This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Board
- About the OWASP Board
- Agenda for 2016 Meetings
- Board Communication
- Archive and Voting History
- Board Focus Ideas
Current OWASP Global Board - Effective January 2016
- Matt Konda Chicago, USA - matt.konda(at)owasp.org
- Josh Sokol Texas, USA - josh.sokol(at)owasp.org
- Andrew van der Stock Australia - vanderaj(at)owasp.org
- Jim Manico Hawaii, USA - jim(at)owasp.org
- Michael Coates - California, USA - michael.coates(at)owasp.org
- Tobias Gondrom Hong Kong - tobias.gondrom(at)owasp.org
- Tom Brennan New Jersey, USA - tomb(at)owasp.org
OWASP Board Elections
2016 Election
2015 Election
2014 Election
2013 Election
2012 Election
2011 Election
2009 Election
- Teleconference Information: **CHECK MEETING INFORMATION**
- Board Meeting Attendance Tracking
- Meeting Template found here
Upcoming 2016 Meetings
- April 20, 2016, 16:00-17:00 PDT - TimeZone Converter
- May 18, 2016, 07:00-08:30 PDT - TimeZone Converter
- July 1, 2016, 18:00-21:00 CEST, in Rome at AppSecEU - TimeZone Converter
- July 27, 2016, 07:00-08:00 PDT - TimeZone Converter
- August 24, 2016, 16:00-17:00 PDT - TimeZone Converter
- September 21, 2016 07:00-08:30 PDT - TimeZone Converter
- October 14, 2016, at AppSecUSA 18:00 - 21:00 EDT - TimeZone Converter
- November 9, 2016, 15:00-16:30 PST - TimeZone Converter
- November 30, 2016, 15:00-16:30 PST - placeholder only optional if needed - TimeZone Converter
- December 14, 2016, 15:00-16:30 PST - TimeZone Converter
Past 2016 Meetings
- March 16, 2016, 16:00-17:00 PST - TimeZone Converter
- February 17, 2016, 15:00-16:30 PST - TimeZone Converter
- January 13, 2016, 16:00-17:30 PST - TimeZone Converter
ByLaws
Conflict of Interest Policy and Signed Conflict Statements
Weekly Board/Staff Communication Documents
OWASP Board Calendar
Best practices
Note: these best practices are merely a collection of procedures deemed good process for a board. They are not binding and have not been voted on or ratified by the board to this date. Online: http://www.rulesonline.com/rror--00.htm
Best Practices for Board conduct:
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
- That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
- A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
- After the motion has been seconded the board may discuss the issue and / or vote on it.
A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
- In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
- In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.
Historical Board Members by Year
Past OWASP Boards
Archive for 2015 Meetings
- December 9, 2015, 15:00-17:00 PST
- November 18, 2015, 14:00-15:30 PST
- November 4, 2015, 12:00-13:30 PST
- October 14, 2015, 14:00-15:00 PDT
- September 25, 2015 at AppSecUSA 18:00 - 20:00 PST
- August 12, 2015, 16:00-17:00 PST
- July 22, 2015, 14:00-15:00 PDT
- June 24, 2015, 14:00-15:00 PDT
- May 22, 2015, 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
- April 29, 2015, 12:00-13:00 PST
- March 25, 2015, 12:00-13:00 PST
- February 11, 2015, 16:00-17:00 PST
- January 14, 2015, 9am-10am PST
Archive for 2014 Meetings
- December 10, 2014, 9am-10am PST
- November 12, 2014, 9am - 10am PST
- October 8, 2014, 9am-10am PST
- September 16, 2014, 6pm - 9pm MST, In person at Appsec USA
- August 13, 2014, 9am-10am PST
- July 9, 2014, 9am-10am PST
- June 27, 2014, 8am - 4 pm BST, In person at AppSec Europe
- April 30, 2014,9am - 12pm PST
- March 3, 2014, 7am - 10am PST
- February 24, 2014, 8am - 10am PST
Archive for 2013 Meetings
- December 2, 2013 - Special Board Meeting - 2014 Budget walk through, Q & A (no meeting notes)
- November 22, 2013 - In person meeting at AppSec USA - New York, NY
- November 11, 2013 - cancelled due to in person meeting on Nov. 22
- August 12, 2013 - canceled due to in person meeting on Aug 19
Archive for 2012 Meetings
Board Meeting Attendance Tracking
OWASP Foundation ByLaws
- Nov 26, 2012 - 2013 Budget Focused
- Dec 27, 2012 - 2013 Budget Focused
Archive for 2011 Meetings
Minutes for 2011 Meetings
Archive for 2010 Meetings
- March 2, 2010 Postponed until March 9, 2010
Archive of 2010 Meetings
- OWASP Board Meetings January Agenda
- OWASP Board Meetings February Agenda
- OWASP Board Meetings March Agenda
- OWASP Board Meetings April09 Agenda
- OWASP Board Meetings May09 Agenda
- OWASP Board Meetings June 09 Agenda
- OWASP Board Meeting July 7, 2009 Agenda
- OWASP Board Meeting August 4, 2009 Agenda
- OWASP Board Meeting September 1, 2009 Agenda
- OWASP Board Meeting October 6, 2009 Agenda
- OWASP Board Meeting November 10, 2009 Agenda
- OWASP Board Meeting December 1, 2009 Agenda
Archive of 2009 Meetings
- OWASP Board Meetings 01-06-09
- OWASP Board Meetings 02-03-09
- OWASP Board Meetings 03-10-09
- OWASP Board Meetings April 09
- OWASP Board Meetings May 09
- OWASP Board Meetings June 09
- OWASP Board Meeting July 09
- OWASP Board Meeting August 09
- OWASP Board Meeting September 09
- OWASP Board Meeting October 09
- OWASP Board Meeting December 09
Archive for 2008 Meetings
- OWASP Board Meetings March Agenda
- OWASP Board Meetings April Agenda
- OWASP Board Meetings May Agenda
- OWASP Board Meetings June Agenda
- OWASP Board Meetings July Agenda
- OWASP Board Meetings August Agenda
- OWASP Board Meetings September Agenda
- OWASP Board Meetings October Agenda
- OWASP Board Meetings December Agenda
Archive of 2008 Meetings
First suggested priority of Board from Paul
- What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
- Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.
Projects Ideas
- Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
- New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
- Project Summit support & funding
- International Chapter / Region support & funding for projects
- Hire full or part time technical writer to help with project (from Simon, flagship project lead)
- a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea https://whispersystems.org/blog/bithub/). I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
- help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
- make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
- project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
- get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
- conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
- "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
- continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)
Training
- Training is OK now....but what do we want to do here? Business as usual?
- Update current project level training docs, or
- Begin some form of Curriculum for Academic use?
Advocacy
- Liaison with other Orgs
- ID those Developer groups and go to their conferences & meetings
- ...just a few, but caution is to approach 1-2 at a time and get an outcome
- Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
- Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
- Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.
Community Portals
- Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
- Focused WG to take action on Wiki Cleanup & ease of use.
- Consider funding larger wiki cleanup and migration effort (Jim)
Marketing
- General PR & Marketing the OWASP Story - Promote ourselves more!
- Crank up a Recruiting program - Both Corporate & Individual.