This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "September 21, 2016"

From OWASP
Jump to: navigation, search
(Created page with "===Time=== *Date/Time: August,23 2016/6pm-7:30pm CST * [http://www.timeanddate.com/worldclock/converted.html?iso=20160823T18&p1=24&p2=179&p3=224&p4=152&p5=37&p6=37&p7=0 Time...")
 
m
 
(41 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 
===Time===
 
===Time===
*Date/Time:  August,23 2016/6pm-7:30pm CST
+
*Date/Time:  September,21 2016/7am-8:30am PDT
 
+
* [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=09&day=21&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [http://www.timeanddate.com/worldclock/converted.html?iso=20160823T18&p1=24&p2=179&p3=224&p4=152&p5=37&p6=37&p7=0 TimeZone Converter]
 
  
 
===Location===   
 
===Location===   
Line 20: Line 19:
 
*Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
 
*Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
 
*Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
 
*Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
 +
 +
[https://drive.google.com/file/d/0B0yxedKRQADiRWFGZWU0M3JOOG8/view?usp=sharing RECORDING]
  
  
 
=== Meeting Minutes===
 
=== Meeting Minutes===
 
+
::- [https://docs.google.com/a/owasp.org/document/d/1FYKNJlPHbxAqYpInGD4nbxkpcZ8uKWfJvwQcEWmp5n0/edit?usp=sharing August 23, 2016 Meeting Minutes]
 
::- [https://docs.google.com/document/d/1vGtDOkRKD_NcL29p5__etthCePwdLYrXNQOIBpo-gCw/edit July 27, 2016 Meeting Minutes]
 
::- [https://docs.google.com/document/d/1vGtDOkRKD_NcL29p5__etthCePwdLYrXNQOIBpo-gCw/edit July 27, 2016 Meeting Minutes]
  
Line 29: Line 30:
 
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''
 
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''
  
* [https://docs.google.com/document/d/19r7GC5kQPKFCLKts1n8egeGXihicPCoeqFbSPQp-604/edit AppSec USA 2016 Report as of August 16, 2016 (private link available to Board only)]
 
 
* July financial package
 
  
::- [[File:2016_07_OWASP_July_Financial_Report_submitted_8.18.16.xlsx|200px|thumb|left|July 2016 Financial Report]]
+
* Treasurer's report
::- [[File:7.16_YTD_US_P%26L_vs_Bud.pdf|200px|thumb|left|July 2016 Profit & Loss vs Budget]]
+
::- https://drive.google.com/open?id=17kNGo1XSQ7aJyTf67rYZUB-fPr_ZrP__DFKOd0AiSaA
::- [[File:7.16_US_BS.pdf|200px|thumb|left|July 2016 Balance Sheet]]
 
::- [[File:7.16_APSEC_EU_P&L.pdf|thumb|left|AppSec EU Profit and Loss as of July 2016]]
 
  
 
= Meeting Agenda =
 
= Meeting Agenda =
Line 47: Line 43:
 
* Staff meetings
 
* Staff meetings
 
* Bill payments / Contract Approvals (Many)
 
* Bill payments / Contract Approvals (Many)
 +
* Taxes Filed - 2015 $2.48M (2014 $1.6M) - primarily from programs (conferences + training)
 +
* Chair Letter for Annual Report (I caused delay here) and for AppSec
 +
* Redoubled efforts on Glue (DevOps Security Project) - also with revived AppSec Pipeline project (Matt T., Aaron Weaver, Adam Parsons, etc.)
 +
* Working with Dev summit for AppSec.
 +
* Hiring Strategy
 +
* Discussing Partnerships with Media Companies
 +
* Chasing Sponsors
  
 
=== Vice Chair's Report - Josh Sokol ===
 
=== Vice Chair's Report - Josh Sokol ===
Line 53: Line 56:
 
=== Treasurer Report - Andrew van der Stock ===
 
=== Treasurer Report - Andrew van der Stock ===
  
Tom Pappas reports:
+
Treasurer's report for September 2016
 
+
https://drive.google.com/open?id=17kNGo1XSQ7aJyTf67rYZUB-fPr_ZrP__DFKOd0AiSaA
* The combined P&L vs Bud is $59K ahead of bud for Net income YTD ( US + EU $17K vs Bud of -$42K for a plus $59K YTD)
 
* As of the end of July 2016, we had combined cash balances of $1,073,853 (which does not include the $225,582 Paypal transfer on 8.15.16 for APSEC EU)  which a little more than $90K less than the combined balance at this time last year of $1,164,156.  However if the Paypal transfer had taken place on time in July that would have added another $225K so we would have been $135K ahead year over year.
 
* Chapter balances decreased over $7K from  $728.9K in June to $721.8K
 
* When that is taken out of the cash balance it leaves us with $352K ( again had the $225K come in on time the Oper bal would have been $577K)  vs the $407K we had at the end of June 2016, and dividing that by the Avg Ops spend it gives us 3.99 months( which is below the 4.56 months, at 6.30.16, but again had the $225K come in on time, it would have been 6.56 months),  of Ops reserve exclusive of the event expenses, which is much better than the 2.85 months we had at the end of May
 
* In the Cash forecast I have made some notations in red as the Budget is for the combined entity so I have added in the APSEC EU Revenue and expense as well as I have added a tab for the APSEC EU P&L as of 7.31.16
 
* I have also added tabs for YTD P&L and BS details in both of the Close pkgs
 
* In addition I have included PDF’s to be put up on the web site of the BS , P&L and APSEC P&L [added in financial reports below - ajv]"
 
 
At the moment, things are both good and concerning:
 
 
 
'''Good''' - we have $225k USD more than we thought by regaining access to our PayPal account, sweeping funds from AppSec EU into our bank account during August. This will be reflected in August's numbers, which are due in our October face to face Board meeting. This makes a decision around hiring a replacement Executive Director possible. I personally would be comfortable if we spend a great deal of time finding the right person, and hiring towards the end of the year to make sure we understand where AppSec USA settles. Which leads me to...
 
 
 
'''Concerning''' - AppSec USA training is off target due to a website error that stops people registering (!), and as of last week we are behind all conferences but 2012's, which is just not where we need to be, as we budgetted for a larger conference, and booked accordingly. We will get an update from Laura during the Board meeting, and hopefully we can take sufficient corrective action to turn a (hopefully large) profit this time around.  
 
 
 
I'm also heartened that for the first time in a long time, chapters are spending more than they take in. However, we have had several issues with chapters asking for all sorts of payments, such as one chapter who had nothing in their chapter funds. I approved that expense this one time, but I've asked Tiffany to keep on top of these expenses as we are not a cash piñata to be tapped with a stick every time someone wants money. Additionally, I've been watching chapters looking to pay expenses. One area for improvement is that we should ask all chapters who submit expenses that they are branded only as OWASP, and not a combined meeting (like "Cyber security meetup" or "ISSA and OWASP meetup"). We can address individual chapters who do have combined meetings as a proper co-marketing arrangement, so that OWASP contributes as much as all the other involved organisations.
 
 
 
=== Chapters - Michael Coates ===
 
  
== Financial information ==
+
*August Financial Package
  
* July financial package
+
[https://docs.google.com/a/owasp.org/spreadsheets/d/13K1EkF8S43oMfgTuwoAIWi_MZfV7n56HVDlmNl4ukRc/edit?usp=sharing AUGUST 2016 FINANCIAL REPORT]
  
::- [[File:2016_07_OWASP_July_Financial_Report_submitted_8.18.16.xlsx|200px|thumb|left|July 2016 Financial Report]]
+
[https://docs.google.com/a/owasp.org/document/d/1wEgY1uSZq0imAElCZ0Lny2mFcNOEczFI-ef1zXBcxg0/edit?usp=sharing Financial Analysis]
::- [[File:7.16_YTD_US_P%26L_vs_Bud.pdf|200px|thumb|left|July 2016 Profit & Loss vs Budget]]
 
::- [[File:7.16_US_BS.pdf|200px|thumb|left|July 2016 Balance Sheet]]
 
::- [[File:7.16_APSEC_EU_P&L.pdf|thumb|left|AppSec EU Profit and Loss as of July 2016]]
 
  
 
=== Secretary Report -Tobias Gondrom ===
 
=== Secretary Report -Tobias Gondrom ===
 
=== Governance report ===
 
  
  
Line 96: Line 77:
  
 
==Staff Reports==
 
==Staff Reports==
* Director/Operations Update (Kate) - TBA
+
** [https://docs.google.com/a/owasp.org/document/d/1DKlYVFrzpAjoP1Vb7ABaCbCK2kVoVx768TYWAK_rugc/edit?usp=sharing Director/Operations Update] - Kate
** Financial Update - Andrew/Tom - See above
+
** [https://docs.google.com/a/owasp.org/spreadsheets/d/13K1EkF8S43oMfgTuwoAIWi_MZfV7n56HVDlmNl4ukRc/edit?usp=sharing Financial Update - Andrew/Tom - See above]
** [https://docs.google.com/a/owasp.org/document/d/195QybBHpWhYxXQ5Q6ydAN08AQr-qaGVKZWYyXaUmktU/edit?usp=sharing Conference Manager Report] - Laura Grau
+
** [https://docs.google.com/a/owasp.org/document/d/1MrFEz71qJbRHrA-KYONDfmEoyhvmyXLHT_sRsN-sk0k/edit?usp=sharing Conference Manager Report] - Laura Grau
** [https://docs.google.com/a/owasp.org/presentation/d/16III5sOo06KLyjdG2HEa7cA8hOSf9SKsuWbzbgD467s/edit?usp=sharing Project Coordinator Update] - Claudia Casanovas & Matt Tesauro  
+
** [https://docs.google.com/a/owasp.org/presentation/d/1K14kQrRS_u-1VEcO1dDMd5XxIRurV-e2kojSr_eJ2Ic/edit?usp=sharingProject Coordinator Update] - Claudia Casanovas & Matt Tesauro  
 
** [https://docs.google.com/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit Community Initiative Reports] - Tiffany Long - TBA
 
** [https://docs.google.com/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit Community Initiative Reports] - Tiffany Long - TBA
** [https://www.owasp.org/index.php/July_2016_Membership_Report Membership Update] - Kelly Santalucia  
+
** [https://www.owasp.org/index.php/August_2016_Membership_Report Membership Report] - Kelly Santalucia
** IT Update - TBA - TBA
 
  
 
==Old Business==
 
==Old Business==
Line 108: Line 88:
 
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
 
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
  
* Co-Marketing Agreements with other conferences
+
* Motion to invest a portion of unused funds in a ladder CD arrangement (Andrew - Deferred to DC)
::- https://www.owasp.org/index.php/Owasp_Conference_Management_System
 
::- https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
 
 
 
* Motion to invest a portion of unused funds in a ladder CD arrangement
 
 
::- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#
 
::- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#
  
* Motion to approve changes to FY17 membership rates
+
* Motion to approve changes to FY17 membership rates (Andrew)
 
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing
 
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing
  
* Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
+
==New Business==
::- https://docs.google.com/a/owasp.org/document/d/1GTcff47NFDgFCnnFTvaEehdecc-TU2PWjAqc9x470Vw/edit?usp=sharing
+
 
 +
* OWASP / [https://csaw.engineering.nyu.edu/ NYU University, CSAW] Co-Marketing Agreement 12k - Motion for Vote for Funding (Tom)
 +
**  CSAW'16 Bronze Level Sponsorship - $12,000
 +
**  Judging opportunity at NYU Tandon CSAW (Nov. 11) and at NYU Abu Dhabi CSAW
 +
**  OWASP branded Travel Award (OWASP funding supports the travel for US Capture the Flag finalists)
 +
**  OWASP collaboration with OSIRIS Lab students on open-source projects in the 16/17 academic year
 +
**  OWASP membership materials included in the CSAW conference bag (NYU Tandon)
 +
**  OWASP table at CSAW Industry Fair (NYU Tandon)
 +
**  OWASP logo on CSAW global website, US conference materials and signage
 +
**  Public recognition at Awards Ceremony
 +
**  4 free tickets to the Security Open Source Workshop (NYU Tandon, Nov. 10)
 +
 
 +
* WEBSITE Project
 +
 
 +
[https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus/website_project Status Report] (Tom)
  
* Motion to create an OWASP open training platform
+
* Projects and external funding - interpretation
::- https://docs.google.com/document/d/1dZ-6eJyNj5iiTTo9AS5NC77PYwOF0D9aTHz8dmcJGJ0/edit#
 
  
==New Business==
+
Anyone, including OWASP Project Leaders, are able to take OWASP projects and generate revenue for themselves as long as they abide by the license terms of that project.  If a project leader can convince others to pay them for something involving their project that doesn't violate the license, then such activity does not negatively impact their project's standing with the OWASP Foundation.  As long as the project remains Open Source (FLOSS) and healthy per the OWASP Project Handbook, it can remain an OWASP project. It is recommended that the project name not match any external offering to avoid confusion and, in cases where such a external offering is provided, a disclaimer will be placed on the project page.
  
* AppSec USA - Update from Laura
+
Note:  This does not change the long standing policy that OWASP Foundation project funds cannot be spent on the project leader directly (aka pay them directly) but must, instead, be spent on items to enhance the project such as graphic art, editing, travel expenses to a project summit, etc.
  
Please go over the last status update from Laura in the reading material, and see for yourselves where we are at in terms of registrations. This last week, registrants paying for their tickets couldn't register for training. Now, I only see 9 training classes, which considering the outstanding success of training profitability in AppSec EU, is going to result in a disappointing profitability for this event. I would like to understand our status as of today, what we can do to fix the registration issue for those 260+ who bought a ticket, but couldn't buy training classes, what we can do to promote the event, and what assistance we can provide the organisers to make this a great event.
+
* Canadian Cybersecurity Alliance
  
* [Johanna Curiel] Discussion on the Sooryen report
+
Should we participate?  [https://drive.google.com/drive/folders/0B0yxedKRQADiOVZWRTV5R2x2ajg?usp=sharing][Background] (Matt)
  
Does it comply with it was requested and next steps with regards the wiki and OWASP content
+
* Proposal to move the November 9th Board Meeting to Tuesday, November 8th (5-7 PM CDT). (Josh)
  
 
== Action Items==
 
== Action Items==
Line 140: Line 129:
  
 
==Adjournment==
 
==Adjournment==
*Next meeting date/time: [https://www.owasp.org/index.php?title=July_27,_2016 July 27th]
+
*Next meeting date/time: [https://www.owasp.org/index.php?title=October_11,_2016 October 11]
  
 
==Motion to close meeting==
 
==Motion to close meeting==

Latest revision as of 23:46, 9 October 2016

Time

Location

Teleconference Information:

https://www3.gotomeeting.com/join/861328838

International Toll Free Calling Information


Attendance Tracker

Board Meeting Attendance Tracker

Notice of Recording

  • Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
  • Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.

RECORDING


Meeting Minutes

- August 23, 2016 Meeting Minutes
- July 27, 2016 Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting


  • Treasurer's report
- https://drive.google.com/open?id=17kNGo1XSQ7aJyTf67rYZUB-fPr_ZrP__DFKOd0AiSaA

Meeting Agenda

Call to Order /OWASP Mission

  • Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

Reports

Chair's Report - Matt Konda

  • Staff OKR
  • Staff meetings
  • Bill payments / Contract Approvals (Many)
  • Taxes Filed - 2015 $2.48M (2014 $1.6M) - primarily from programs (conferences + training)
  • Chair Letter for Annual Report (I caused delay here) and for AppSec
  • Redoubled efforts on Glue (DevOps Security Project) - also with revived AppSec Pipeline project (Matt T., Aaron Weaver, Adam Parsons, etc.)
  • Working with Dev summit for AppSec.
  • Hiring Strategy
  • Discussing Partnerships with Media Companies
  • Chasing Sponsors

Vice Chair's Report - Josh Sokol

  • I've got nothing major to report here so let's save the time for some of the bigger discussions that we need to have.

Treasurer Report - Andrew van der Stock

Treasurer's report for September 2016 https://drive.google.com/open?id=17kNGo1XSQ7aJyTf67rYZUB-fPr_ZrP__DFKOd0AiSaA

  • August Financial Package

AUGUST 2016 FINANCIAL REPORT

Financial Analysis

Secretary Report -Tobias Gondrom

Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom

  • Coates - Chapters
  • Carter - Governance
  • Brennan - Projects

Staff Reports

Old Business

All active board proposals are listed here

  • Motion to invest a portion of unused funds in a ladder CD arrangement (Andrew - Deferred to DC)
- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#
  • Motion to approve changes to FY17 membership rates (Andrew)
- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing

New Business

  • OWASP / NYU University, CSAW Co-Marketing Agreement 12k - Motion for Vote for Funding (Tom)
    • CSAW'16 Bronze Level Sponsorship - $12,000
    • Judging opportunity at NYU Tandon CSAW (Nov. 11) and at NYU Abu Dhabi CSAW
    • OWASP branded Travel Award (OWASP funding supports the travel for US Capture the Flag finalists)
    • OWASP collaboration with OSIRIS Lab students on open-source projects in the 16/17 academic year
    • OWASP membership materials included in the CSAW conference bag (NYU Tandon)
    • OWASP table at CSAW Industry Fair (NYU Tandon)
    • OWASP logo on CSAW global website, US conference materials and signage
    • Public recognition at Awards Ceremony
    • 4 free tickets to the Security Open Source Workshop (NYU Tandon, Nov. 10)
  • WEBSITE Project

Status Report (Tom)

  • Projects and external funding - interpretation

Anyone, including OWASP Project Leaders, are able to take OWASP projects and generate revenue for themselves as long as they abide by the license terms of that project. If a project leader can convince others to pay them for something involving their project that doesn't violate the license, then such activity does not negatively impact their project's standing with the OWASP Foundation. As long as the project remains Open Source (FLOSS) and healthy per the OWASP Project Handbook, it can remain an OWASP project. It is recommended that the project name not match any external offering to avoid confusion and, in cases where such a external offering is provided, a disclaimer will be placed on the project page.

Note: This does not change the long standing policy that OWASP Foundation project funds cannot be spent on the project leader directly (aka pay them directly) but must, instead, be spent on items to enhance the project such as graphic art, editing, travel expenses to a project summit, etc.

  • Canadian Cybersecurity Alliance

Should we participate? [1][Background] (Matt)

  • Proposal to move the November 9th Board Meeting to Tuesday, November 8th (5-7 PM CDT). (Josh)

Action Items

Announcements

Adjournment

Motion to close meeting

Retrieved from "https://wiki.owasp.org/index.php?title=September_21,_2016&oldid=222253"