This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

August 23, 2016

Revision as of 19:09, 20 September 2016 by KateHartmann (talk | contribs) (Notice of Recording)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


  • Date/Time: August,23 2016/6pm-7:30pm CST


Teleconference Information:

International Toll Free Calling Information

Attendance Tracker

Board Meeting Attendance Tracker

Notice of Recording

  • Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
  • Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
  • Meeting Recording

Meeting Minutes

- July 27, 2016 Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

  • July financial package
- File:2016 07 OWASP July Financial Report submitted 8.18.16.xlsx
- File:7.16 YTD US P&L vs Bud.pdf
- File:7.16 US BS.pdf
- File:7.16 APSEC EU P&L.pdf

Meeting Agenda

Call to Order /OWASP Mission

  • Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)


Chair's Report - Matt Konda

  • Staff OKR
  • Staff meetings
  • Bill payments / Taxes / Contract Approvals (Many)
  • Thinking size and growing the sponsor space for AppSecUSA
  • Pursuing software dev companies to be sponsors, connecting recruiting arms to recruiting event
  • AppSecUSA Developer Summit

Vice Chair's Report - Josh Sokol

  • I've got nothing major to report here so let's save the time for some of the bigger discussions that we need to have.

Treasurer Report - Andrew van der Stock

Tom Pappas reports:

  • The combined P&L vs Bud is $59K ahead of bud for Net income YTD ( US + EU $17K vs Bud of -$42K for a plus $59K YTD)
  • As of the end of July 2016, we had combined cash balances of $1,073,853 (which does not include the $225,582 Paypal transfer on 8.15.16 for APSEC EU) which a little more than $90K less than the combined balance at this time last year of $1,164,156. However if the Paypal transfer had taken place on time in July that would have added another $225K so we would have been $135K ahead year over year.
  • Chapter balances decreased over $7K from $728.9K in June to $721.8K
  • When that is taken out of the cash balance it leaves us with $352K ( again had the $225K come in on time the Oper bal would have been $577K) vs the $407K we had at the end of June 2016, and dividing that by the Avg Ops spend it gives us 3.99 months( which is below the 4.56 months, at 6.30.16, but again had the $225K come in on time, it would have been 6.56 months), of Ops reserve exclusive of the event expenses, which is much better than the 2.85 months we had at the end of May
  • In the Cash forecast I have made some notations in red as the Budget is for the combined entity so I have added in the APSEC EU Revenue and expense as well as I have added a tab for the APSEC EU P&L as of 7.31.16
  • I have also added tabs for YTD P&L and BS details in both of the Close pkgs
  • In addition I have included PDF’s to be put up on the web site of the BS , P&L and APSEC P&L [added in financial reports below - ajv]"

At the moment, things are both good and concerning:

Good - we have $225k USD more than we thought by regaining access to our PayPal account, sweeping funds from AppSec EU into our bank account during August. This will be reflected in August's numbers, which are due in our October face to face Board meeting. This makes a decision around hiring a replacement Executive Director possible. I personally would be comfortable if we spend a great deal of time finding the right person, and hiring towards the end of the year to make sure we understand where AppSec USA settles. Which leads me to...

Concerning - AppSec USA training is off target due to a website error that stops people registering (!), and as of last week we are behind all conferences but 2012's, which is just not where we need to be, as we budgetted for a larger conference, and booked accordingly. We will get an update from Laura during the Board meeting, and hopefully we can take sufficient corrective action to turn a (hopefully large) profit this time around.

I'm also heartened that for the first time in a long time, chapters are spending more than they take in. However, we have had several issues with chapters asking for all sorts of payments, such as one chapter who had nothing in their chapter funds. I approved that expense this one time, but I've asked Tiffany to keep on top of these expenses as we are not a cash piñata to be tapped with a stick every time someone wants money. Additionally, I've been watching chapters looking to pay expenses. One area for improvement is that we should ask all chapters who submit expenses that they are branded only as OWASP, and not a combined meeting (like "Cyber security meetup" or "ISSA and OWASP meetup"). We can address individual chapters who do have combined meetings as a proper co-marketing arrangement, so that OWASP contributes as much as all the other involved organisations.

Chapters - Michael Coates

Financial information

  • July financial package
- File:2016 07 OWASP July Financial Report submitted 8.18.16.xlsx
- File:7.16 YTD US P&L vs Bud.pdf
- File:7.16 US BS.pdf
- File:7.16 APSEC EU P&L.pdf

Secretary Report -Tobias Gondrom

Governance report

Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom

  • Coates - Chapters
  • Carter - Governance
  • Brennan - Projects

Staff Reports

Old Business

All active board proposals are listed here

  • Co-Marketing Agreements with other conferences
  • Motion to invest a portion of unused funds in a ladder CD arrangement
  • Motion to approve changes to FY17 membership rates
  • Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
  • Motion to create an OWASP open training platform

New Business

  • AppSec USA - Update from Laura

Please go over the last status update from Laura in the reading material, and see for yourselves where we are at in terms of registrations. This last week, registrants paying for their tickets couldn't register for training. Now, I only see 9 training classes, which considering the outstanding success of training profitability in AppSec EU, is going to result in a disappointing profitability for this event. I would like to understand our status as of today, what we can do to fix the registration issue for those 260+ who bought a ticket, but couldn't buy training classes, what we can do to promote the event, and what assistance we can provide the organisers to make this a great event.

  • [Johanna Curiel] Discussion on the Sooryen report

Does it comply with it was requested and next steps with regards the wiki and OWASP content

  • Projects, Funding and Iran - Matt Tesauro & Claudia Casanovas

We have several projects with leaders or co-leaders located in Iran. This makes funding those projects problematic due to the OWASP Foundation being a US charity and the economic sanctions imposed by the US. For background, see the US Dept of State Iran Sanction site. Details of the projects in question are in the Projects Report for this month, slide 5. Since any funding of activities in Iran represents a risk to the Foundation, the staff is asking for the board to determine how the Foundation will interact with any community members or project leaders which are located in Iran.

Action Items



Motion to close meeting