coordinator -Claudia Aviles Casanovas Update - [https://docs.google.com/a/owasp.org/presentation/d/1F-N-LDd0LWQxmbuliC21OQGxFVAsgtzeGmtMKp_AdcM/edit?usp=sharing]
** Membership Update - [https://www.owasp.org/index.php/August_2015_Membership_Report Membership Report]
** IT Update: [https://docs.google.com/a/owasp.org/document/d/19yTS4fVNllsrXrT8fc3XafuEJF0DPbhe02ZZ1XOupfs/edit?usp=sharing OWASP IT Infrastructure Fall 2015 - Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Confirm in Meeting minutes that all current board members, as well as Executive Director & Compliance Officer have completed 'Harassment Training for Supervisors' provided by Insperity, the OWASP HR/Payroll processing company. Paul R. has confirmed.

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Policy to Encourage Spending of Chapter Funds]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Board Member Attendance Policy]
** Paul Input - [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKS3RhWi1zMGNtUWs/view?usp=sharing Supplemental Proposal on Implementation of Chapter engagement in 2016 Budgeting]
* [Jim Manico] - Speaker policy stress. Need to review some situations that caused great chapter stresses.
** What about presentations that are vendor neutral but have the company name in the footer?
** What about presentations that are open source content using vendor slides?
** How much do we want to enforce this policy at the chapter level? At the regional conference level? At the national conference level?
** What about folks giving talks that use non-security vendor presentation templates?

* [Tobias Gondrom] - New Proposal: Building on Michael's and your comment about rewarding active projects. I very much like that idea! And I would have a friendly additional proposal.
** Proposal 11: Any project newly reaching lab status receives a one-time extra USD500 into their project account. Any project newly reaching flagship status receives a one-time extra USD1000 into their project account.

== Action Items==
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

October 14, 2015

2015-10-08T21:37:07Z

Tgondrom: adding new proposal to incentivise projects for reaching new status

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[https://www.dropbox.com/s/3r1kvgds37667sb/2015-09-25%2018.23%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 25 September 2015 OWASP Board Meeting]

===Time===

Oct 14 OWASP Board meeting, Start-time is 14:00-15:00 PDT

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
* Start of Budgeting for 2016 discussion
* start of review of Strategic Goals for 2015 and Discussion on Strategic Goals for 2016

=== Vice Chairmain's Report - Josh Sokol ===
* Working on new policies to encourage spending down of chapter and project funds. Proposal under new business.
* Working on a Bylaw change to address Board member attendance policy. Proposal under new business.

=== Treasurer Report - Fabio Cerullo ===
* Paul & Fabio to review Financial report including forecast of Cash flow & cash balance to end of year.
* Discuss High Level summary of Key Funding Categories for 2016 and % Allocation as compared to 2015
** Example: Funding for Project Summit; AppSec Asia; Training/Training Curriculum program; Developer Outreach; etc.

* Topic 2

=== Secretary Report - Matt Konda ===
* Participated in Project Summit
* Working on DevOps oriented projects including:
** Tool
** Documentation
* Working on developer documentation.
* OWASP asked back to Chicago Coder Conference
* Presented at QA Testing conference and submitted for QUEST a national conference.

=== Updated from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===

* Update on bylaws - Andrew van der Stock
* Update on Education strategic goal - Andrew van der Stock
* Update on scope of wiki update project and problem - Jim Manico
* Update on project summit participation and value - Jim Manico

==Reports==
* Executive Director/Operations Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKNHlHbk5teEFQOWM/view?usp=sharing Rollup Report P.Ritchie]
** [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKT1JxNnR6SEpZSm8/view?usp=sharing Sept.2015 State of the Union-As presented at AppSecUSA-SF]
** Financial Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKYVhFZVZmSTFKdmtFMTlUeDFlaERPWDN3dVJJ/view?usp=sharing August 2015 P&L, Balance Sheet, US/EU, Detail Excel report in Accrual format]
*** [https://drive.google.com/file/d/0BxjNZI6rYJRKdW1lRjV0ZWYxSEU/view?usp=sharing Summary Financial Report P&L in ppt format]
** Community Manager Update - Noreen Whysel [https://docs.google.com/a/owasp.org/presentation/d/1t48k4vX8qy6BCvfUkfmjXDoaB4uBXF8lwWCLzucy_dA/edit?usp=sharing Strategic Goals & Metrics for Chapters / Volunteer Program & More]
** Director Update - Kate Hartmann - [https://docs.google.com/document/d/1zw0G37qWpnsgujaC1ZkM-zCn08_UifmFrBfvhM0W3Yw/edit?usp=sharing Kate Hartmann Update]
** Project Coordinator -Claudia Aviles Casanovas Update - [https://docs.google.com/a/owasp.org/presentation/d/1F-N-LDd0LWQxmbuliC21OQGxFVAsgtzeGmtMKp_AdcM/edit?usp=sharing]
** Membership Update - [https://www.owasp.org/index.php/August_2015_Membership_Report Membership Report]
** IT Update: [https://docs.google.com/a/owasp.org/document/d/19yTS4fVNllsrXrT8fc3XafuEJF0DPbhe02ZZ1XOupfs/edit?usp=sharing OWASP IT Infrastructure Fall 2015 - Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Confirm in Meeting minutes that all current board members, as well as Executive Director & Compliance Officer have completed 'Harassment Training for Supervisors' provided by Insperity, the OWASP HR/Payroll processing company. Paul R. has confirmed.

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Policy to Encourage Spending of Chapter Funds]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Board Member Attendance Policy]
** Paul Input - [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKS3RhWi1zMGNtUWs/view?usp=sharing Supplemental Proposal on Implementation of Chapter engagement in 2016 Budgeting]
* [Jim Manico] - Speaker policy stress. Need to review some situations that caused great chapter stresses.
** What about presentations that are vendor neutral but have the company name in the footer?
** What about presentations that are open source content using vendor slides?
** How much do we want to enforce this policy at the chapter level? At the regional conference level? At the national conference level?
** What about folks giving talks that use non-security vendor presentation templates?

* [Tobias Gondrom] - New Proposal: Building on Michael's and your comment about rewarding active projects. I very much like that idea! And I would have a friendly additional proposal.
** Proposal 11: Any project newly reaching lab status receives a one-time extra USD500 into their project account. Any project newly reaching flagship status receives a one-time extra USD1000 into their project account.

== Action Items==
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

October 14, 2015

2015-10-08T19:20:38Z

Tgondrom: new board meeting agenda for Oct 14

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[https://www.dropbox.com/s/3r1kvgds37667sb/2015-09-25%2018.23%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 25 September 2015 OWASP Board Meeting]

===Time===

Oct 14 OWASP Board meeting, Start-time is 14:00-15:00 PDT

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
* Start of Budgeting for 2016 discussion
* start of review of Strategic Goals for 2015 and Discussion on Strategic Goals for 2016

=== Vice Chairmain's Report - Josh Sokol ===
* Working on new policies to encourage spending down of chapter and project funds. Proposal under new business.
* Working on a Bylaw change to address Board member attendance policy. Proposal under new business.

=== Treasurer Report - Fabio Cerullo ===
* Paul & Fabio to review Financial report including forecast of Cash flow & cash balance to end of year.
* Discuss High Level summary of Key Funding Categories for 2016 and % Allocation as compared to 2015
** Example: Funding for Project Summit; AppSec Asia; Training/Training Curriculum program; Developer Outreach; etc.

* Topic 2

=== Secretary Report - Matt Konda ===
* Participated in Project Summit
* Working on DevOps oriented projects including:
** Tool
** Documentation
* Working on developer documentation.
* OWASP asked back to Chicago Coder Conference
* Presented at QA Testing conference and submitted for QUEST a national conference.

=== Updated from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===

* Update on bylaws - Andrew van der Stock
* Update on Education strategic goal - Andrew van der Stock

==Reports==
* Executive Director/Operations Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKNHlHbk5teEFQOWM/view?usp=sharing Rollup Report P.Ritchie]
** [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKT1JxNnR6SEpZSm8/view?usp=sharing Sept.2015 State of the Union-As presented at AppSecUSA-SF]
** Financial Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKYVhFZVZmSTFKdmtFMTlUeDFlaERPWDN3dVJJ/view?usp=sharing August 2015 P&L, Balance Sheet, US/EU, Detail Excel report in Accrual format]
*** [https://drive.google.com/file/d/0BxjNZI6rYJRKdW1lRjV0ZWYxSEU/view?usp=sharing Summary Financial Report P&L in ppt format]
** Community Manager Update - Noreen Whysel [https://docs.google.com/a/owasp.org/presentation/d/1t48k4vX8qy6BCvfUkfmjXDoaB4uBXF8lwWCLzucy_dA/edit?usp=sharing Strategic Goals & Metrics for Chapters / Volunteer Program & More]
** Director Update - Kate Hartmann - [https://docs.google.com/document/d/1zw0G37qWpnsgujaC1ZkM-zCn08_UifmFrBfvhM0W3Yw/edit?usp=sharing Kate Hartmann Update]
** Project Coordinator -Claudia Aviles Casanovas Update - [https://docs.google.com/a/owasp.org/presentation/d/1F-N-LDd0LWQxmbuliC21OQGxFVAsgtzeGmtMKp_AdcM/edit?usp=sharing]
** Membership Update - [https://www.owasp.org/index.php/August_2015_Membership_Report Membership Report]
** IT Update: [https://docs.google.com/a/owasp.org/document/d/19yTS4fVNllsrXrT8fc3XafuEJF0DPbhe02ZZ1XOupfs/edit?usp=sharing OWASP IT Infrastructure Fall 2015 - Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Confirm in Meeting minutes that all current board members, as well as Executive Director & Compliance Officer have completed 'Harassment Training for Supervisors' provided by Insperity, the OWASP HR/Payroll processing company. Paul R. has confirmed.

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Policy to Encourage Spending of Chapter Funds]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Board Member Attendance Policy]
** Paul Input - [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKS3RhWi1zMGNtUWs/view?usp=sharing Supplemental Proposal on Implementation of Chapter engagement in 2016 Budgeting]
* [Jim Manico] - Speaker policy stress. Need to review some situations that caused great chapter stresses.
** What about presentations that are vendor neutral but have the company name in the footer?
** What about presentations that are open source content using vendor slides?
** How much do we want to enforce this policy at the chapter level? At the regional conference level? At the national conference level?
** What about folks giving talks that use non-security vendor presentation templates?

== Action Items==
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

September 25, 2015

2015-09-25T23:51:47Z

Tgondrom: /* Chairmain's Report - Tobias Gondrom */

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[link:addme Meeting Recording]

===Time===

Sept. 25 OWASP Board meeting, Start-time is 18:00 Pacific Time.

===Location===

Sept. 25 OWASP Board meeting is face-to-face meeting located at the Hyatt Regency Hotel in San Francisco.

Meeting Room is Room A - Pacific Level.

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
[link:addme Meeting Minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
* brief status update on chairman activities the past 9 months (ED 1x1 calls, ...) (2min)

=== Vice Chairmain's Report - Josh Sokol ===
* Working on new policies to encourage spending down of chapter and project funds. Proposal under new business.
* Working on a Bylaw change to address Board member attendance policy. Proposal under new business.

=== Treasurer Report - Fabio Cerullo ===
* Paul & Fabio to review Financial report including forecast of Cash flow & cash balance to end of year.
* Discuss High Level summary of Key Funding Categories for 2016 and % Allocation as compared to 2015
** Example: Funding for Project Summit; AppSec Asia; Training/Training Curriculum program; Developer Outreach; etc.

* Topic 2

=== Secretary Report - Matt Konda ===
*

=== Updated from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===

* Update on bylaws - Andrew van der Stock
* Update on Education strategic goal - Andrew van der Stock

==Reports==
* Executive Director/Operations Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKNHlHbk5teEFQOWM/view?usp=sharing Rollup Report P.Ritchie]
** [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKT1JxNnR6SEpZSm8/view?usp=sharing Sept.2015 State of the Union-As presented at AppSecUSA-SF]
** Financial Update - [https://drive.google.com/file/d/0BxjNZI6rYJRKYVhFZVZmSTFKdmtFMTlUeDFlaERPWDN3dVJJ/view?usp=sharing August 2015 P&L, Balance Sheet, US/EU, Detail Excel report in Accrual format]
*** [https://drive.google.com/file/d/0BxjNZI6rYJRKdW1lRjV0ZWYxSEU/view?usp=sharing Summary Financial Report P&L in ppt format]
** Community Manager Update - Noreen Whysel [https://docs.google.com/a/owasp.org/presentation/d/1t48k4vX8qy6BCvfUkfmjXDoaB4uBXF8lwWCLzucy_dA/edit?usp=sharing Strategic Goals & Metrics for Chapters / Volunteer Program & More]
** Director Update - Kate Hartmann - [https://docs.google.com/document/d/1zw0G37qWpnsgujaC1ZkM-zCn08_UifmFrBfvhM0W3Yw/edit?usp=sharing Kate Hartmann Update]
** Project Coordinator -Claudia Aviles Casanovas Update - [https://docs.google.com/a/owasp.org/presentation/d/1F-N-LDd0LWQxmbuliC21OQGxFVAsgtzeGmtMKp_AdcM/edit?usp=sharing]
** Membership Update - [https://www.owasp.org/index.php/August_2015_Membership_Report Membership Report]
** IT Update: [https://docs.google.com/a/owasp.org/document/d/19yTS4fVNllsrXrT8fc3XafuEJF0DPbhe02ZZ1XOupfs/edit?usp=sharing OWASP IT Infrastructure Fall 2015 - Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Confirm in Meeting minutes that all current board members, as well as Executive Director & Compliance Officer have completed 'Harassment Training for Supervisors' provided by Insperity, the OWASP HR/Payroll processing company. Paul R. has confirmed.

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Policy to Encourage Spending of Chapter Funds]
* [Josh Sokol] - [https://www.evernote.com/l/AD9k8Mj8VAdOxLURsbEmDNCN0NR4JrprZNo Board Member Attendance Policy]
** Paul Input - [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKS3RhWi1zMGNtUWs/view?usp=sharing Supplemental Proposal on Implementation of Chapter engagement in 2016 Budgeting]
* [Jim Manico] - Speaker policy stress. Need to review some situations that caused great chapter stresses.
** What about presentations that are vendor neutral but have the company name in the footer?
** What about presentations that are open source content using vendor slides?
** How much do we want to enforce this policy at the chapter level? At the regional conference level? At the national conference level?
** What about folks giving talks that use non-security vendor presentation templates?
* [Martin Knobloch] - Compliance Officer update
** current complaints update, (board only)
** overview current complaints
** open issues past complaints
** Compliance Officer for 2016
* [Josh Sokol] - Abusive activities on OWASP mailing lists (PRIVATE SESSION)

== Action Items==
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

Board

2015-07-25T07:58:13Z

Tgondrom: /* Upcoming 2015 Meetings */

Talk:Women In AppSec

2015-06-21T19:44:22Z

Tgondrom: please add winners from Women in AppSec in 2014

we need to add the winners from Women in AppSec 2014. From APAC, EU and US.
Best regards, Tobias

June 24, 2015

2015-06-18T17:08:37Z

Tgondrom: /* Time */ updated time

Board

2015-06-18T17:08:10Z

Tgondrom: /* Upcoming 2015 Meetings */ changed time of board meeting to allow for better particiaption through Australia

Insufficient Session-ID Length

2015-06-13T11:10:33Z

Tgondrom:

{{Template:Vulnerability}}
{{Template:Fortify}}

Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]

==Description==

Session identifiers should be at least 128 bits long to prevent brute-force session guessing attacks.

The WebLogic deployment descriptor should specify a session identifier length of at least 128 bits. A shorter session identifier leaves the application open to brute-force session guessing attacks. If an attacker can guess an authenticated user's session identifier, he can take over the user's session. The remainder of this explanation will detail a back-of-the-envelope justification for a 128 bit session identifier.

The expected number of seconds required to guess a valid session identifier is given by the equation:

[[image:session_id_guessing.gif]]

Where:

*B is the number of bits of entropy in the session identifier
*A is the number of guesses an attacker can try each second
*S is the number of valid session identifiers that are valid and available to be guessed at any given time

The number of bits of entropy in the session identifier is always less than the total number of bits in the session identifier. For example, if session identifiers were provided in ascending order, there would be close to zero bits of entropy in the session identifier no matter the identifier's length. Assuming that the session identifiers are being generated using a good source of random numbers, we will estimate the number of bits of entropy in a session identifier to be half the total number of bits in the session identifier. For realistic identifier lengths this is possible, though perhaps optimistic.

If attackers use a botnet with hundreds or thousands of drone computers, it is reasonable to assume that they could attempt tens of thousands of guesses per second. If the web site in question is large and popular, a high volume of guessing might go unnoticed for some time.

A lower bound on the number of valid session identifiers that are available to be guessed is the number of users that are active on a site at any given moment. However, any users that abandon their sessions without logging out will increase this number. (This is one of many good reasons to have a short inactive session timeout.)

With a 64 bit session identifier, assume 32 bits of entropy. For a large web site, assume that the attacker can try 1,000 guesses per second and that there are 10,000 valid session identifiers at any given moment. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is about 7 minutes. (32bit = 4294967296 / 10.000 = 429496. At 1000 attempts per second that is 429 seconds or 7.15 minutes.)

Now assume a 128 bit session identifier that provides 64 bits of entropy. With a very large web site, an attacker might try 10,000 guesses per second with 100,000 valid session identifiers available to be guessed. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is greater than 292 years.

==Risk Factors==

* Attackers that are try to obtain a valid session ID for [[Session hijacking attack|Session hijacking]].

==Examples==

===Short example name===
: A short example description, small picture, or sample code with [http://www.site.com links]

===Short example name===
: A short example description, small picture, or sample code with [http://www.site.com links]

==Related [[Attacks]]==

* [[Brute force attack]]

==Related [[Vulnerabilities]]==

[[Category:FIXME|link doesn't exist

* Insufficient cryptographic key length]]

==Related [[Controls]]==

* [[:Category:Session Management]]

==Related [[Technical Impacts]]==

* [[Technical Impact 1]]
* [[Technical Impact 2]]

==References==
TBD

__NOTOC__

[[Category:OWASP ASDR Project]]
[[Category:Deployment]]
[[Category:Java]]
[[Category:Environmental Vulnerability]]
[[Category:Session Management Vulnerability]]
[[Category:Cryptographic Vulnerability]]

[[Category:FIXME|link doesn't exist

Category:WebLogic]]

Insufficient Session-ID Length

2015-06-13T11:10:11Z

Tgondrom: corrected maths for session brute force attack at 32 bits

{{Template:Vulnerability}}
{{Template:Fortify}}

Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]

==Description==

Session identifiers should be at least 128 bits long to prevent brute-force session guessing attacks.

The WebLogic deployment descriptor should specify a session identifier length of at least 128 bits. A shorter session identifier leaves the application open to brute-force session guessing attacks. If an attacker can guess an authenticated user's session identifier, he can take over the user's session. The remainder of this explanation will detail a back-of-the-envelope justification for a 128 bit session identifier.

The expected number of seconds required to guess a valid session identifier is given by the equation:

[[image:session_id_guessing.gif]]

Where:

*B is the number of bits of entropy in the session identifier
*A is the number of guesses an attacker can try each second
*S is the number of valid session identifiers that are valid and available to be guessed at any given time

The number of bits of entropy in the session identifier is always less than the total number of bits in the session identifier. For example, if session identifiers were provided in ascending order, there would be close to zero bits of entropy in the session identifier no matter the identifier's length. Assuming that the session identifiers are being generated using a good source of random numbers, we will estimate the number of bits of entropy in a session identifier to be half the total number of bits in the session identifier. For realistic identifier lengths this is possible, though perhaps optimistic.

If attackers use a botnet with hundreds or thousands of drone computers, it is reasonable to assume that they could attempt tens of thousands of guesses per second. If the web site in question is large and popular, a high volume of guessing might go unnoticed for some time.

A lower bound on the number of valid session identifiers that are available to be guessed is the number of users that are active on a site at any given moment. However, any users that abandon their sessions without logging out will increase this number. (This is one of many good reasons to have a short inactive session timeout.)

With a 64 bit session identifier, assume 32 bits of entropy. For a large web site, assume that the attacker can try 1,000 guesses per second and that there are 10,000 valid session identifiers at any given moment. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is less than 7 minutes. (32bit = 4294967296 / 10.000 = 429496. At 1000 attempts per second that is 429 seconds or 7.15 minutes.)

Now assume a 128 bit session identifier that provides 64 bits of entropy. With a very large web site, an attacker might try 10,000 guesses per second with 100,000 valid session identifiers available to be guessed. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is greater than 292 years.

==Risk Factors==

* Attackers that are try to obtain a valid session ID for [[Session hijacking attack|Session hijacking]].

==Examples==

===Short example name===
: A short example description, small picture, or sample code with [http://www.site.com links]

===Short example name===
: A short example description, small picture, or sample code with [http://www.site.com links]

==Related [[Attacks]]==

* [[Brute force attack]]

==Related [[Vulnerabilities]]==

[[Category:FIXME|link doesn't exist

* Insufficient cryptographic key length]]

==Related [[Controls]]==

* [[:Category:Session Management]]

==Related [[Technical Impacts]]==

* [[Technical Impact 1]]
* [[Technical Impact 2]]

==References==
TBD

__NOTOC__

[[Category:OWASP ASDR Project]]
[[Category:Deployment]]
[[Category:Java]]
[[Category:Environmental Vulnerability]]
[[Category:Session Management Vulnerability]]
[[Category:Cryptographic Vulnerability]]

[[Category:FIXME|link doesn't exist

Category:WebLogic]]

June 24, 2015

2015-06-09T23:47:02Z

Tgondrom: Tgondrom moved page June 14, 2015 to June 24, 2015: typo

June 14, 2015

2015-06-09T23:47:02Z

Tgondrom: Tgondrom moved page June 14, 2015 to June 24, 2015: typo

#REDIRECT [[June 24, 2015]]

Board

2015-06-09T23:43:21Z

Tgondrom: /* Upcoming 2015 Meetings */ corrected type to June-24

June 24, 2015

2015-05-31T19:35:44Z

Tgondrom: /* New Business */ hire technical editor

June 24, 2015

2015-05-31T17:17:53Z

Tgondrom: /* New Business */ added RSA topic

May 22, 2015

2015-05-22T16:13:38Z

Tgondrom: /* New Business */

May 22, 2015

2015-05-22T12:09:21Z

Tgondrom: /* New Business */ added strategic goals item - next steps

About OWASP/HR

2015-05-19T19:48:02Z

Tgondrom: /* Interim Executive Director: Paul Ritchie */ updated

<noinclude>==Employees and Contractors of the OWASP Foundation==</noinclude>

[[Image:PaulR.jpg|120 px|left]]

==== Executive Director: [https://www.owasp.org/index.php/User:Paul_Ritchie Paul Ritchie]====
* Based in California - USA
 

[[Image:Owasp_logo_icon.jpg|120 px|left]]

====Operations Director: [https://www.owasp.org/index.php/User:Kate_Hartmann Kate Hartmann]====
* Based in Maryland - USA
* Key areas of responsibility: general community requests, data management, event registration admin, community newsletter
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Operations_Director OWASP Operations Director]
 

[[Image:Profile_Pic.png|140 px|left]]
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====
* Based in New Jersey - USA
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]
 

[[Image:Owasp_logo_icon.jpg|120 px|left]]
====Accounting: [https://www.owasp.org/index.php/User:Alison_McNamee Alison Shrader]====
* Based in Maryland - USA
* Key areas of responsibility: bookkeeping and account management, payments (incoming and outgoing)
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Finance_and_Accounting OWASP Accounting]
 

[[Image:LauraGrau.JPG|120 px|left]]
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====
* Based in Bay Area, California - USA
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]
 

[[Image:Noreen-whysel.jpg|120 px|left]]

====Community Manager: [https://www.owasp.org/index.php/User:Nwhysel Noreen Whysel]====
* Based in New York City - USA
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world.
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]
 

[[Image:Matt-Tesauro.png|120 px|left]]

====IT Admin: [https://www.owasp.org/index.php/User:Mtesauro Matt Tesauro] (Contractor)====
* Based in Texas - USA
* Key areas of responsibility: Domain name and server admin, mediawiki and mailman support, documentation of foundation technical workflows
* Job Description: [https://www.owasp.org/index.php/ITSupport IT Administrator]
 

[[Image:HugoCosta.jpg|120 px|left]]
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====
* Based in Portugal
* Key areas of responsibility: Graphic Design
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]

<noinclude> 

==OWASP HR Resources==
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]

</noinclude>

Board

2015-05-17T17:37:06Z

Tgondrom: /* Agenda for 2015 Meetings */ added past meetings for the record.

OWASP Board Votes

2015-05-06T19:32:04Z

Tgondrom: added vote to hire our ED

For context of the meetings and mins., if available see https://www.owasp.org/index.php/OWASP_Board_Meetings and pick the date of the meeting

==== Voting Records ====
{| class="prettytable"
! width="8%"| Date vote proposed
! width="50%"| Details on item for proposed vote - 7 person board, 4 to pass
! width="13%"| Affirm
! width="13%"| Abstain/Against
! width="8%"| Pass/Fail
! width="8%"|Decision Date
|-
| May 5, 2015
| Motion: Should Bylaws be updated in Section 3.03-Regular Meetings with clarifying language about 75% attendance requirements as proposed by Bill Corry. Yes, or No? Motion by Josh, seconded by Jim. Exact language posted to May 22 Board minutes.
| E-Vote performed via email. All 7 Board Members consent to evote & all 7 vote Yes. Motion passes.
| Against: None
| Pass
| May 5, 2015
|-

| Apr 29, 2015
| Motion: Approve Minutes from March 25 Board meeting Yes, or No? Motion by Tobias, seconded by Josh.
| Motion passes with 6 approvals. 6 Board members in attendance.
| Against: None
| Pass
| Apr 29, 2015
|-
| Apr 29, 2015
| Motion: Approve the appointment of Martin as Compliance Officer for 2015. Yes, or No? Motion by Josh, seconded by Jim.
| Motion passes with 6 approvals. 6 Board members in attendance.
| Against: None
| Pass
| Apr 29, 2015
|-
| Apr 29, 2015
| Motion: Should Board approve the updated proposal on process and funding for a Summer of Cord program? Yes, or No? Motion by Fabio to call the vote, seconded by Matt.
| Motion passes by majority vote with 3 approvals, 2 against. Quorum present with 5 Board members in attendance.
| Against: Two
| Pass = Yes
| Apr 29, 2015
|-
| Apr 7, 2015
| Motion: Hire Paul Ritchie as our full-time Executive Director and approve a formal offer to hire him.
| Motion passes per evote (via email) with 7 approvals.
| Against: None
| Pass
| Apr 7, 2015
|-
| Mar. 25, 2015
| Motion: Allow Corporate Members to make or change their allocations to Project or Chapter from their annual membership fees on an annual basis. Current policy is static or fixed for 3 year term. Yes, or No? Motion by Josh, seconded by Jim.
| Motion passes with 6 approvals
| Against: None
| Pass
| Mar. 25 2015
|-
| Mar. 25, 2015
| Motion: Should OWASP enter into an agreement directly with Insperity to provide payroll and HR services to OWASP employees? Motion by Josh, seconded by Jim.
| Motion passes with 6 approvals
| Against: None
| Pass
| Mar. 25 2015
|-
|-
| Mar. 25, 2015
| Motion: HR and Payroll administration to be handled by OWASP Staff rather than 3rd party Association Mgmt firm now that Insperity contract is direct with OWASP, Yes or No? Motion by Josh, seconded by Michael.
| Motion passes with 6 approvals
| Against: None
| Pass
| Mar. 25 2015
|-
| Mar. 25, 2015
| Motion to approve February 11 2015 Board meeting minutes. Motion by Jim, seconded by Michael.
| Motion passes with 6 approvals
| Against: None
| Pass
| Mar. 25 2015
|-

|-
| Jan. 21, 2015
| Motion to approve 1 month extension for Executive Director services, Feb. 1-28, 2015. Motion by Tobias, seconded by Jim. Vote conducted via email.
| Motion passes with 7 approvals
| Against: None
| Pass
| Jan. 28, 2015
|-
| Jan. 14, 2015
| Motion to approve Dec.10,2014 Board meeting minutes. Motion by Tobias, seconded by Josh.
| Motion passes with 6 approvals
| Against: None, Fabio arrived late
| Pass
| Jan. 14, 2015
|-
| Jan. 14, 2015
| Motion to accept officer positions for 2015 as voted on during December. Outgoing Board member Eoin provided conducted the selection process. Motion by Tobias, seconded by Matt
| Motion passes with 6 approvals
| Against: None, Fabio arrived late
| Pass
| Jan. 14, 2015
|-
| Dec. 10, 2014
| Motion to hold separate meeting on 2015 Strategic Goals & budget to allow greater time for discussion. Motion by Tobias, seconded by Josh.
| Motion passes with 6 approvals
| Against: None, Tom absent
| Pass
| Dec. 10, 2014
|-
| Dec. 10, 2014
| Motion to approve the updated Whistleblower policy. Motion by Josh, seconded by Tobias.
| Motion passes with 6 approvals
| Against: None, Tom absent
| Pass
| Dec. 10, 2014
|-
| Dec. 10, 2014
| Motion (Michael) to approve all three sets of Board meeting minutes (September, October and November 2014). Seconded (Tom).
| Motion passes with full approval
| Against: None
| Pass
| Dec. 10, 2014
|-
| Nov. 12, 2014
| Motion to approve 2013 Tax Forms as prepared by KPMG and to authorize KPMG to e-file tax forms on OWASP behalf. (Motion by Josh, Second by Tobias)
| Jim, Josh, Tom, Tobias
| Against: none (only 4 Members attending)
| Pass
| Nov. 12, 2014
|-
| Oct. 8, 2014
| Motion to approve Projects Committee 2.0 (Motion by Josh, Second by Jim)
| Jim, Josh, Michael, Fabio, Tobias
| Against: none (only 5 Members attending)
| Pass
| Oct. 8, 2014
|-
| Sept 16, 2014
|Motion to change profit split for Local & Regional Events to 90% Chapter / 10% Foundation - no cap - beginning 2015 (Motion by Josh, second Jim)
| Josh, Jim, Tom, Tobias
|Against: Michael, Fabio. Abstain: Eoin
|Pass - This motion now supercedes and replaces the prior approved motion at 75/25 split.
| Sept. 16, 2014
|-
| Sept 16, 2014
|Motion to change profit split for Local & Regional Events to 75% Chapter / 25% Foundation - no cap - beginning 2015 (Motion by Tom, second Fabio)
|Fabio, Michael, Eoin, Tom
|Against: Josh, Jim, Tobias
|Pass
| Sept. 16, 2014
|-
| Sept 16, 2014
|Motion to allocate $12,000 of Community Engagement funds for 2014 AsiaPac Tour (Motion by Jim, second Tobias)
|Fabio, Michael, Tobias, Jim, Eoin
|Against: Josh,Tom
|Pass
| Sept. 16, 2014
|-
| Sept 16, 2014
|Motion to proceed forward with Committee 2.0 process for Project Committee as proposed by Johanna. (Motion by Tobias, second Jim)
| All
|Against: none
|Pass by unanimous consent
| Sept. 16, 2014
|-
| Sept 16, 2014
| Issue: Should OWASP consider providing shared hosting to some set of projects or chapters. How to handle requests for sub-domains? '''Motion''' - All owasp.org subdomains that do exist will be on owasp foundation controlled servers. (Motion by Josh, second Tom)
| All
|Against: none
|Pass by unanimous consent
| Sept. 16, 2014
|-
| August 13, 2014
| Motion - Board to authorize Paul Ritchie, OWASP Interim Executive Director to have Executive Director duties for financial oversight including review, approve, signature authority and release of funds for various financial obligations in accordance with the OWASP accounting & signatory policies. (Motion by Jim, second by Tobias)
| Jim, Michael, Eoin, Tom, Fabio, Tobias
| Against: none (6 members attending)
| Pass
| August 13, 2014
|-
| July 11, 2014
| Motion to establish committees 2.0 (link to the document: [https://www.owasp.org/index.php/Governance/OWASP_Committees OWASP Committees]), to reestablish committees and empower the community. (Motion by Josh, Second by Michael)
| Josh, Michael, Jim, Eoin, Fabio
| Against: Tobias, Tom
| Pass
| July 18, 2014
|-
| April 30, 2014
| Motion to demote all OWASP flagship projects to labs as an interim step in reevaluating project status and infrastructure.
| Josh, Tom, Jim, Tobias, Michael
| -
| Pass
| April 30, 2014
|-
| April 30, 2014
| Motion to move forward with using KPMG for international accounting, including engagement for the Belgian entity taxes and advice
| Josh, Tom, Eoin, Jim, Tobias, Michael
| -
| Pass
| April 30, 2014
|-
| April 30, 2014
| Motion to turn off the community (social media) functionality of the portal (not the portal itself), initiate a plan of requirements and research for social engagement by the community
| Josh, Tom, Eoin, Jim, Tobias
| Michael
| Pass
| April 30, 2014
|-
|March 3, 2014
|[http://lists.owasp.org/pipermail/owasp-board/2014-March/013310.html Proposal: Add a new section to the OWASP Bylaws.]
SECTION 4.07 Participation. Participation in OWASP activities (conferences, meetings, mailings lists, projects, etc) does not require membership, but is subject to adherence to the OWASP Code of Ethics, and OWASP leaders may revoke the privilege of participation to those who choose not to abide by that code. Notification of such a revocation must be made to the individual in writing, with the OWASP Board of Directors CC’d for inclusion in the Foundation records. If an individual believes that this revocation is unjustified, then they have the option to appeal the decision by notifying the OWASP Board of Directors in writing within 14 days of the original notification.
| Michael, Josh, Tom, Eoin, Jim, Tobias, Fabio
| -
| Pass
| March 31, 2014
|-
|February 24, 2014
|[https://docs.google.com/a/owasp.org/document/d/1KFYa4r6mMFbUWEfe0C3lDHe3j051paEze0toAgliavs/edit Motion to modify the OWASP Bylaws section 4.02 to include in good-standing subject to our code of ethics”]
| Michael, Josh, Tom, Eoin, Jim, Tobias
| Fabio (no vote received)
| Pass
| February 24, 2014
|-
|February 24, 2014
|[https://docs.google.com/a/owasp.org/document/d/1KFYa4r6mMFbUWEfe0C3lDHe3j051paEze0toAgliavs/edit Motion to modify all public facing text regarding the Google Hacking Inquiry]
| Michael, Josh, Tom, Fabio, Eoin, Jim, Tobias
| -
| Pass
| February 24, 2014
|-
|February 24, 2014
|[https://www.owasp.org/index.php/OWASP_Strategic_Goals#tab=2014 2014 OWASP Foundation Strategic Goals]
| Michael, Josh, Tom, Fabio, Eoin, Jim, Tobias
| -
| Pass
| February 24, 2014
|-
|January 27, 2014
|"Shall OWASP release the proposed statement?"
[[OWASP Statement on the Security of the Internet 2014]]
(Yes/Affirm or No/Against)
| Michael, Josh, Tom, Fabio, Eoin, Jim, Tobias
| -
| Pass
| January 27th (6 votes cast) - February 2nd (1 remaining vote cast), 2014
|-
|January 7, 2014
|OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
This may place our training at risk, but if permitted we will still provide the free training at RSA and the OWASP speaking slot. [http://lists.owasp.org/pipermail/owasp-board/2014-January/012919.html vote on mailing list]
(Yes/Affirm or No/Against)
|Michael, Josh, Tobias
| No - Tom, Fabio Abstain - Eoin, Jim
| Pass
| January 7, 2014
|-
|December 16, 2013
|Compliance Officer per [https://www.owasp.org/index.php/Governance/Whistleblower_Policy Whistleblower Policy] for 2014 - Martin Knobloch, [http://lists.owasp.org/pipermail/owasp-board/2013-December/012790.html vote on mailing list]
|Tom, Seba, Dave, Michael, Jim, Eoin
|
| Pass (Unanimous)
|December 29, 2013
|-
|December 16, 2013
|[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=drive_web#gid=0 Approval of 2014 Annual Foundation Budget]
| Seba, Dave, Michael, Jim, Eoin
| No vote received: Tom
| Pass
|December 17, 2013
|-
|December 13, 2013
|[https://docs.google.com/a/owasp.org/document/d/1yDTFCdmmZN3t732sqHTOFHMhQrXgUC46YbgDhGROcXM/edit Vote to approve going forward with Fonteva Member Nation Portal Proposal]
| Seba, Dave, Michael, Jim, Tom
| No vote received: Eoin
| Pass
|December 16, 2013
|-
|December 9, 2013
|[https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit Grant Spending Policy]
| Seba, Jim, Tom, Michael
| No vote received: Dave, Eoin
|Pass
|December 9, 2013
|-
|December 9, 2013
|[https://docs.google.com/a/owasp.org/document/d/15XuKIezpBpNH4BQYwSJ8i9125ga8IBE0IpvkO14RukI/edit Project Spending Policy]
| Seba, Jim, Tom, Michael
| No vote received: Dave, Eoin
|Pass
|December 9, 2013
|-
|December 9, 2013
|[https://docs.google.com/a/owasp.org/document/d/1ADEy8NhgIqi5vyV0JSvOfeIqfIRQSzlOCLCmhEuPAWA/edit New Project Sponsorship Model]
| Seba, Jim, Tom, Michael
| No vote received: Dave, Eoin
|Pass
|December 9, 2013
|-
|December 9, 2013
|[https://www.owasp.org/index.php/Governance/CorporateSponsorship Tiered Corporate Membership Model]
| Seba, Jim, Tom, Michael
| No vote received: Dave, Eoin
|Pass
|December 9, 2013
|-
|October 30, 2013
|[https://www.owasp.org/index.php/Governance/Board_Commitment_Agreement Board Orientation Agreement] and [https://www.owasp.org/index.php/Governance/Board_Code_of_Conduct Board Code of Conduct]
| Tom, Jim, Seba, Michael, Eoin
| No vote received: Dave
|Pass
|November 8, 2013
|-
|October 30, 2013
|[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower and Anti-Retaliation Policy]
| Tom, Jim, Seba, Michael, Dave, Eoin
|
|Pass
|November 5, 2013
|-
|October 30, 2013
|[https://www.owasp.org/index.php/Governance/Social_Media_Policy OWASP Social Media Policy]
| Tom, Jim, Seba, Eoin, Michael, Dave
|
|Pass
|November 4, 2013
|-
|October 30, 2013
|[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire] - applying to Global Board Members and Employees
|Tom, Jim, Michael, Seba, Eoin, Dave
|
|Pass
|November 4, 2013
|-
|August 19, 2013
|OWASP Board Size: OWASP bylaws specify the board must be between 5 and 7 members. Vote to extend to 7 members. The 2013 election will now seat 4 spots instead of 3. The newly elected board members will begin their terms Jan 1, 2014.[https://docs.google.com/a/owasp.org/document/d/1cYsp608TDiNfdLv60mePuCjC412oz_MJSIzFEuQED6w/edit Meeting Minutes]
|Tom, Jim, Michael, Seba, Eoin, Dave
|
|Pass
|August 19, 2013
|-
|August 19, 2013
|OWASP Board Meetings and Attendance Requirements: OWASP Board of Directors will hold quarterly board meetings lasting 4-6 hours each. The schedule of meetings will be set by the board in December before the year. It is likely the the board meetings will take place on Saturdays or on a dedicated day before a large OWASP conference. This change is a result of the success of the longer format board meeting and also a result of the Executive Director role that has enabled full time involvement and focus on OWASP operations. Board members must attend (in person or virtually) 3 of the 4 meetings to fulfill the attendance requirements. This will take effect in January, 2014.[https://docs.google.com/a/owasp.org/document/d/1cYsp608TDiNfdLv60mePuCjC412oz_MJSIzFEuQED6w/edit Meeting Minutes]
|Tom, Jim, Michael, Seba, Eoin, Dave
|
|Pass
|August 19, 2013
|-
|August 19, 2013
|Vote for OWASP Board Onboarding Process: An official board orientation set of documents will be created that includes a stated conflict of interest policy (in addition to what we have in the bylaws), 2 required reading short books on non-profit foundations, requirement to read previous financial reports and 990, and links to our to-be created governance page. All board members will sign and acknowledge completion of the orientation by Jan 1, 2014. New board members to sign by January 1 (following their election), and subject to disciplinary action if not completed by February 1. Board members will not be allowed to participate in Board votes until acknowledgement is signed. [https://docs.google.com/a/owasp.org/document/d/1cYsp608TDiNfdLv60mePuCjC412oz_MJSIzFEuQED6w/edit Meeting Minutes]
|Tom, Jim, Michael, Seba, Eoin, Dave
|
|Pass
|August 19, 2013
|-
|May 13, 2013
|Vote to make all board terms 1 year and all candidates and board members run for a specific position (President, VP, Secretary, Treasurer, (2) Member at large as outlined of the responsibilities of the bylaws. [https://docs.google.com/a/owasp.org/document/d/1n9hAtbRyCgH5iMGyC-Uih6ZZoW2Kn0VYafEobVehJhk/edit Motion] [https://docs.google.com/a/owasp.org/document/d/1jCQYmc-NC5L_JVLsx3INrCrM_iacE9ujhH0Nf6iriXw/edit June 10, 2013 Board Meeting Minutes].
|Tom
|Jim, Michael, Seba, Eoin, Dave
|Fail
|June 10, 2013
|-
|May 23, 2013
|Vote to modify SECTION 3.03 of OWASP Foundation Bylaws to allow for Board Members not able to attend in person Board Meeting: "and shall be highly encouraged to meet in person at least once annually at a date to be announced and agreed upon" [https://docs.google.com/a/owasp.org/document/d/1jCQYmc-NC5L_JVLsx3INrCrM_iacE9ujhH0Nf6iriXw/edit June 10, 2013 Board Meeting Minutes].
|Jim, Michael, Seba, Eoin, Dave
|Tom
|Pass
|June 10, 2013
|-
|May 31, 2013
|Vote to approve Foundation Signatory Policy outlined in [https://docs.google.com/a/owasp.org/document/d/1wBmgSFkwS8d3r2xMjqlIMlu2Nf4lLdMeC5QLM6g42zw/edit Executive Director Report].
|Tom, Jim, Michael, Seba
|
|Pass
|June 3 2013
|-
|May 31, 2013
|Vote to approve budget modifications outlined in [https://docs.google.com/a/owasp.org/document/d/1wBmgSFkwS8d3r2xMjqlIMlu2Nf4lLdMeC5QLM6g42zw/edit Executive Director Report] primarily to fund increased staffing costs.
|Tom, Jim, Michael, Seba
|
|Pass
|June 3 2013
|-
|May 13, 2013
|Vote in support of EC Council Grant Proposal Submission [https://docs.google.com/a/owasp.org/document/d/1WkOEYvvtj5Z3fJyKTipdnsjHIM7hr25oma3PCab5dGk/edit Board Meeting Minutes]
|Tom, Jim, Michael, Seba, Dave, Eoin
|
|Pass
|May 13, 2013
|-
|May 13, 2013
|Vote to confirm [https://drive.google.com/a/owasp.org/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing 2013 OWASP Strategic Goals]
|Tom, Jim, Michael, Seba, Dave, Eoin
|
|Pass
|May 13, 2013
|-

|-
|April 8, 2013
|Vote to hire an executive director to the OWASP foundation.
|Tom, Jim, Michael, Seba, Eoin, Dave
|
|Pass Effective going forward (April 2013 -
| 8th April 2013
|-

|-
|Feb 11, 2013
|Vote to implement board member term limits to 4 consecutive 2 year terms.
|Tom, Jim, Michael, Seba, Eoin
| Dave
|Pass Effective going forward (January 2014 - next election
| Feb 11, 2013
|-

|-
|Feb 12, 2013
|Vote to officially dissolve global committees and proceed with Initiatives model https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus
|Tom, Dave, Jim, Michael, Seba, Eoin
|
|Pass
| Feb 12, 2013
|-
|Jan 14 2013
| Move schedule of AppSecUSA to Q2 starting in 2014 (Q1 APAC, Q2 USA, Q3 EU, Q4 LATAM)
| Michael, Tom, Jim, Eoin, Seba
| Dave - not present to vote
| Pass
|Jan 14 2013
|-
|Jan 14 2013
| 60/40 membership split (Foundation/Chapters)
| Michael (voted Jan 14), Eoin (voted Jan 14), Seba (email vote [http://lists.owasp.org/pipermail/owasp-board/2013-February/011672.html Feb 26]), Dave (email vote [http://lists.owasp.org/pipermail/owasp-board/2013-February/011673.html Feb 26])
| Abstain - Tom (conflict as a chapter leader), Jim
| Pass
| Feb 26, 2013
|-
|Dec 10, 2012
| Anti-Harassment Policy for Conferences [https://docs.google.com/document/d/1clGSKA_W1J1-ODCP5pjAkOgD_BjjLf1TcQo54CG93oU/edit?pli=1 Link]
| Eoin, Tom, Seba, Matt, and Michael
| Dave - not present to vote
| Pass
|Dec 10, 2012
|-
| November 29, 2012
| Event Profit Split Proposal [https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit Link]
| Eoin, Seba, Matt, Dave and Michael
| Tom
| Pass
|Dec 5, 2012
|-
|May 14, 2012
|Does the OWASP Board support the Projects Reboot Initiative with initial funding of $15,0000? Cut off date for initial round of funding end of June 2012.
|Michael, Dave, Tom, Seba, Eoin
|
|Pass
|May 14, 2012
|-
|April 5, 2012
|Vote to approve New Membership Wording on Landing page
|Michael, Matt, Eoin, Dave, Seba
|
|Pass
|April 5, 2012
|-
|April 5, 2012
|Sarah Baso has contract signing authority
|Michael, Matt, Tom, Eoin, Seba, Dave
|
|Pass
|April 5, 2012
|-
|April 5, 2012
|Move forward with Cruise Summit Panning
|
|Seba, Eoin, Michael, Dave, Tom
|Fail - defer summit to consider new proposals and board direction
|April 5, 2012
|-
|March 12, 2012
|Include in registration a mandatory field that makes the member (corporate or individual) to choose a local chapter/project or to choose “none”
|Michael, Matt, Tom, Eoin
|
|Pass
|March 12, 2012
|-
|February, 2012
|Is the Global Conference Committee Liason authorized to sign financial contracts below $15,000?
|
|Tom, Eoin, Seba, Matt, Michael
|Fail
|February, 2012
|-
|10-Jan-2012
|Vote to approve the 4 job descriptions as written (with minor edits noted in Board meeting minutes) [[January_9,_2012| link to job descriptions and meeting minutes]]
|Michael, Matt, Tom, Seba, Eoin
|
|Pass
|10-Jan-2012
|-
|10-Jan-2012
|Vote to approve [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdFRTX1ZvUHU5U1N3WVRGNm56cDlOM1E&hl=en_US#gid=0 2012 Budget] as written, with quarterly check in
|Michael, Matt, Tom, Seba, Eoin
|
|Pass
|10-Jan-2012
|-
|10-Jan-2012
|Proposal to remove OWASP member #72624861per Foundation Bylaws 4.03
| Michael, Eoin, Matt, Tom, Seba
|Dave
|Pass
|10-Jan-2011
|-
|14-Nov-2011
|Letter of Intent from Security Innovations [https://www.owasp.org/images/e/e9/OWASP_-_Letter_of_Intent_%28Security_Innovations%29.pdf Letter of Intent Security Innovations]
|Dave, Matt, Tom, Seba
|
|Pass
|14-Nov-2011
|-
|10-Oct-2011
|Do you support a modification to the election policy that during annual owasp elections for the OWASP International Board of Directors that the candidate must be in good standing and have served the community in the role of active global committee member for min 12 months?
|Tom, Seba, Eoin
|Michael, Matt, Dave
|Fail
|October 21, 2011
|-
|14-Nov-2011
|Letter of Intent from Security Innovations [https://www.owasp.org/images/e/e9/OWASP_-_Letter_of_Intent_%28Security_Innovations%29.pdf Letter of Intent Security Innovations]
|Dave, Matt, Tom, Seba
|
|Pass
|14-Nov-2011
|-
|10-Oct-2011
|Do you support a modification to the election policy that during annual owasp elections for the OWASP International Board of Directors that the candidate must be in good standing and have served the community in the role of active global committee member for min 12 months?
|Dave, Tom, Seba, Eoin
|Michael, Matt
|Pass
|20-Oct-2011
|-
|6-Sept-2011
|Approve Exception to Board term for 2011 election. Newly elected board members will begin their term at the September 20 Meeting and will continue until December 31, 2013
|Dave, Jeff, Seba, Eoin, Matt
|Tom
|Pass
|6-Sept-2011
|-
|6-Sept-2011
|Vote to approve the Rackspace agreement
|Matt, Seba, Jeff, Dave, Eoin
|
|Pass
|6-Sept-2011
|-
|23-Aug-2011
|Vote to Ammend the ByLaws to indicate a Board of Directors Term of 24 months commencing January 1 following the election
|Matt, Tom, Seba, Eoin, Jeff
|Dave Wichers
|Pass
|29-Aug-2011
|-
|23-Aug-2011
|Vote to Approve [https://www.owasp.org/images/2/24/OWASP_Hacking-Lab_Letter_of_intent_0.9.pdf Hacking-Lab Letter of Intent]
|Eoin, Dave, Matt, Tom, Seba
|
|Pass
|24-Aug-2011
|-
|23-Aug-2011
|Vote to Approve [https://www.owasp.org/images/4/4d/2011_ISSA_International_Conference_OWASP_Co-Marketing_Agreement_FINAL.pdf GCC Blanket Co Marketing Agreement]
|Eoin, Dave, Matt, Tom, Seba
|
|Pass
|24-Aug-2011
|-
|8-Aug-2011
|Vote to approve allocation of additional $5,000 to Conference Committee Budget (from general OWASP fund) for schwag requests
|
|
|[deferred to after next committee chair meeting - Sept. meeting]
|
|-
|8-Aug-2011
|Yes/No Will LACSON be grated exception from Conference Committee Oversight?
|Jeff, Seba, Eoin
|Tom, (Matt - Abstain)
|Pass (3 of 5 present at meeting)
|8-Aug-2011
|-
|8-Aug-2011
|Yes/No Will the Foundation allocate $5K - $10K for OWASP Brochure Website - Design Funding
| Jeff, Seba, Eoin, Tom, Matt
|
|Pass (5 of 5 present)
|8-Aug-2011
|-
|

|
|
|
|
|
|-
|
|
|
|
|
|
|-
|
|
|
|
|
|
|-
|}
* Date of final vote received needed for pass/fail quorum

May 22, 2015

2015-05-06T06:16:58Z

Tgondrom: change of date and time

May 22, 2015

2015-05-06T06:15:47Z

Tgondrom: Tgondrom moved page May 23, 2015 to May 22, 2015: change of date

May 23, 2015

2015-05-06T06:15:47Z

Tgondrom: Tgondrom moved page May 23, 2015 to May 22, 2015: change of date

#REDIRECT [[May 22, 2015]]

Board

2015-05-06T06:15:16Z

Tgondrom: /* Agenda for 2015 Meetings */ change of date to May-22

April 29, 2015

2015-04-29T18:58:18Z

Tgondrom: /* New Business */ added update to 3.03 of bylaws proposal

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[link:addme Meeting Recording]

===Time===
05:00 Australian Eastern Standard Time

12:00pm Pacific / 14:00 Central / 15:00 Eastern / 20:00 BST / 21:00 CEST

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
[link:addme Meeting Minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

[https://www.owasp.org/images/1/11/2015_Global_Board_Of_Directions_Election_.pdf Proposal on 2015 Board of Director Election] - Kelly

[https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit Proposal on OWASP Summer of Code] - Konstantinos Papapanagiotou
* Adjusted to 10 Student slots at $1500 each. Total funding request $15,000

[https://docs.google.com/document/d/1V4zH9svGFg51eyfN8g3lLNM9lJUZk27U6deU6M3KLKE/edit Minutes from March 25 for Approval]

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
*

=== Vice Chairmain's Report - Josh Sokol ===
*

=== Treasurer Report - Fabio Cerullo ===
*

=== Secretary Report - Matt Konda ===
*

=== Compliance Officer Report - Martin Knobloch ===
*

=== Updated from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===

==Reports==
* Executive Director/Operations Update - [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKaUY1dVpCTHdfUGs/view?usp=sharing Rollup Report P.Ritchie]
** Financial Update - [https://drive.google.com/a/owasp.org/file/d/0BxjNZI6rYJRKZWd3dXh5WGtxNGs/view?usp=sharing March 2015 Monthly Financials]
** Director Update - Kate Hartmann - [https://docs.google.com/a/owasp.org/document/d/1QTn51vyQIz2p7rPrm3Xroc5n4wCuBUM5eCJS8gkgKbg/edit?usp=sharing Kate Hartmann Update]
** Project Manager Update - [link:addme Project Manager Report]
** Membership Update - [https://www.owasp.org/index.php/March_2015_Membership_Report Membership Report]
** IT Update - [https://docs.google.com/a/owasp.org/document/d/1VTXiz7F8a7iDgxghzpyfCm1dF8y8-X6EIIGrB99qesU/edit?usp=sharing April 2015 Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Revisit Candidates for OWASP EU Officer positions. Board Members to ID candidates with experience, and work to confirm availability & interest during F2F meetings in Amsterdam. Goal is to transition to new OWASP-EU Officers in June.

* Review & Approve Minutes from March 25. Edit or update if needed.

* add items

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* J.Sokol - Compliance Officer Role for 2015
** [vote needed | discussion topic]

* OWASP Summer of Code Sprint Proposal (Fabio?)
** vote needed, need proposal
** https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing - is this the latest version of the proposal???

* Proposed change to Section 3.03 of the bylaws (Bil Corry)
** Text: "PROPOSED SECTION 3.03 Regular Meetings. The Board of Directors shall have regular meetings as needed. A link to the board meeting agenda’s and the historical minutes is here: https://www.owasp.org/index.php/OWASP_Board_Meetings. Meetings shall be at such dates, times, and places as the Board shall determine in December of the preceding year and as amended by the Board. In no event will there be less than one meeting per quarter. These meetings will be open to public attendance, however, certain portions of the meeting may be closed to board members and their delegates when required for legal reasons, or to shield liability, or to handle personnel issues, or similar. Attendance in person or virtually by board members is required at no less than 75% of the total meetings each year and shall be highly encouraged to meet in person at least once annually at a date to be announced and agreed upon. Attendance is tabulated after every scheduled meeting for the purpose of determining if the 75% attendance requirement has been met, and the tabulation is based upon the entire calendar year. Cancelled meetings are considered attended for the purposes of the tabulation. Failure by a board member to meet the 75% attendance requirement after any tabulation will cause a mandatory vote of confidence by the remaining board members, whose votes will be publicly recorded. An overall vote of "no confidence" is recorded if half or more of the board members vote for it, which causes the board member in question to be instantly removed from their seat on the board. Vacancies on the board are handled as per Section 3.10."
** current bylaws: https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf
** short discussion whether 75% or 66% or what would be good number?

== Action Items==
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

April 29, 2015

2015-04-27T22:56:18Z

Tgondrom: Tgondrom moved page April 30, 2015 to April 29, 2015 over redirect: mistake, sorry

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
*[link:addme Meeting Recording]

===Time===
05:00 Australian Eastern Standard Time

12:00pm Pacific / 14:00 Central / 15:00 Eastern / 20:00 BST / 21:00 CEST

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
[link:addme Meeting Minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

[https://www.owasp.org/images/1/11/2015_Global_Board_Of_Directions_Election_.pdf Proposal on 2015 Board of Director Election] - Kelly

[https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit Proposal on OWASP Summer of Code] - Konstantinos Papapanagiotou
* Adjusted to 10 Student slots at $1500 each. Total funding request $15,000

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
*

=== Vice Chairmain's Report - Josh Sokol ===
*

=== Treasurer Report - Fabio Cerullo ===
*

=== Secretary Report - Matt Konda ===
*

=== Compliance Officer Report - Martin Knobloch ===
*

=== Updated from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===

==Reports==
* Executive Director/Operations Update - [link:addme Rollup Report P.Ritchie]
** Financial Update - [link:addme Monthly & YTD Financials]
** Director Update - Kate Hartmann - [https://docs.google.com/a/owasp.org/document/d/1QTn51vyQIz2p7rPrm3Xroc5n4wCuBUM5eCJS8gkgKbg/edit?usp=sharing Kate Hartmann Update]
** Project Manager Update - [link:addme Project Manager Report]
** Membership Update - [https://www.owasp.org/index.php/March_2015_Membership_Report Membership Report]
** IT Update - [link:addme Matt Tesauro Report]

=== Community Initiative Reports ===
*
*

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Revisit Candidates for OWASP EU Officer positions. Board Members to ID candidates with experience, and work to confirm availability & interest during F2F meetings in Amsterdam. Goal is to transition to new OWASP-EU Officers in June.

* add items

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* J.Sokol - Compliance Officer Role for 2015
** [vote needed | discussion topic]

* OWASP Summer of Code Sprint Proposal (Fabio?)
** vote needed, need proposal
** https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing - is this the latest version of the proposal???

* Proposed change to Section 3.03 of the bylaws (Bil Corry)
** Text: "PROPOSED SECTION 3.03 Regular Meetings. The Board of Directors shall have regular meetings as needed. A link to the board meeting agenda’s and the historical minutes is here: https://www.owasp.org/index.php/OWASP_Board_Meetings. Meetings shall be at such dates, times, and places as the Board shall determine in December of the preceding year and as amended by the Board. In no event will there be less than one meeting per quarter. These meetings will be open to public attendance, however, certain portions of the meeting may be closed to board members and their delegates when required for legal reasons, or to shield liability, or to handle personnel issues, or similar. Attendance in person or virtually by board members is required at no less than 75% of the total meetings each year and shall be highly encouraged to meet in person at least once annually at a date to be announced and agreed upon. Attendance is tabulated after every scheduled meeting for the purpose of determining if the 75% attendance requirement has been met, and the tabulation is based upon the entire calendar year. Cancelled meetings are considered attended for the purposes of the tabulation. Failure by a board member to meet the 75% attendance requirement after any tabulation will cause a mandatory vote of confidence by the remaining board members, whose votes will be publicly recorded. An overall vote of "no confidence" is recorded if half or more of the board members vote for it, which causes the board member in question to be instantly removed from their seat on the board. Vacancies on the board are handled as per Section 3.10."
** current bylaws: https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf

== Action Items==
*

==Announcements==

==Adjournment==
*Next meeting date/time:

==Motion to close meeting==

April 30, 2015

2015-04-27T22:56:18Z

Tgondrom: Tgondrom moved page April 30, 2015 to April 29, 2015 over redirect: mistake, sorry

#REDIRECT [[April 29, 2015]]