March 2025 Agenda/Minutes

Meeting Details

Agenda

CALL TO ORDER

Board Members Present:

  • Ricardo Griffith
  • Steve Springett
  • Harold Blankenship
  • Sam Stepanyan
  • Avi Douglen
  • Diego Silva Martins

Board Members Absent / Joined Late:

  • Ashwini Siddhi (joined late, not present at the time of roll call)

Guests

  • Andrew van der Stock
  • Dawn Aitken
  • Lauren Thomas
  • Kelly Santalucia
  • Hayden Corry
  • Starr Brown
  • Christian Capellan
  • Heather Kennedy
  • Chris Barbeau
  • Leea Hudson-Wilson
  • Rob van der Veer
  • Scott Clinton
  • Izar Tarandach
  • Erez Yalon
  • Maria Mora

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

  • There was a request to move the following agenda item to the closed session: Motion to amend November 2021 motion to open Charity Charge and close Amex - agreed by consensus - the item was moved from the public Board meeting agenda to the closed session.
  • Request from the Chair to reorder the agenda items to prioritize guests and finance report before other items; agreed by consensus without a formal vote.
  • New motion was introduced during the meeting and voted on: to promote the OWASP AI Exchange Project to the Flagship status
  • Flagship Project Reviews agenda items were postponed until the Amsterdam Board Strategy Meeting.
  • Funding, Marketing, Diversity committee discussions agenda items were postponed until the Amsterdam Board Strategy Meeting.

PRE-READING MATERIAL

APPROVAL OF MINUTES

Confirmation of January 2025 Board meeting minutes. A minor amendment was made due to an error in how the vote was recorded.

February 2025 Board Meeting Minutes Approval Vote

Board Members

  • Steve Springett: YES
  • Harold Blankenship: YES
  • Sam Stepanyan: YES
  • Ashwini Siddhi: ABSENT
  • Avi Douglen: YES
  • Diego Silva Martins: YES
  • Ricardo Griffith: YES

Results

Passes 6-0

Committee Reports

Q1 2025 Update from the Events Committee

Background Encourage regular cadence of reporting activities, accomplishments to the board. Provide an overview of the objectives achieved Q1, planned Q2/Q3 activities, etc.

Presented by the committee chair Izar Tarandach. Highlights:

  • The Events Committee was established in 2024 and currently includes 5 members.
  • Ongoing focus: improving the Global OWASP events process, including enhancements to CFP/CFT timelines, messaging, and collaboration with OWASP Staff (Lauren).
  • CFP Process Improvements:
    • Revamped the submission review method by assigning Track Leads to each event track. Track Leads form smaller, focused review teams to filter talks — ensuring more relevant and engaging content for attendees.
    • The committee makes final recommendations based on each track’s review results.
  • CFT Process Improvements:
    • The committee now reviews all submissions directly.
    • Trainers with a proven track record of success no longer go through the full review process—only deconfliction is required.
  • New Additions to OWASP Global Events:
    • Meet the Mentor – Pairs mentors and mentees, with ongoing tracking of relationships after the event.
    • How to CFP – A presentation to guide potential speakers through the CFP process.
    • DevDay San Francisco – Marked as a learning experience rather than a failure; lessons learned will guide future efforts.
    • Developer Week Conference Partnership – Support for Starr Brown’s participation. The committee is exploring similar future collaborations.
  • Issues and Challenges:
    • Ongoing media recording and distribution problems—seeking solutions for editing, storage, and publishing.
    • Marketing limitations – Exploring strategies to expand outreach beyond the existing OWASP community.
  • Track Leads introduction:
    • Builder Track: Shruti Kulkarni
    • Breaker Track: Eugene Rojavski
    • Defender Track: Matthew Coles
    • Culture & Management Track: Marisa Fagan
    • Projects Track: Starr Brown
  • OWASP Global AppSec Barcelona 2025 Conference Update:
    • Total Submissions: 338
    • Unique Speakers: 290
    • Tracks: 5
    • Accepted Sessions: 64

Executive Reports

Andrew van der Stock - Executive Director

  • Shared personal update regarding family emergency and temporary delegation of authority.
  • Trip to London and Brussels reported productive.
  • Recommended increase in Directors & Officers insurance coverage to $4M.
  • Issues with EU VAT registration ongoing; proposal to create a new OWASP EU entity and register for EU VAT through the new EU entity
  • Continued efforts to wind down the old OWASP EU entity
  • Updated Chapter Committee Charter submitted for review: https://docs.google.com/document/d/1MT7H-Bo65LK5ZWiX_hthO70fglhA0QA5gOdWmegIVXU/edit

Finance Report by Chris Barbeau - The Charity CFO

  • Finance Management Report

  • Finance AR Aging Summary

  • Audit for FY2023 completed successfully.
  • February 2025 financials highlights:
    • $94K increase in cash.
    • Accounts Receivable (AR) increased by $175K, mainly due to incoming sponsorship payments.
    • Sponsorship income: ~$267K for AppSec EU, $153K for AppSec USA, ~$35K for BASC, ~$90K for SnowFROC.
    • Total expenses for the month of February $197K (biggest increase in expenses is due to Conference expenses).
  • Year-to-date revenue ahead of projections; expense timing slightly behind due to delayed venue payments.
  • AR cleanup completed.

NEW BUSINESS

Discussion on combining GenAI and AI Exchange Projects

Background The GenAI project has many sub-projects, but not including the AI Exchange project. There are likely synergies between the two projects, and it is proposed that the two projects be combined into a single project.

  • Presentations by: Scott Clinton - GenAI Project and Rob van der Veer - AI Exchange project
  • https://docs.google.com/presentation/d/103uxfvsWnNCTdGwx2uEN-QkTkRMIZtf2nbbcp0v6_kg/edit
  • Open discussion clarified both projects are distinct in scope, purpose, and deliverables.
  • GenAI focuses on generative AI; AI Exchange on broader AI security and regulatory collaboration.
  • Conversation triggered valuable clarity on the goals and identities of both initiatives.
  • Consensus not to merge; Both projects should continue independently; No formal action taken.

Motion to promote the GenAI Project to Flagship

Background Scott Clinton will provide an overview of the GenAI project, its many achievements, roadmap, budget, and the benefits of promoting it to a Flagship project. The Project Committee supports the promotion of the GenAI project to Flagship status. The GenAI project has a PR package ready to go if approved.

Motion: “Resolved, that the OWASP Foundation Board of Directors promotes the OWASP GenAI project to Flagship status.”

Sponsor: Steve Springett Second: Avi Douglen

  • Steve Springett: YES
  • Harold Blankenship: YES
  • Sam Stepanyan: YES
  • Ashwini Siddhi: YES
  • Avi Douglen: YES
  • Diego Silva Martins: YES
  • Ricardo Griffith: YES

Results

Passes 7-0

VOTE TO CHANGE TO THE AGENDA TO INTRODUCE NEW MOTION Re: OWASP AI Exchange Project Promotion

Sponsor: Steve Springett Second: Avi Douglen

  • Steve Springett: YES
  • Harold Blankenship: YES
  • Sam Stepanyan: YES
  • Ashwini Siddhi: YES
  • Avi Douglen: YES
  • Diego Silva Martins: YES
  • Ricardo Griffith: YES

Results

Passes 7-0

Motion: “Resolved, that the OWASP Foundation Board of Directors promotes the OWASP AI Exchange aka OWASP Security and Privacy Guide Project to Flagship Project status.”

Sponsor: Steve Springett Second: Avi Douglen

  • Steve Springett: YES
  • Harold Blankenship: YES
  • Sam Stepanyan: YES
  • Ashwini Siddhi: YES
  • Avi Douglen: YES
  • Diego Silva Martins: YES
  • Ricardo Griffith: YES

Results

Passes 7-0

Discuss flagship projects

Avi Douglen will lead a discussion on the current flagship projects and their status. CHANGES TO THE AGENDA - this agenda item was removed and discussion postponed until the Amsterdam Board Strategy Meeting.

Discussion on establishing a funding committee

Discussion sponsor: Ricardo Griffith

Background A Funding Committee should be established to provide strategic direction, oversight, and management of funding initiatives, ensuring that financial resources are effectively allocated in alignment with OWASP’s mission and goals.

The committee would be responsible for:

  • Identifying potential sources of funding (e.g., grants, sponsorships, donations, partnerships).
  • Overseeing fundraising campaigns and initiatives.
  • Managing the allocation of funds to various OWASP projects and events.
  • Ensuring transparency, accountability, and compliance with all financial regulations and OWASP community guidelines.

CHANGES TO THE AGENDA - this agenda item was removed and discussion postponed until the Amsterdam Board Strategy Meeting.

Discussion on establishing a marketing committee

Discussion sponsor: Steve Springett

Background A Marketing Committee should be established to provide strategic direction, oversight, and management of marketing initiatives, ensuring that OWASP’s brand, mission, and goals are effectively communicated to the community, stakeholders, and the public.

CHANGES TO THE AGENDA - this agenda item was removed and discussion postponed until the Amsterdam Board Strategy Meeting.

Discussion on establishing a diversity committee

Discussion sponsor: Avi Douglen

Background A Diversity Committee is nearly ready to go. Avi will discuss progress and seek feedback from the Board, particularly around the naming of the Committee.

CHANGES TO THE AGENDA - this agenda item was removed and discussion postponed until the Amsterdam Board Strategy Meeting.

VOTE TO CHANGE TO THE AGENDA TO REMOVE THE FOLLOWING ITEMS FROM THE AGENDA DUE TO TIME CONSTRAINTS:

  • Discuss flagship projects
  • Discussion on establishing a funding committee
  • Discussion on establishing a marketing committee
  • Discussion on establishing a diversity committee

Sponsor: Ricardo Griffith Second: Sam Stepanyan

  • Steve Springett: YES
  • Harold Blankenship: YES
  • Sam Stepanyan: YES
  • Ashwini Siddhi: YES
  • Avi Douglen: YES
  • Diego Silva Martins: YES
  • Ricardo Griffith: YES

Results

Passes 7-0

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

  • Request from Staff (Dawn Aitken) to clarify and confirm whether the WASPY Awards will proceed for 2025. To be discussed at the next Board meeting

Action Items:

  • Coordinate delegation of approval authority with Ricardo and Harold in case of leave - Andrew
  • Ensure Ricardo is onboarded to Bill.com and Jira for financial approvals - Andrew
  • Follow up on the increase of Directors & Officers insurance to $4M, including finalizing quote and approval - Andrew
  • Work with the VAT Desk and Delaware to resolve documentation issues for EU entity VAT registration - Andrew
  • Continue winding down the old EU entity and update the board as progress is made - Andrew
  • Ensure AI Exchange is listed correctly as a flagship project and appears on the OWASP homepage - Andrew
  • Assist Rob with unified branding and project updates on the OWASP website - Andrew
  • Follow up on D&O insurance with insurance industry contacts - Ricardo

ADJOURNMENT

Adjournment motion

The next general Board meeting is on April 22 2025, at 12 pm US Eastern Time.

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith Second: Steve Springett

Watch Star