This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

September 19, 2017

Revision as of 18:11, 19 September 2017 by Matt Konda (talk | contribs)

Jump to: navigation, search

Meeting Location:


International Toll Free Calling Information

AGENDA This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

CHANGES TO THE AGENDA (Open to anyone including members of the public)

- Approval of prior Prior Meeting Minutes


OWASP Foundation is managed by the Operations Director who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the back office team. A link to the monthly operational report can be found here: REPORT

Finance Report

From Tom Pappas:

"Attached please find the preliminary (due to Dev Summit 2017 not completely closed out yet) OWASP Combined (Converted to USD for all reports) financial pkg for July 2017 which represents financial performance through seven months of 2017.  I have used the approved version of the Budget for a comparison.  Matt T for the Board call I have attached a pdf of the Board summary and the Balance Sheet Summary which you can put up on the wiki, as the full fin pkg have quite a few tabs that are used for internal tracking only.

Here is a summary of the Activity YTD. All amounts are combined with the EU and converted to USD in these reports:   

Income Statement: 

Revenue:  On an accrual basis, total revenue YTD through Jul 2017 was $1.423.8 million as compared to a plan of $1,196 million.  The results are a $227.7K ahead of plan as of 7.31.17, due primarily to AppSec Cali being over vs AppSec EU being under budget. 

Expenses:   Total spending YTD was over plan by $50.1K due the Over Spending on Conference and Chapters offset by underspending in Community outreach (Marketing), Professional services (No Wiki proj spending) and Grant expense.

Net Income/Loss:  YTD on a combined Accrual basis we are at a loss of $252.9K vs a budgeted LOSS of $430.6K for a net gain to the budget of $177.6K.  I want to add some caution here as AppSec EU 2017 was about $57K under budget.  We also, more than ever need AppSec 2017 US to be a success (meet or exceed Bud of $585K net income or the total 2017 budgeted loss of $235K will be more, though it is not looking like we will achieve this) and we just agreed to $45K for the ED search so we need to continue to monitor revenue and spending VERY closely as we move throughout the rest of 2017.  

Chapter Funds: On an accrual basis, as of 7.31.17 The US Bal is $758.5K, while down a couple of thousand dollars from last month is still a large draw on funds.  This is an issue that is only going to magnify as our events continue to be successful.  Chapter balances will continue to grow to a point where they exceed the amount of cash OWASP has on hand in its Bank accounts, which could happen as soon Aug 2017.  Also, the EU Ch was up a couple of thousand dollars at $74.8K balance.  I also ran the Proj balances and they are now Combined at $114.4K vs the $95K at the end of June.


About AppSec EU 2017, I am told there are a few minor stragglers for minor bills to fully close it out in Aug 17 but as of now please review the AppSec EU 2017 tab, as we were about $84K under in revenue and $27K Under in expense (if no more come in) which takes us to <$57K> in Net income, which is being offset by other events such as AppSec Cali.  As noted in previous months not sure that will continue, so Spending should still be monitored and we need to have AppSec US in Sept meet or exceed the budget of $585K Net income.

There are a couple of points I want to highlight.  The first is about cash while we had almost $1.7 million in the bank and if we add in half of the Open AR of $172K the Balance would be $1.872 million and to be conservative the balance would be and there are between accounts payable, Credit Card chgs and VAT payable for the Italian event in 2016 over $460K, which takes cash down to about $1.24 Million.  So while not a true cash flow issue, yet, if you take out the Ch balance of $833K and the Proj balance of $115K it leaves us with just about $292K of liquid cash and couple that with half the open AR of $172K we have $464K of operational reserves.  I just want to keep this on EVERYONE’s radar as we move forward.  This leaves our Operating cash reserve at 2.6 months and add in half the open AR it takes us to just over 4 months, again this need to continue to be monitored closely.

[Update to previous paragraph] " I am sending this to you as in taking another look at the numbers this morning, I noticed I had not factored in the $213K of OWASP EU payables into the Reserve calculation when I sent this last night.  This now takes the Oper reserve to less than one month, when the AP, Proj and Chapter balances are removed from the cash balance.  If we add back in half of the open AR balance ( this is a conservative estimate) then the reserve goes up to about 3 months.  So while we do not have a true cash issue, with $1.675 million in the bank at the end of July, the CH and Proj balances have now almost eclipsed the Oper funds, which has been a noted concern for a while now.  I have made the adjustment to the narrative below as well.  Again sorry for any confusion.  "

With regard to Accounts Receivable the US balance is $275K and the EU balance is another $69K.  We have started and are seeing success in following up on the invoices we have created, however will need assistance as any invoices created prior to 6.30.17 do not seem to have contact info, specifically email addresses in Quickbooks so we are working on putting a list together.  Also in conversation with a Ch leader they are offering if we give them a list of open AR by Ch they will follow up as some of these invoices are funds earmarked for them."



[Martin] For Vote:
1. Approve the OWASP Summit 2018 venue contract (see email Seba
2. Recognize the OWASP Summit 2018 as a global event with equal staff support as for a Global AppSec conference
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers

[Andrew] For discussion

  1. Chapter and project balances - We can't put off finance reform any longer, we need to make changes to the way projects and chapters are funded
  2. Operational reserves - How do we get back to six months of operational reserves
  3. Accounts receivable - need to work on getting aged receivables fixed

[Matt T] For Vote:

Clarification/modification of change approved in the August 9th Board Meeting to handle minor payables

Modification: The original proposal removed the board approval from specific types of reimbursements and payables. However, the intent of the change (streamlining payments) was blocked by the need for board members (Chairman or Treasurer) to "release" the funds from the US bank account. The proposed modification would allow for the release of funds from the US bank for any of the specific reimbursement categories below. As we are currently doing, the details of all payables will be sent to the board during the bi-monthly payment batches so the board is apprised of all payables regardless of the categories below.

Previous wording from the August meeting is below for reference. Changes to the original text are underlined.

{previous proposal start}

  • Proposed: Adjust approval processes to meet operational needs as outlined below. [Matt Tesauro] Also supported by Matt Konda.
    • Remove board approval and funds release for any expense that meets any one of the criteria below
      • Reimbursement from chapter/project funds which have a sufficient balance capped at $10k
      • Routine expenses who already have budget allocated e.x. mobile phone bill capped at $10k
      • Expenses under $10k which O&A Committee have approved and are already budgeted
      • Payroll expenses that
        • Are the same as the past month’s salary (e.g. same as always) since
          • For salaried staff, payroll expense is fixed
          • For hourly staff, hours will be approved by Matt Tesauro
        • Treasurer will review all salary payments on at least a quarterly basis
      • Board must approve any changes to payroll outside the above conditions

Since the board has already voted for budgeted, normal expenses and we WANT the community to spend down any chapter/project funds, I don't see benefit in the board re-approving the actual pend on the categories above.

Benefit: Allow payables to be handled more efficiently and in a stream-lined fashion for routine and already budgeted items so that the board is removed from day-to-day operational issues.

{previous proposal end}

  • Proposal to host 2018 AppSecUSA in San Jose.
  • 2018 Budget Discussion

2018 AppSecEU and AppSecUSA Locations

Board Votes vs. YTD Actions