This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

February 17, 2016

Jump to: navigation, search

Dial In Info

Notice of Recording



Teleconference Information:

International Toll Free Calling Information

Attendance Tracker

Board Meeting Attendance Tracker

Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

1. Proposal from Johanna on OWASP-Project-Review Updates & Incentives

  • Should Project Task Force be 'relaunched' as Project-Review-Committee with same Committee 2.0 procedures and authority?
  • Some questions in the proposal may be resolved at Committee level, without needing board motion & approval. (P.Ritchie interpretation)
  • Summary of Questions & response from Johanna dated Feb.10, 2016

2. >> READ Staff Status reports below, including Detail Financial Report for 2015 through December 2015 in Excel format. P&L, A/R, A/P, Balance Sheet with cash balances for Foundation & Chapters & Projects

3.Help Secure OWASP assets initiative, contributions from volunteers

  • Which companies or individuals can contribute to help manage Wiki & mailing list with maintenance and patching?
  • Status of Bug Bounty management services for projects and other OWAPS assists as the WIKI - through Barter Deals with service providers

4. IT Transformation Discussion paper

  • IT Transformation Discussion paper

Meeting Agenda

Call to Order /OWASP Mission

Open Meeting - Start Recording, List attendees and Agenda update (only if last-minute changes are needed) (5 min)

  • Approve minutes from January 13, 2016.

Actionable Agenda Topics

  • Review, discuss, act on Johanna proposal. See reading material above.

Discussion Topics

Misc. Topics (10-15 Minutes)

Old Business

All active board proposals are listed here

  • Matt K: Action / Update on search for OWASP Compliance officer
  • Paul R: Action - Need clarification. Under financial proposal #3 & 4. Do 'Projects' require 2 leaders, or just 1 leader and 1 other active participant? Various emails recommend the latter. Staff recommends 1 leader plus 1 active participant for definition of active project.
    • Chapters are being managed with a 2 leader requirement.

New Business

All active board proposals are listed here

  • See Johanna new Project Review proposal above.

Action Item Follow-Up


Chairmain's Report - Matt Konda

  • Identified compliance team. (Fiona, Bil, Richard)
  • ED annual review underway. (Feedback solicited, reviewing materials)
  • Handoff from Tobias.
  • Financials call with Andrew and Virtual
  • Talked to 6 potential sponsors.
  • Participated in Project call.
  • Wrote sponsor letter for AppSecEU
  • Discussion with Kate about Training + Leader Summit and software sponsor tier.
  • Weekly one on one call.

Detail here:

Vice Chairmain's Report - Josh Sokol

  • TODO

Treasurer Report - Andrew van der Stock

I have had a kick off meeting with Paul, Alison, Matt, and Tom Pappas (our CFO) from Virtual to discuss a financial handover.

This meeting went well, and filled in a number of gaps for me. The main action items from my point of view are:

  • Establishing an OWASP archive for our financial and other corporate records that is accessible by Alison so we don't lose the lot if something happened to Alison's residence or computer. This applies primarily to our old records, which we need to keep for 7 years, but aren't necessarily used daily.
  • Ensuring that our FY15 year is closed out and our annual report is ready on time. This seems to be in hand, but I will keep on eye on things.
  • Paul is considering moving our accounts to a better financial institution as our current one requires us to use yet another payment service. This should improve our visibility of bills and make reconciliation easier. I support this move, as it should improve our transparency and reduce costs.
  • Once we have final reconciliation and the FY15 books are closed, I will ask my wife (a CPA) to look over the records to ensure things are okay.

Additionally, I asked about a line of credit that I heard was being established. Apparently there is something happening here. My main concern is that it shows up on the books so we can make sure we don't get into trouble by using it for operational expenditure unnecessarily. I understand the need for it, but we could easily get into trouble if we are paying bills on credit without a supporting income.

Secretary Report - Jim Manico

  • TODO

Updates from Members at Large

  • Michael Coates (Chapters)
    • Focus areas for investment into chapters this year include:
      • Chapter Leader Call by region (work with staff)
      • Chapter speaker rating system
      • Centralized chapter speaker recommendation system


  • Executive Director Status Report for 17 Feb 2016 Exec.Director Status Report - 17Feb2016
  • Membership & Business Liaison Report - Kelly Santalucia January Membership Report
  • Event Manager Report - Laura Grau February Report
  • Operations Report - Kate Hartmann report
  • Project Coordinator Report - Claudia Casanovas Report
  • Community Manager Report -Noreen Whysel Report
  • IT Update from Matt T.
    • MediaWiki has been updated 3 times since AppSec USA 2015 (Sept. 2015)
    • Upgrade to Mailman 3.0 & server delayed due to Website demands from CalifAppSec Team 'emergency', AppSec USA & AppSec EU website builds.
    • Some dead and inactive email lists cleaned out. Generally low priority re: other demands.
    • 10 hours /month is completely too little for demands from Community, especially for breakage & repair after Matt sets items up for community use. (Matt has details & examples)
    • Net, net Paul now working with staff and Matt T to define how to add resource with 'Matt level access' to cover more common community support needs, vs. Infrastructure/domain/server admin to remain with Matt T.

Community Initiative Reports

  • TODO


  • TODO


Motion to close meeting