This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

April 20, 2016

Jump to: navigation, search

Dial In Info

Notice of Recording

  • Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
  • Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
  • Meeting Recording



Teleconference Information:

International Toll Free Calling Information

Attendance Tracker

Board Meeting Attendance Tracker

Meeting Minutes

April 20, 2016 Meeting Minutes:
March 16, 2016 Meeting Minutes:

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

Meeting Agenda

Call to Order /OWASP Mission

  • Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)


Chair's Report - Matt Konda

  • Support Operations
    • Approval flows (Payroll, large payments)
    • Paperwork for termination and leave
    • Weekly staff call
    • 2-3 check ins with operations director per week.
    • Various firefighting around projects, etc.
  • Hiring
    • Talked to Insperity recruiting for Community Manager and Tech Project Manager
    • Talked with Virtual about Interim ED options.
    • Working on short term fill for community manager time
  • Developer outreach
  • Web site assessment support

Vice Chair's Report - Josh Sokol

  • Update on Bug Bounty Program

Treasurer Report - Andrew van der Stock

  • Financial Package available here:

I've gone through the February 2016 financial package, which Tom Pappas will step us through. I've asked for clarification on expenses, as there's a lot of untracked expenses. In fact, it seems there's a pattern of behavior from some chapters, which I will do more research over as time goes on. Tom has agreed to add a new page to the P&L financial package to help track expenses directly from Quickbooks. This is shown in the second file. I think this is super helpful in analysing all the outgoings instead of a single line in previous packages.

tl;dr - we're doing well. We are slightly ahead of budget, we have extended our run rate out to 3.45 months, which is 0.7 months better than last month. Tom has noted that our chapter balances continue to grow. At some point we will need to work on what constitutes holding reasonable rainy day funds to achieve the Chapters mission, against both the actual definition of not-for-profit US tax status, as well as the opportunity cost of simply holding that much cash without investing it or doing something else with it.

Our aged receivables continues to grow. I asked Alison to look into it, as we have nearly $90k owing to us right now, and I think spending a few days on the phone to work out if we need more sponsors (i.e. those bills will not be paid), or actually get paid. I haven't seen the results of this yet, so I'll hand over to Alison to see where we are on the aged receivables front. I know ringing people up and asking for money is not a pleasant task, but it's got to be done. If we as a Board know some of these folks, let's leverage our connections to see if we can make it better.


Due to ED medical leave of absence, I and Matt K have stepped in. I'm doing most of the approvals, and it seems to be working okay for now. Matt Konda is performing double verification for expenses over $10k, which included:

- $13,875 for AppSec CA 2017 venue deposit. This is the normal time of year for this expense, and AppSec CA always makes a profit, so approved
- $10,500 for JavaOne conference sponsorship. Matt K was a second approver for this expense. 
- $7,500 for Sooryen Consulting for our needs analysis. This falls under the $10k approval limit, but I wanted to call this out as overall, this is half of the overall fee. 
- $6,532.50 for Fonteva, which apparently is our CRM that sits atop SalesForce. There are significant fees for Fonteva over a 12 month period, so I will hope that all CRMs are wrapped together sooner or later
- $6,670 for Virtual management's monthly fee

There are a heap of day to day chapter expenses. One was denied before it got to approval status, probably due to a lack of chapter balance.


Payroll approval is in the process of adding Matt Konda and myself as approvers. I have provided my details to be an approver, so OWASP will be able to make payroll this month.

PTO leave entitlements were sent through to Insperity to ensure that two staff on various forms of leave are correctly accounted for.

Secretary Report - Jim Manico

  • Dr. Wetter expressed a strong concern about OWASP branding use inside of Germany by a specific company. Suggest moving this complaint to the compliance group.

Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom


Community Initiative Reports

Old Business

All active board proposals are listed here

  • add items

New Business

All active board proposals are listed here

  • Andrew van der Stock - Succession planning. Discussion & Vote [10 minutes]
    • vote needed - please see reading material above for the motion
  • Tom Brennan - Approval of Corporate Support Logos
    • March 22nd Thread about logo abuse - On Background, April 15th Survey Results Survey
    • discussion and vote needed
  • Tom Brennan - Status on OWASP FTE (Executive Session HR)
    • April 15th announcement of (2) roles - *New* Senior Technical Coordinator and backfill for Global Community Manager details

Action Items

  • MOTION - Fix lack of women keynotes in OWASP conferences
  • IT Motions (Josh Sokol, seconded by Jim Manico)
    • Motion 1: Give Matt Tesauro an OWASP Foundation credit card. - He is a former Board member and a trusted staff member of the Foundation. I see no reason why, if that makes his job easier, it shouldn't be. Let's rectify that.
    • Motion 2: Approve funding for up to $200/month (good for 50 GB/month) of PaperTrail services. - We all know how important logging is and Matt stated it would make his job easier. This seems like a no brainer.
    • Motion 3: Approve funding for $20k worth of part-time/contractor System Administrator resources to aide in managing and securing OWASP's infrastructure.
  • MOTION - hire Dawn Aitken for up to 20 hours per week as acting Community Manager until the role is filled. AJV (Executive Session HR)



Motion to close meeting