This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

September 21, 2016

Revision as of 18:19, 20 September 2016 by KateHartmann (talk | contribs) (Meeting Minutes)

Jump to: navigation, search



Teleconference Information:

International Toll Free Calling Information

Attendance Tracker

Board Meeting Attendance Tracker

Notice of Recording

  • Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
  • Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.

Meeting Minutes

- August 23, 2016 Meeting Minutes
- July 27, 2016 Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

Meeting Agenda

Call to Order /OWASP Mission

  • Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)


Chair's Report - Matt Konda

  • Staff OKR
  • Staff meetings
  • Bill payments / Contract Approvals (Many)

Vice Chair's Report - Josh Sokol

  • I've got nothing major to report here so let's save the time for some of the bigger discussions that we need to have.

Treasurer Report - Andrew van der Stock

Chapters - Michael Coates

Financial information

  • July financial package
- File:2016 07 OWASP July Financial Report submitted 8.18.16.xlsx
- File:7.16 YTD US P&L vs Bud.pdf
- File:7.16 US BS.pdf
- File:7.16 APSEC EU P&L.pdf

Secretary Report -Tobias Gondrom

Governance report

Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom

  • Coates - Chapters
  • Carter - Governance
  • Brennan - Projects

Staff Reports

Old Business

All active board proposals are listed here

  • Co-Marketing Agreements with other conferences
  • Motion to invest a portion of unused funds in a ladder CD arrangement
  • Motion to approve changes to FY17 membership rates
  • Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
  • Motion to create an OWASP open training platform

New Business

  • AppSec USA - Update from Laura

Please go over the last status update from Laura in the reading material, and see for yourselves where we are at in terms of registrations. This last week, registrants paying for their tickets couldn't register for training. Now, I only see 9 training classes, which considering the outstanding success of training profitability in AppSec EU, is going to result in a disappointing profitability for this event. I would like to understand our status as of today, what we can do to fix the registration issue for those 260+ who bought a ticket, but couldn't buy training classes, what we can do to promote the event, and what assistance we can provide the organisers to make this a great event.

CSAW'16 Bronze Level Sponsorship - $12,000

Judging opportunity at NYU Tandon CSAW (Nov. 11) and at NYU Abu Dhabi CSAW

OWASP branded Travel Award (OWASP funding supports the travel for US Capture the Flag finalists)

OWASP collaboration with OSIRIS Lab students on open-source projects in the 16/17 academic year

OWASP membership materials included in the CSAW conference bag (NYU Tandon)

OWASP table at CSAW Industry Fair (NYU Tandon)

OWASP logo on CSAW global website, US conference materials and signage

Public recognition at Awards Ceremony

4 free tickets to the Security Open Source Workshop (NYU Tandon, Nov. 10)

  • WEBSITE Project

Status Report (Tom)

  • Projects and external funding - interpretation

Anyone, including OWASP Project Leaders, are able to take OWASP projects and generate revenue for themselves as long as they abide by the license terms of that project. If a project leader can convince others to pay them for something involving their project that doesn't violate the license, then such activity does not negatively impact their project's standing with the OWASP Foundation. As long as the project remains Open Source (FLOSS) and healthy per the OWASP Project Handbook, it can remain an OWASP project. It is recommended that the project name not match any external offering to avoid confusion and, in cases where such a external offering is provided, a disclaimer will be placed on the project page.

Note: This does not change the long standing policy that OWASP Foundation project funds cannot be spent on the project leader directly (aka pay them directly) but must, instead, be spent on items to enhance the project such as graphic art, editing, travel expenses to a project summit, etc.

Action Items



Motion to close meeting