April 2025 Agenda/Minutes

Meeting Details

• Date: 22 April 2025
• Time: 12PM US EDT, UTC 1600 convert
• Location: Remote
• Recording: YouTube

Agenda

CALL TO ORDER

Board Members Present:

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Sam Stepanyan
• Ashwini Siddhi
• Avi Douglen
• Diego Silva Martins

Guests

• Andrew van der Stock
• Kelly Santalucia
• Dawn Aitken
• Lauren Thomas
• Hayden Corry
• Starr Brown
• Christian Capellan
• Heather Kennedy
• Leea Hudson-Wilson
• Garth Boyd
• Kyle Smith

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

• Request from the Chair to reorder the agenda items to prioritize guests and finance report before other items; agreed by consensus without a formal vote.

APPROVAL OF MINUTES

March 2025 Board Meeting Minutes Approval Vote

• Previous Meeting Minutes - March 2025

Board Members

• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Steve Springett: YES
• Ricardo Griffith: YES

Results

Passes 7-0

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• Finance Management Report
• Finance Cash Flow Forecast
• Finance AR

Committee Reports

Chapter Committee

Q1 2025 and Charter Update presented by OWASP Chapter Committee Chair - Kyle Smith

• Presented for reviw the new Chapter Committee Charter, revised in alignment with OWASP Committee Policy v2.0: https://docs.google.com/document/d/1MT7H-Bo65LK5ZWiX_hthO70fglhA0QA5gOdWmegIVXU/edit?usp=sharing

• Charter aims to clarify the committee’s mission to support OWASP chapters, update and maintain the chapter handbook, provide resources, and serve as a first-level escalation point for chapter issues.

• Success criteria for the committee were discussed; action items and impact will be tracked outside the charter, primarily through handbook updates and chapter support metrics

Executive Reports

Finance Report by Leea Hudson-Wilson - The Charity CFO

• Finance Management Report
• Finance Cash Flow Forecast
• Finance AR

Statement of Financial Position:

• Cash increased by $290,000 in March.
• Total assets: $3.5 million.
• Liabilities: $39,000 (accounts payable and credit cards).
• Net assets up by $330,000.

Statement of Activities:

• March revenue: $527,000 (mainly from project and sponsorship income).
• Year-to-date revenue exceeds budget by $587,000; expenses under budget by $234,000.
• Year-to-date net gain: $833,000.

Additional Updates:

• Continued progress cleaning up uncategorized financial items ahead of 2024 audit.
• Additional staff hire approved (likely in the EU).
• AR (accounts receivable) collections improving; ongoing follow-ups.
• Cash flow remains strong; ending April balance projected at $2.2 million.

Andrew van der Stock - Executive Director

• OWASP Foundation Board Summary

• Working Group policy needs to be finalized and put forward for community review; target approval at Barcelona meeting.
• New travel policy to be developed for project leader travel, with emphasis on international inclusivity.
• CVE/CWE joint blog post with OpenSSF published: https://openssf.org/blog/2025/04/23/vulnerability-enumeration-conundrum-an-open-source-perspective-on-cve-and-cwe/
• Press release strategy discussed; concerns about current distribution methods and searchability.
• Progress on EU legal entity creation; documentation to be shared with the board before May 6 deadline.
• Website overhaul in progress; input from board and staff encouraged.
• Project housekeeping (Starr Brown): ongoing retirement of stale repositories;
• Planning to update project policies for compliance with the EU’s Cyber Resilience Act (CRA), especially for projects intentionally insecure (e.g., Juice Shop, WebGoat).
• Town hall meetings for project leaders to begin; community feedback to drive agenda.
• AWS shared services and account management discussed as a priority for project infrastructure.

Event Updates - Global AppSec EU 2025

• Gold/Diamond/Silver sponsorships sold out
• Startup booths still available for eligible companies.

Event Updates - Global AppSec USA 2025

• AppSec USA event marketing strategy refocused on domestic attendees due to international travel reductions.

NEW BUSINESS

Discussion Videography and Photography at AppSec EU 2025

Sponsor: Sam Stepanyan Second: Not needed for a discussion

• Discussion on promoting volunteers to video and photograph at AppSec EU 2025. Call for creatives to volunteer to help capture the event.
• Usual videographer (Cooper) unavailable for AppSec EU 2025; limited recording capability for keynotes only.
• Suggestions: Volunteer call for videographers (similar to call for papers/trainers); Encouragement for presenters to record their own sessions (where feasible); Explore hybrid options (Zoom, local volunteers, etc.).

Discussion on establishing a Funding committee

Sponsor: Ricardo Griffith Second: Not needed for a discussion

Background A Funding Committee should be established to provide strategic direction, oversight, and management of funding initiatives, ensuring that financial resources are effectively allocated in alignment with OWASP’s mission and goals. The committee would be responsible for:

• Identify potential volunteers who can be a part of the committee
• Identifying potential sources of funding (e.g., grants, sponsorships, donations, partnerships)
• Overseeing fundraising campaigns and initiatives
• Managing the allocation of funds to various OWASP projects and events
• Ensuring transparency, accountability, and compliance with all financial regulations and OWASP community guidelines.

Review Working Group Policy

Background The Working Group policy has been previously presented to the Board. The policy is intended to provide a framework for the establishment and management of OWASP Working Groups, ensuring that they align with OWASP’s mission and goals, and operate effectively within the organization. The policy outlines the purpose, structure, and responsibilities of Working Groups, as well as the process for their creation, operation, and dissolution.

The Board wishes to ensure that the policy is ready for Community Review Process for approval at the May Board meeting.

Sponsor: Steve Springett Second: Not needed for a discussion

• Discussion about the relationship and governance between committees and working groups; some points of disagreement noted, but consensus to proceed with policy publication and legal review.
• Coordination with committee policy revisions planned; legal advice to be sought by Andrew regarding bylaws modification.
• Final draft of working group policy to be published for community comment.

Discussion on new EU Entity

Background The new EU entity will be formed on May 6, 2025. The Board wishes to have an update on the formation of the new entity and ensure that the constitution has the necessary controls to ensure that the entity is compliant with the OWASP Foundation’s mission and goals.

• Constitution for EU entity to be shared and discussed on the Board mailing list.

Motion to change the date & time of May 2025 Board Meeting

Background The May Board meeting is currently scheduled for May 27, 2025 at 12 pm US Eastern Time. The Board wishes to change the time to May 28, 5 pm Central Daylight European Time for the public Board meeting at AppSec Europe 2025.

Motion “Resolved, that the May Board meeting be moved to May 28, 2025, at 5 pm Central Daylight European Time.”

Sponsor: Ricardo Griffith Second: Avi Douglen

Board Members

• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Steve Springett: YES
• Ricardo Griffith: YES

Results

Passes 7-0

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

• Noted upcoming motions and agenda planning for Barcelona.

Action Items:

• Provide outstanding project budget breakdowns to Leaa for the financial reports and audit preparation (Andrew/staff)
• Continue updating the Chapter Committee Charter, incorporating Board feedback, and clarify success criteria (Chapter Committee)
• Hold off on formal Chapter Committee Charter ratification until the broader committee/working group structure is finalized.
• Finalize and circulate the new working group policy for public/community review (Steve)
• Seek legal advice to ensure alignment with OWASP bylaws regarding working groups and committees (Andrew)
• Circulate the draft constitution and other documentation for the EU entity to the board (Andrew)
• Update the committee policy to link or align with the new working group policy as needed (Board)

ADJOURNMENT

Adjournment motion

The next general Board meeting is on May 28 2025, at 5.30 pm Central European Summer Time.

• May 2025

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith Second: Avi Douglen