This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
April 20, 2016
Dial In Info
Notice of Recording
- Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
- Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
- Meeting Recording
Time
- April 20, 2016, 16:00-17:00 PDT - TimeZone Converter
Location
Teleconference Information:
https://www3.gotomeeting.com/join/861328838
International Toll Free Calling Information
Attendance Tracker
Board Meeting Attendance Tracker
Meeting Minutes
April 20, 2016 Meeting Minutes: https://docs.google.com/document/d/1iCSz7o7twwh-Rqhab7V8bI8XveZXbn8goe6qv8ita2U
March 16, 2016 Meeting Minutes: https://docs.google.com/document/d/1xGrNduAoAf2cZ9Xgup431SbZw-qjL5JZqukHIfWTyBI
Reading Material
It is a requirement as a board member to fully read all material prior to the start of the meeting
Meeting Agenda
Call to Order /OWASP Mission
- Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)
Reports
Chair's Report - Matt Konda
- Support Operations
- Approval flows (Payroll, large payments)
- Paperwork for termination and leave
- Weekly staff call
- 2-3 check ins with operations director per week.
- Various firefighting around projects, etc.
- Hiring
- Talked to Insperity recruiting for Community Manager and Tech Project Manager
- Talked with Virtual about Interim ED options.
- Working on short term fill for community manager time
- Developer outreach
- Web site assessment support
Vice Chair's Report - Josh Sokol
- Update on Bug Bounty Program
Treasurer Report - Andrew van der Stock
- Financial Package available here:
https://drive.google.com/a/owasp.org/folderview?id=0B4xgbqJzimL4RGtwd2M1cDJxcEU&usp=sharing
I've gone through the February 2016 financial package, which Tom Pappas will step us through. I've asked for clarification on expenses, as there's a lot of untracked expenses. In fact, it seems there's a pattern of behavior from some chapters, which I will do more research over as time goes on. Tom has agreed to add a new page to the P&L financial package to help track expenses directly from Quickbooks. This is shown in the second file. I think this is super helpful in analysing all the outgoings instead of a single line in previous packages.
tl;dr - we're doing well. We are slightly ahead of budget, we have extended our run rate out to 3.45 months, which is 0.7 months better than last month. Tom has noted that our chapter balances continue to grow. At some point we will need to work on what constitutes holding reasonable rainy day funds to achieve the Chapters mission, against both the actual definition of not-for-profit US tax status, as well as the opportunity cost of simply holding that much cash without investing it or doing something else with it.
Our aged receivables continues to grow. I asked Alison to look into it, as we have nearly $90k owing to us right now, and I think spending a few days on the phone to work out if we need more sponsors (i.e. those bills will not be paid), or actually get paid. I haven't seen the results of this yet, so I'll hand over to Alison to see where we are on the aged receivables front. I know ringing people up and asking for money is not a pleasant task, but it's got to be done. If we as a Board know some of these folks, let's leverage our connections to see if we can make it better.
Approvals
Due to ED medical leave of absence, I and Matt K have stepped in. I'm doing most of the approvals, and it seems to be working okay for now. Matt Konda is performing double verification for expenses over $10k, which included:
- $13,875 for AppSec CA 2017 venue deposit. This is the normal time of year for this expense, and AppSec CA always makes a profit, so approved - $10,500 for JavaOne conference sponsorship. Matt K was a second approver for this expense. - $7,500 for Sooryen Consulting for our needs analysis. This falls under the $10k approval limit, but I wanted to call this out as overall, this is half of the overall fee. - $6,532.50 for Fonteva, which apparently is our CRM that sits atop SalesForce. There are significant fees for Fonteva over a 12 month period, so I will hope that all CRMs are wrapped together sooner or later - $6,670 for Virtual management's monthly fee
There are a heap of day to day chapter expenses. One was denied before it got to approval status, probably due to a lack of chapter balance.
Payroll
Payroll approval is in the process of adding Matt Konda and myself as approvers. I have provided my details to be an approver, so OWASP will be able to make payroll this month.
PTO leave entitlements were sent through to Insperity to ensure that two staff on various forms of leave are correctly accounted for.
Secretary Report - Jim Manico
- Dr. Wetter expressed a strong concern about OWASP branding use inside of Germany by a specific company. Suggest moving this complaint to the compliance group.
Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom
Reports
- Executive Director/Operations Update - [link:addme Rollup Report P.Ritchie]
- Financial Update - Monthly & YTD Financials
- Director Update - Kate Hartmann - Rollup report Kate Hartmann Update
- Project Coordinator Update -Claudia Aviles Casanovas Update
- Membership Update - Kelly Santalucia Update
- Conference Manager Report - Laura Grau
- IT Update - [link:addme Matt Tesauro Report]
Community Initiative Reports
Old Business
All active board proposals are listed here
- add items
New Business
All active board proposals are listed here
- Andrew van der Stock - Succession planning. Discussion & Vote [10 minutes]
- vote needed - please see reading material above for the motion
- Tom Brennan - Approval of Corporate Support Logos
- Josh Sokol - OWASP Staff Needs Technical Assistance
- Josh Sokol - Risk Management
- Tom Brennan - Status on OWASP FTE (Executive Session HR)
- April 15th announcement of (2) roles - *New* Senior Technical Coordinator and backfill for Global Community Manager details
Action Items
- MOTION - Fix lack of women keynotes in OWASP conferences
MOTIONS
- IT Motions (Josh Sokol, seconded by Jim Manico)
- Motion 1: Give Matt Tesauro an OWASP Foundation credit card. - He is a former Board member and a trusted staff member of the Foundation. I see no reason why, if that makes his job easier, it shouldn't be. Let's rectify that.
- Motion 2: Approve funding for up to $200/month (good for 50 GB/month) of PaperTrail services. - We all know how important logging is and Matt stated it would make his job easier. This seems like a no brainer.
- Motion 3: Approve funding for $20k worth of part-time/contractor System Administrator resources to aide in managing and securing OWASP's infrastructure.
- MOTION - hire Dawn Aitken for up to 20 hours per week as acting Community Manager until the role is filled. AJV (Executive Session HR)
Announcements
Adjournment
- Next meeting date/time: May 18, 2016, 07:00-08:30 PDT
- TimeZone Converter