This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "February 17, 2016"

From OWASP
Jump to: navigation, search
m (Time)
(Meeting Minutes)
 
(50 intermediate revisions by 11 users not shown)
Line 4: Line 4:
 
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
 
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
 
* [https://www.dropbox.com/s/9v88xcox5rb6pkc/2016-01-13%2016.09%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 13 January 2016 OWASP Board Meeting]
 
* [https://www.dropbox.com/s/9v88xcox5rb6pkc/2016-01-13%2016.09%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 13 January 2016 OWASP Board Meeting]
 +
* [https://www.dropbox.com/s/rksh4zr5sf6z2un/2016-02-17%2015.02%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 17 February 2016 OWASP Board Meeting]
  
 
===Time===
 
===Time===
Line 20: Line 21:
  
 
=== Meeting Minutes===
 
=== Meeting Minutes===
* TODO
+
 
 +
* [https://docs.google.com/document/d/1NgJB0B98pP2-THUMks0fNf_yZmGsDKs_uCJMsAYuZ-Y/edit Jan.2016 Meeting Minutes for Approval]
 +
* [https://docs.google.com/a/owasp.org/document/d/1J9BZ2DIgItMpajbAaPGzA1HcbkVQ5SKzfLUFDa06H4s/edit?usp=sharing 17 February 2016 Board Meeting Minutes]
  
 
= Reading Material  =
 
= Reading Material  =
 
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''
 
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''
  
 +
1.  [https://docs.google.com/document/d/1PvNeEWgoO1w51VhHLwqqSgo0mBh-RvmSFUKMTz4QrYg/edit?pref=2&pli=1#heading=h.lw77ixr6kxi Proposal from Johanna on OWASP-Project-Review Updates & Incentives]
 +
*  Should Project Task Force be 'relaunched' as Project-Review-Committee with same Committee 2.0 procedures and authority?
 +
*  Some questions in the proposal may be resolved at Committee level, without needing board motion & approval. (P.Ritchie interpretation)
 +
* [https://docs.google.com/document/d/1QPaSEgNOkfOkk8L4X-PDT2WA9ya1E6braN5-JfgEzMQ/edit?usp=sharing  Summary of Questions & response from Johanna dated Feb.10, 2016]
 +
 +
2.  >> READ Staff Status reports below, including Detail Financial Report for 2015 through December 2015 in Excel format.  P&L,  A/R,  A/P, Balance Sheet with cash balances for Foundation & Chapters & Projects
 +
 +
3.[https://www.owasp.org/index.php/Help_Secure_Owasp_assests Help Secure OWASP assets initiative, contributions from volunteers ]
 +
* Which companies or individuals can contribute to help manage Wiki & mailing list with maintenance and patching?
 +
* Status of Bug Bounty management services for projects and other OWAPS assists as the WIKI - through Barter Deals with service providers
 +
 +
4. [https://drive.google.com/file/d/0B4xgbqJzimL4YUtpM0dubEFudXM/view?usp=sharing IT Transformation Discussion paper]
 +
* IT Transformation Discussion paper
  
 
= Meeting Agenda =
 
= Meeting Agenda =
Line 32: Line 48:
  
 
== Actionable Agenda Topics ==
 
== Actionable Agenda Topics ==
 +
* Review, discuss, act on Johanna proposal.  See reading material above.
  
* (10 minutes) Nominate / select 2016 Board Officers including Compliance Officer
+
== Discussion Topics ==
**  Further discussion & action as needed on proposal to change title & responsibilities of At-Large Board members as defined in [https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf Bylaws] to more specific focus areas.
+
* OWASP Infrastructure Transformation. AJV. [https://drive.google.com/file/d/0B4xgbqJzimL4YUtpM0dubEFudXM/view?usp=sharing IT Transformation Discussion paper]
** Election follows simple order of electing per role: 1. Chairman, 2.Vicechair, 3. Treasurer, 4. Secretary, 5. Board-member at large (Chapters), 6. Board-member-at-large (Projects), 7. Board-member-at-large (Governance)
 
** if in the first round no majority can be established for a candidate, there shall be a second voting round between the two leading candidates.
 
* (10 minutes) - TB - [http://lists.owasp.org/pipermail/owasp-leaders/2016-January/015869.html Proposal] to establish (4) Regional Councils per bylaws [https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf article/section 5.02]
 
  
Appoint (10) OWASP Members from each region from Projects/Chapters/Industry
+
* Help Secure OWASP assets : https://www.owasp.org/index.php/Help_Secure_Owasp_assests
Asia-Pacific Security Council (APSC)
 
North America Security Council (NASC)
 
Europe Middle East and Africa Security Council (ESC)
 
Latin America Security Council (LASC)
 
 
 
== Discussion Topics ==
 
* (15 minutes) - [https://docs.google.com/document/d/1LHK6wXJQVrc_NP_gbYy2wpiuNze32XkoIhFVL7V39i0/edit?usp=sharing 2016 Strategic Goals] & Budget.  Review Updates, Approve as needed.
 
** [https://docs.google.com/a/owasp.org/spreadsheets/d/1u7jJ9IxvrvbnWkxeMoYhTnYjRrnoR47PyBA5fsJp3FY/edit?usp=sharing Updated 2016 Budget Draft as of January 12, 2016]
 
* (15 minutes) - Getting the financial fundamentals right - keeping a lid on expenses, understanding our funding envelope (there is no bottomless bucket of cash), and improving income growth AJV
 
* (10 minutes) - Discuss OWASP IT systems, with a view to consolidation and transformation AJV
 
  
 
== Misc. Topics  (10-15 Minutes) ==
 
== Misc. Topics  (10-15 Minutes) ==
* TODO
+
* Temperature on Training + Leader Summit
 +
* Second 5K sponsor package as outlined here:  https://docs.google.com/document/d/1NG8C27_RuNmwfTnrUE_-gB5IyHlmTYo1lv-CTXo25p8/edit
  
 
==Old Business==
 
==Old Business==
 
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
 
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* TODO
+
 
 +
* Matt K:  Action / Update on search for OWASP Compliance officer
 +
 
 +
* Paul R:  Action - Need clarification.  Under financial proposal #3 & 4.  Do 'Projects' require 2 leaders, or just 1 leader and 1 other active participant?  Various emails recommend the latter.  Staff recommends 1 leader plus 1 active participant for definition of active project.
 +
**  See Oct. 14, 2015 Votes here.  https://www.owasp.org/index.php/OWASP_Board_Votes
 +
 
 +
**  Chapters are being managed with a 2 leader requirement.
  
 
==New Business==
 
==New Business==
 
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
 
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [name of person adding topic] - topic
+
* See Johanna new Project Review proposal above.
** [vote needed | discussion topic]
 
 
 
  
 
== Action Item Follow-Up ==
 
== Action Item Follow-Up ==
* TODO
+
* [https://docs.google.com/spreadsheets/d/1LtYN2QSCUBSM53_M0HGAISqiGiXbxO9k8LXv2ZoIVgQ/edit?usp=sharing  2016 Action Item Status from Past BoD Meetings]
 +
** This is new excel sheet showing AI as either OPEN or Closed with status for monthly Board reporting
  
 
== Reports ==
 
== Reports ==
=== Chairmain's Report - Tobias Gondrom ===
+
=== Chairmain's Report - Matt Konda ===
*TODO
+
* Identified compliance team.  (Fiona, Bil, Richard)
 +
*  ED annual review underway.  (Feedback solicited, reviewing materials)
 +
*  Handoff from Tobias.
 +
*  Financials call with Andrew and Virtual
 +
*  Talked to 6 potential sponsors.
 +
*  Participated in Project call.
 +
*  Wrote sponsor letter for AppSecEU
 +
*  Discussion with Kate about Training + Leader Summit and software sponsor tier.
 +
*  Weekly one on one call.
 +
Detail here:  https://trello.com/b/YWY4pf8I/global-board
 +
 
 
=== Vice Chairmain's Report - Josh Sokol ===
 
=== Vice Chairmain's Report - Josh Sokol ===
 
*TODO
 
*TODO
=== Treasurer Report - Fabio Cerullo (Interim, until new Treasurer selected) ===
+
=== Treasurer Report - Andrew van der Stock ===
*TODO
+
 
=== Secretary Report - Matt Konda ===
+
I have had a kick off meeting with Paul, Alison, Matt, and Tom Pappas (our CFO) from Virtual to discuss a financial handover.
 +
 
 +
This meeting went well, and filled in a number of gaps for me. The main action items from my point of view are:
 +
 
 +
* Establishing an OWASP archive for our financial and other corporate records that is accessible by Alison so we don't lose the lot if something happened to Alison's residence or computer. This applies primarily to our old records, which we need to keep for 7 years, but aren't necessarily used daily.
 +
* Ensuring that our FY15 year is closed out and our annual report is ready on time. This seems to be in hand, but I will keep on eye on things.
 +
* Paul is considering moving our accounts to a better financial institution as our current one requires us to use yet another payment service. This should improve our visibility of bills and make reconciliation easier. I support this move, as it should improve our transparency and reduce costs. 
 +
* Once we have final reconciliation and the FY15 books are closed, I will ask my wife (a CPA) to look over the records to ensure things are okay.
 +
 
 +
Additionally, I asked about a line of credit that I heard was being established. Apparently there is something happening here. My main concern is that it shows up on the books so we can make sure we don't get into trouble by using it for operational expenditure unnecessarily. I understand the need for it, but we could easily get into trouble if we are paying bills on credit without a supporting income.
 +
 
 +
=== Secretary Report - Jim Manico ===
 
*TODO
 
*TODO
=== Updated from Members at Large - Tom Brennan, Michael Coates, Andrew van der Stock & Jim Manico ===
+
=== Updates from Members at Large ===
 
+
* Michael Coates (Chapters)
 +
** Focus areas for investment into chapters this year include:
 +
*** Chapter Leader Call by region (work with staff)
 +
*** Chapter speaker rating system
 +
*** Centralized chapter speaker recommendation system
  
 
==Reports==
 
==Reports==
* TODO
+
* Executive Director Status Report for 17 Feb 2016  [https://docs.google.com/document/d/131tVN6DamrOat1Io4ez3Nn4nVc_1iekeiEoUGhhTpf4/edit?usp=sharing Exec.Director Status Report - 17Feb2016]
 +
** [https://docs.google.com/spreadsheets/d/1OdiijD2toRgkhIKupbrFMqAEZSBH_NrTxHxkKe7XDzM/edit?usp=sharing  Detail 2015 Financial Report through Dec. 2015 in Excel Format]  Note:  These are PRELIMINARY numbers and will be final once the 2015 Books are officially 'closed' by Accounting firm approx. Mar 1, 2016
 +
* Membership & Business Liaison Report - Kelly Santalucia [https://www.owasp.org/index.php/January_2016_Membership_Report January Membership Report]
 +
**[https://docs.google.com/a/owasp.org/document/d/1GTC7FT1VYGird1gnKXwbziyOAUYDqNkm9HwPHPnXFc4/edit?usp=sharing Strategic Goal #2 Report and CodeMash 2016 update]
 +
* Event Manager Report - Laura Grau [https://www.owasp.org/images/5/5b/February2016ConferenceManagerReport.pdf February Report]
 +
* Operations Report - Kate Hartmann [https://docs.google.com/a/owasp.org/document/d/1gM66GBHD1y_Q3s9x_mz6hGASRhVM8nXQIwnE1TUYYyU/edit?usp=sharing report]
 +
* Project Coordinator Report - Claudia Casanovas [https://docs.google.com/a/owasp.org/presentation/d/1bPsEydCrPZ_Xwm639h2GTjC1V7YCPawCoT-cjVnDEAs/edit?usp=sharing Report]
 +
* Community Manager Report -Noreen Whysel [https://docs.google.com/a/owasp.org/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit?usp=docslist_api Report]
 +
* IT Update from Matt T.
 +
** MediaWiki has been updated 3 times since AppSec USA 2015 (Sept. 2015)
 +
** Upgrade to Mailman 3.0 & server delayed due to Website demands from CalifAppSec Team 'emergency',  AppSec USA & AppSec EU website builds.
 +
** Some dead and inactive email lists cleaned out.  Generally low priority re: other demands.
 +
** 10 hours /month is completely too little for demands from Community, especially for breakage & repair after Matt sets items up for community use. (Matt has details & examples)
 +
**  Net, net Paul now working with staff and Matt T to define how to add resource with 'Matt level access' to cover more common community support needs, vs. Infrastructure/domain/server admin to remain with Matt T. 
  
 
=== Community Initiative Reports  ===
 
=== Community Initiative Reports  ===
Line 89: Line 137:
  
 
==Adjournment==
 
==Adjournment==
* Next meeting date/time:  
+
* Willing to shift to March 15?
 +
* Next meeting date/time: [[March 16, 2016]], 16:00-17:00 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152  TimeZone Converter ]
  
 
==Motion to close meeting==
 
==Motion to close meeting==

Latest revision as of 17:15, 18 February 2016

Dial In Info

Notice of Recording

Time

Location

Teleconference Information:

https://www3.gotomeeting.com/join/861328838

International Toll Free Calling Information

Attendance Tracker

Board Meeting Attendance Tracker

Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

1. Proposal from Johanna on OWASP-Project-Review Updates & Incentives

  • Should Project Task Force be 'relaunched' as Project-Review-Committee with same Committee 2.0 procedures and authority?
  • Some questions in the proposal may be resolved at Committee level, without needing board motion & approval. (P.Ritchie interpretation)
  • Summary of Questions & response from Johanna dated Feb.10, 2016

2. >> READ Staff Status reports below, including Detail Financial Report for 2015 through December 2015 in Excel format. P&L, A/R, A/P, Balance Sheet with cash balances for Foundation & Chapters & Projects

3.Help Secure OWASP assets initiative, contributions from volunteers

  • Which companies or individuals can contribute to help manage Wiki & mailing list with maintenance and patching?
  • Status of Bug Bounty management services for projects and other OWAPS assists as the WIKI - through Barter Deals with service providers

4. IT Transformation Discussion paper

  • IT Transformation Discussion paper

Meeting Agenda

Call to Order /OWASP Mission

Open Meeting - Start Recording, List attendees and Agenda update (only if last-minute changes are needed) (5 min)

  • Approve minutes from January 13, 2016.

Actionable Agenda Topics

  • Review, discuss, act on Johanna proposal. See reading material above.

Discussion Topics

Misc. Topics (10-15 Minutes)

Old Business

All active board proposals are listed here

  • Matt K: Action / Update on search for OWASP Compliance officer
  • Paul R: Action - Need clarification. Under financial proposal #3 & 4. Do 'Projects' require 2 leaders, or just 1 leader and 1 other active participant? Various emails recommend the latter. Staff recommends 1 leader plus 1 active participant for definition of active project.
    • Chapters are being managed with a 2 leader requirement.

New Business

All active board proposals are listed here

  • See Johanna new Project Review proposal above.

Action Item Follow-Up

Reports

Chairmain's Report - Matt Konda

  • Identified compliance team. (Fiona, Bil, Richard)
  • ED annual review underway. (Feedback solicited, reviewing materials)
  • Handoff from Tobias.
  • Financials call with Andrew and Virtual
  • Talked to 6 potential sponsors.
  • Participated in Project call.
  • Wrote sponsor letter for AppSecEU
  • Discussion with Kate about Training + Leader Summit and software sponsor tier.
  • Weekly one on one call.

Detail here: https://trello.com/b/YWY4pf8I/global-board

Vice Chairmain's Report - Josh Sokol

  • TODO

Treasurer Report - Andrew van der Stock

I have had a kick off meeting with Paul, Alison, Matt, and Tom Pappas (our CFO) from Virtual to discuss a financial handover.

This meeting went well, and filled in a number of gaps for me. The main action items from my point of view are:

  • Establishing an OWASP archive for our financial and other corporate records that is accessible by Alison so we don't lose the lot if something happened to Alison's residence or computer. This applies primarily to our old records, which we need to keep for 7 years, but aren't necessarily used daily.
  • Ensuring that our FY15 year is closed out and our annual report is ready on time. This seems to be in hand, but I will keep on eye on things.
  • Paul is considering moving our accounts to a better financial institution as our current one requires us to use yet another payment service. This should improve our visibility of bills and make reconciliation easier. I support this move, as it should improve our transparency and reduce costs.
  • Once we have final reconciliation and the FY15 books are closed, I will ask my wife (a CPA) to look over the records to ensure things are okay.

Additionally, I asked about a line of credit that I heard was being established. Apparently there is something happening here. My main concern is that it shows up on the books so we can make sure we don't get into trouble by using it for operational expenditure unnecessarily. I understand the need for it, but we could easily get into trouble if we are paying bills on credit without a supporting income.

Secretary Report - Jim Manico

  • TODO

Updates from Members at Large

  • Michael Coates (Chapters)
    • Focus areas for investment into chapters this year include:
      • Chapter Leader Call by region (work with staff)
      • Chapter speaker rating system
      • Centralized chapter speaker recommendation system

Reports

  • Executive Director Status Report for 17 Feb 2016 Exec.Director Status Report - 17Feb2016
  • Membership & Business Liaison Report - Kelly Santalucia January Membership Report
  • Event Manager Report - Laura Grau February Report
  • Operations Report - Kate Hartmann report
  • Project Coordinator Report - Claudia Casanovas Report
  • Community Manager Report -Noreen Whysel Report
  • IT Update from Matt T.
    • MediaWiki has been updated 3 times since AppSec USA 2015 (Sept. 2015)
    • Upgrade to Mailman 3.0 & server delayed due to Website demands from CalifAppSec Team 'emergency', AppSec USA & AppSec EU website builds.
    • Some dead and inactive email lists cleaned out. Generally low priority re: other demands.
    • 10 hours /month is completely too little for demands from Community, especially for breakage & repair after Matt sets items up for community use. (Matt has details & examples)
    • Net, net Paul now working with staff and Matt T to define how to add resource with 'Matt level access' to cover more common community support needs, vs. Infrastructure/domain/server admin to remain with Matt T.

Community Initiative Reports

  • TODO

Announcements

  • TODO

Adjournment

Motion to close meeting