This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "September 19, 2017"

From OWASP
Jump to: navigation, search
(AppSecUSA)
 
(14 intermediate revisions by 5 users not shown)
Line 12: Line 12:
 
  CALL TO ORDER
 
  CALL TO ORDER
  
  CHANGES TO THE AGENDA
+
  CHANGES TO THE AGENDA (Open to anyone including members of the public)
  
 
  APPROVAL OF MINUTES
 
  APPROVAL OF MINUTES
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]
+
- Approval of prior [https://docs.google.com/a/owasp.org/document/d/1jA8EuT496FWy2s2N1CHcDRTDEy3gaNJ9RRzYMQu1MHo/edit?usp=sharing Prior Meeting Minutes]
  
 
  REPORTS
 
  REPORTS
 
OWASP Foundation is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.]  A link to the monthly operational report can be found here:  [http://owasp.blogspot.com/2017/01/owasp-operations-update-for-january-2017.html REPORT]
 
OWASP Foundation is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.]  A link to the monthly operational report can be found here:  [http://owasp.blogspot.com/2017/01/owasp-operations-update-for-january-2017.html REPORT]
  
 +
=== Finance Report ===
 +
From Tom Pappas:
  
 +
"Attached please find the preliminary (due to Dev Summit 2017 not completely closed out yet) OWASP Combined (Converted to USD for all reports) financial pkg for July 2017 which represents financial performance through seven months of 2017.  I have used the approved version of the Budget for a comparison. 
 +
 +
Here is a summary of the Activity YTD. All amounts are combined with the EU and converted to USD in these reports:   
 +
 +
'''Income Statement:''' 
 +
 +
'''Revenue:'''  On an accrual basis, total revenue YTD through Jul 2017 was $1.423.8 million as compared to a plan of $1,196 million.  The results are a $227.7K ahead of plan as of 7.31.17, due primarily to APSEC Cali being over vs APSEC EU being under budget. 
 +
 +
'''Expenses:'''   Total spending YTD was over plan by $50.1Kk due the Over Spending on Conference and Chapters offset by underspending in Community outreach (Marketing), Professional services (No Wiki proj spending) and Grant expense.
 +
 +
'''Net Income/Loss:'''  YTD on a combined Accrual basis we are at a loss of $252.9K vs a budgeted '''LOSS''' of $430.6K for a net gain to the budget of $177.6K.  I want to add some caution here as Apsec EU 2017 was about $57K underbudget.  We also, more than ever need Apsec 2017 US to be a success (meet or exceed Bud of $585K net income or the total 2017 budgeted loss of $235K will be more, though it is not looking like we will achieve this) and we just agreed to $45K for the ED search so we need to continue to monitor revenue and spending VERY closely as we move throughout the rest of 2017.  
 +
 +
'''Chapter Funds:''' On an accrual basis, as of 7.31.17 The US Bal is $758.5K, while down a couple of thousand dollars from last month is still a large draw on funds.  This is an issue that is only going to magnify as our events continue to be successful.  Chapter balances will continue to grow to a point where they exceed the amount of cash OWASP has on hand in its Bank accounts, which could happen as soon Aug 2017.  Also, the EU Ch was up a couple of thousand dollars at $74.8K balance.  I also ran the Proj balances and they are now Combined at $114.4K vs the $95K at the end of June.
 +
 +
POINTS of NOTE:
 +
 +
About APSEC EU 2017, I am told there are a few minor stragglers for minor bills to fully close it out in Aug 17 but as of now please review the APSEC EU 2017 tab, as we were about $84K under in revenue and $27K Under in expense (if no more come in) which takes us to <$57K> in Net income, which is being offset by other events such as Apsec Cali.  As noted in previous months not sure that will continue, so Spending should still be monitored and we need to have Apsec US in Sept meet or exceed the budget of $585K Net income.
 +
 +
There are a couple of points I want to highlight.  The first is about cash while we had $1.68 million in the bank (if we add in half of the Open AR of $172K the balance would be $1.872 million to be conservative). Factoring in accounts payable, Credit Card chgs and VAT payable for the Italian event in 2016 that is over $673K, it takes cash down to about $1.07 Million.  So while not a true cash flow issue, yet, if you take out the Ch balance of $833K and the Proj balance of $115K it leaves us with just about $60K of liquid Oper cash.  Now add that to half the open AR of $172K we have about $230K of Oper. reserves.  I just want to keep this on EVERONE’s radar as we move forward ad this leaves our Oper. cash reserve at .75 months and when we add in half the open AR it takes us to just about 3 months, again this needs to continue to be monitored closely."
 +
* July 2017 Balance Sheet https://drive.google.com/open?id=0B4xgbqJzimL4Ql93RVZVTGRzcVFqTXdrUnhSenMxNVJ0cU9J
 +
* July 2017 Board Summary https://drive.google.com/open?id=0B4xgbqJzimL4UFpGUzhyVVotcS04RUZWMWNjWEJhU3BMemZV
 +
* July 2017 Combined Financial Package https://drive.google.com/open?id=0B4xgbqJzimL4eEJqT0xKcFlha2RYWDlhYUt4a1h6WEh1YlUw
 
  OLD BUSINESS
 
  OLD BUSINESS
  
Line 26: Line 50:
 
  NEW BUSINESS
 
  NEW BUSINESS
  
For Vote:<br>
+
[Martin] For Vote:<br>
1. Approve the OWASP 2018 venue contract (see email Seba http://lists.owasp.org/pipermail/owasp-board/2017-September/018332.html)<br>
+
1. Approve the OWASP Summit 2018 venue contract (see email Seba http://lists.owasp.org/pipermail/owasp-board/2017-September/018332.html)<br>
2. Recognize the OWASP Summit 2018 as a global event with equal staff support as for an appsec conference<br>
+
2. Recognize the OWASP Summit 2018 as a global event with equal staff support as for a Global AppSec conference<br>
 
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers  
 
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers  
  
 +
[Andrew] For discussion
 +
# Chapter and project balances - We can't put off finance reform any longer, we need to make changes to the way projects and chapters are funded
 +
# Operational reserves - How do we get back to six months of operational reserves
 +
# Accounts receivable - need to work on getting aged receivables fixed
 +
[Matt T] For Vote:
 +
 +
Clarification/modification of change approved in the [[August 9, 2017|August 9th Board Meeting]] to handle minor payables
 +
 +
Modification:  The original proposal removed the board approval from specific types of reimbursements and payables.  However, the intent of the change (streamlining payments) was blocked by the need for board members (Chairman or Treasurer) to "release" the funds from the US bank account.  The proposed modification would allow for the release of funds from the US bank for any of the specific reimbursement categories below.  As we are currently doing, the details of all payables will be sent to the board during the bi-monthly payment batches so the board is apprised of all payables regardless of the categories below. 
 +
 +
Previous wording from the August meeting is below for reference.  Changes to the original text are underlined.
 +
 +
'''''{previous proposal start}'''''
 +
* Proposed: Adjust approval processes to meet operational needs as outlined below. [Matt Tesauro] Also supported by Matt Konda.
 +
** Remove board approval <u>and funds release</u> for any expense that meets any one of the criteria below
 +
*** Reimbursement from chapter/project funds which have a sufficient balance capped at $10k
 +
*** Routine expenses who already have budget allocated e.x. mobile phone bill capped at $10k
 +
*** Expenses under $10k which O&A Committee have approved and are already budgeted
 +
*** Payroll expenses that
 +
**** Are the same as the past month’s salary (e.g. same as always) since
 +
***** For salaried staff, payroll expense is fixed
 +
***** For hourly staff, hours will be approved by Matt Tesauro
 +
**** Treasurer will review all salary payments on at least a quarterly basis
 +
*** Board must approve any changes to payroll outside the above conditions
 +
Since the board has already voted for budgeted, normal expenses and we WANT the community to spend down any chapter/project funds, I don't see benefit in the board re-approving the actual pend on the categories above.
 +
 +
'''Benefit''': Allow payables to be handled more efficiently and in a stream-lined fashion for routine and already budgeted items so that the board is removed from day-to-day operational issues.
 +
 +
'''''{previous proposal end}'''''
 +
 +
[Matt Konda]
 +
* [https://docs.google.com/document/d/1YZjyyinr1O2JYVj7pFszMZyngN1IrgayRuQxCRoUVNM/edit Proposal] to host 2018 AppSecUSA in San Jose.  (History [[OWASP Board Votes|OWASP Board Votes 9 May 17 | 14 Jan 15]])
 +
[Andrew and Tom Pappas] For Discussion
 +
* 2018 Budget Discussion
 +
[Andrew van der Stock] - AppSec AU Debrief
  
 
  COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
 
  COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
  
 +
2018 AppSecEU and AppSecUSA Locations
  
 +
[https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes vs. YTD Actions]
 
  ADJOURNMENT
 
  ADJOURNMENT

Latest revision as of 22:18, 19 September 2017

Meeting Location:

VIRTUAL

https://www3.gotomeeting.com/join/861328838

International Toll Free Calling Information

AGENDA This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

CALL TO ORDER
CHANGES TO THE AGENDA (Open to anyone including members of the public)
APPROVAL OF MINUTES

- Approval of prior Prior Meeting Minutes

REPORTS

OWASP Foundation is managed by the Operations Director who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the back office team. A link to the monthly operational report can be found here: REPORT

Finance Report

From Tom Pappas:

"Attached please find the preliminary (due to Dev Summit 2017 not completely closed out yet) OWASP Combined (Converted to USD for all reports) financial pkg for July 2017 which represents financial performance through seven months of 2017.  I have used the approved version of the Budget for a comparison. 

Here is a summary of the Activity YTD. All amounts are combined with the EU and converted to USD in these reports:   

Income Statement: 

Revenue:  On an accrual basis, total revenue YTD through Jul 2017 was $1.423.8 million as compared to a plan of $1,196 million.  The results are a $227.7K ahead of plan as of 7.31.17, due primarily to APSEC Cali being over vs APSEC EU being under budget. 

Expenses:   Total spending YTD was over plan by $50.1Kk due the Over Spending on Conference and Chapters offset by underspending in Community outreach (Marketing), Professional services (No Wiki proj spending) and Grant expense.

Net Income/Loss:  YTD on a combined Accrual basis we are at a loss of $252.9K vs a budgeted LOSS of $430.6K for a net gain to the budget of $177.6K.  I want to add some caution here as Apsec EU 2017 was about $57K underbudget.  We also, more than ever need Apsec 2017 US to be a success (meet or exceed Bud of $585K net income or the total 2017 budgeted loss of $235K will be more, though it is not looking like we will achieve this) and we just agreed to $45K for the ED search so we need to continue to monitor revenue and spending VERY closely as we move throughout the rest of 2017.  

Chapter Funds: On an accrual basis, as of 7.31.17 The US Bal is $758.5K, while down a couple of thousand dollars from last month is still a large draw on funds.  This is an issue that is only going to magnify as our events continue to be successful.  Chapter balances will continue to grow to a point where they exceed the amount of cash OWASP has on hand in its Bank accounts, which could happen as soon Aug 2017.  Also, the EU Ch was up a couple of thousand dollars at $74.8K balance.  I also ran the Proj balances and they are now Combined at $114.4K vs the $95K at the end of June.

POINTS of NOTE:

About APSEC EU 2017, I am told there are a few minor stragglers for minor bills to fully close it out in Aug 17 but as of now please review the APSEC EU 2017 tab, as we were about $84K under in revenue and $27K Under in expense (if no more come in) which takes us to <$57K> in Net income, which is being offset by other events such as Apsec Cali.  As noted in previous months not sure that will continue, so Spending should still be monitored and we need to have Apsec US in Sept meet or exceed the budget of $585K Net income.

There are a couple of points I want to highlight.  The first is about cash while we had $1.68 million in the bank (if we add in half of the Open AR of $172K the balance would be $1.872 million to be conservative). Factoring in accounts payable, Credit Card chgs and VAT payable for the Italian event in 2016 that is over $673K, it takes cash down to about $1.07 Million.  So while not a true cash flow issue, yet, if you take out the Ch balance of $833K and the Proj balance of $115K it leaves us with just about $60K of liquid Oper cash.  Now add that to half the open AR of $172K we have about $230K of Oper. reserves.  I just want to keep this on EVERONE’s radar as we move forward ad this leaves our Oper. cash reserve at .75 months and when we add in half the open AR it takes us to just about 3 months, again this needs to continue to be monitored closely."

OLD BUSINESS


NEW BUSINESS

[Martin] For Vote:
1. Approve the OWASP Summit 2018 venue contract (see email Seba http://lists.owasp.org/pipermail/owasp-board/2017-September/018332.html)
2. Recognize the OWASP Summit 2018 as a global event with equal staff support as for a Global AppSec conference
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers

[Andrew] For discussion

  1. Chapter and project balances - We can't put off finance reform any longer, we need to make changes to the way projects and chapters are funded
  2. Operational reserves - How do we get back to six months of operational reserves
  3. Accounts receivable - need to work on getting aged receivables fixed

[Matt T] For Vote:

Clarification/modification of change approved in the August 9th Board Meeting to handle minor payables

Modification: The original proposal removed the board approval from specific types of reimbursements and payables. However, the intent of the change (streamlining payments) was blocked by the need for board members (Chairman or Treasurer) to "release" the funds from the US bank account. The proposed modification would allow for the release of funds from the US bank for any of the specific reimbursement categories below. As we are currently doing, the details of all payables will be sent to the board during the bi-monthly payment batches so the board is apprised of all payables regardless of the categories below.

Previous wording from the August meeting is below for reference. Changes to the original text are underlined.

{previous proposal start}

  • Proposed: Adjust approval processes to meet operational needs as outlined below. [Matt Tesauro] Also supported by Matt Konda.
    • Remove board approval and funds release for any expense that meets any one of the criteria below
      • Reimbursement from chapter/project funds which have a sufficient balance capped at $10k
      • Routine expenses who already have budget allocated e.x. mobile phone bill capped at $10k
      • Expenses under $10k which O&A Committee have approved and are already budgeted
      • Payroll expenses that
        • Are the same as the past month’s salary (e.g. same as always) since
          • For salaried staff, payroll expense is fixed
          • For hourly staff, hours will be approved by Matt Tesauro
        • Treasurer will review all salary payments on at least a quarterly basis
      • Board must approve any changes to payroll outside the above conditions

Since the board has already voted for budgeted, normal expenses and we WANT the community to spend down any chapter/project funds, I don't see benefit in the board re-approving the actual pend on the categories above.

Benefit: Allow payables to be handled more efficiently and in a stream-lined fashion for routine and already budgeted items so that the board is removed from day-to-day operational issues.

{previous proposal end}

[Matt Konda]

[Andrew and Tom Pappas] For Discussion

  • 2018 Budget Discussion

[Andrew van der Stock] - AppSec AU Debrief

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

2018 AppSecEU and AppSecUSA Locations

Board Votes vs. YTD Actions

ADJOURNMENT