This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

November 18, 2015

Jump to: navigation, search

Dial In Info

Notice of Recording


  • November 18 OWASP Board meeting, Start-time is 14:00 - 15:30 PST
  • Start-Time adjusted for Daylight Savings time end. View to confirm


Teleconference Information:

International Toll Free Calling Information

Attendance Tracker

Board Meeting Attendance Tracker

Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

Financial Summary 2015 + Forecast for 2016 Updated Nov.18

Meeting Agenda

Call to Order /OWASP Mission

  • (5 minutes) - Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed)

Discussion Topics

  • (30 minutes) - 2016 Strategic Goals
    • Top 3-4 Project Priorities?
    • Project Summits: Multi-Day, or Standalone event
    • Training/Education:
    • Advocacy & Liaison:
    • Any modification to 2015 Goals for Chapter / Events / Outreach?
    • What investment in International events /Chapters? AppSec China, LATAM Tour, AppSec India, etc.
  • (30 minutes) - 2016 Budget Priorities based on Goals
    • Update on Project & Chapter Level Budgeting - Paul
    • Board recommendations on Funding allocations per goal
  • From Andrew email of Nov. 12: His recommendations

AppSec India Seed.

I would like to set aside $25k for an AppSec India seed. This might need to be extended to a larger amount once actual planning takes place and a venue and size estimated. We would most likely get this back or better, so revenue neutral at worst, profitable at best.

Pros: Core to our mission, only draw down if India chapters get planning. Cons: None.

OWASP Infrastructure Transformation

From Matt Tesuaro's briefing to us earlier this year, I believe we have a lot of technical debt in OWASP's sprawling and basically unmanaged infrastructure. If we don't have a good handle on our information assets, we will lose them. I believe as part of a wider program of works, we need to contract Matt's time as a project where this is his day job for a while, first by taking a full inventory of assets, making a recommendation for rolling all like systems into one, and making recommendations like the MailMan upgrade / migration project.

Pros: Will drive out costs in subsequent years. Will increase the effectiveness of Matt's time to look after only a smaller number of more critical systems. Allows us to do things we can't do today. Cons: will likely cost a bit. I would like to say 2-3 months of Matt's time, which we would need to price out and make sure that we have a clear understanding of achievable outcomes.

Project Summits

I would like to put forward a proposal that could take a fair chunk of change. I would like us to put $25k x 2 to be made available to AppSec EU and AppSec US, to allow a week long project summit, prior to the actual conferences. Projects would bid for some of the cash for travel expenses, where we favor locals with lower costs over far flung remote costs.

I would like us to make it clear that folks can participate in a sponsorship drive for the Project Summit to top up these funds.

Pros: Core to our mission that we work on projects. Cons: Would need to make sure that projects are chosen based upon need or strategic significance to OWASP, such as previous Flagship projects who need a lot of TLC to get back into the good books.


  • Postponed until December meeting to allow full focus Nov. 18 on Goals & Budget discussion

Community Initiative Reports

Old Business

All active board proposals are listed here

New Business

All active board proposals are listed here

Action Items



  • Next meeting date/time:

Motion to close meeting