May 2025 Agenda/Minutes

Meeting Details

• Date: 28 May 2025
• Time: 5:30 PM CEST, UTC 1530 convert
• Location: In-person / remote
• Call-in: Video Recording

Agenda

CALL TO ORDER

Board Members Present (in-person):

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Ashwini Siddhi
• Sam Stepanyan
• Diego Silva Martins
• Avi Douglen

Guests

• Andrew van der Stock
• Dawn Aitken
• Lauren Thomas
• Hayden Corry
• Starr Brown
• Christian Capellan
• Heather Kennedy
• Chris Barbeau
• Leea Hudson-Wilson

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

APPROVAL OF MINUTES

• Previous Meeting Minutes - April 2025

Board Members

• Steve Springett: YES
• Harold Blankenship: YES
• Ashwini Siddhi: YES
• Sam Stepanyan: YES
• Diego Silva Martins: YES
• Avi Douglen: YES
• Ricardo Griffith: YES

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• April 2025 Finance Management Report
• April 2025 Finance Cash Flow Forecast
• April 2025 Finance Aged AR
• April 2025 Finance Uncategorized Items

e-Votes and Special Meeting Motions to read into minutes

Motion to approve Vienna as the location for AppSec EU 2026-2028

Background This is the second motion to decide if we are to host our AppSec EU conferences from 2026-2028 in a single location, Vienna.

After a successful site visit by Sam (thank you for that!), we have received very favorable pricing for holding AppSec EU in Vienna for a period of three years at 157k per year.

Additional information

• The costs of Food and Beverage (F&B) bill, which are not included in this contract, would be charged separately, are comparable to other venues that we obtained quotes from.
• The costs of hotel rooms are in line with other European cities at this time of the year
• The timing of the event would be the same dates for all three years, which is something that the Board has wanted, and allows us to plan and advertise well in advance, similar to the way it happens with other major events like RSA, BlackHat and Defcon.
• We would only need to register for VAT once in three years, which simplifies the management of ticket sales and invoicing for sponsorships.

Motion: “Resolved, the Board approves the Executive Director signing a contract with Austria Center Vienna as the host convention center for AppSec EU 2026-2028.”

• e-Vote

Sponsor: Harold Blankenship Second: Ricardo Griffith

• Result: 6 YES 0 NO 0 ABSTAIN. Motion passes.

NEW BUSINESS

Motion to approve the working group policy

Background This policy establishes the process for creating and managing OWASP working groups. It is intended to provide a clear framework for the establishment, operation, and dissolution of working groups within the OWASP Foundation. The pull request contains changes to the bylaws to allow the creation of working groups, and the committee policy to ensure that the working group policy is the primary source of information for working groups., and lastly, the working group policy itself.

• PR for Working Groups Policy and related Bylaws and policy changes

Motion: “Resolved, the bylaws are amended to allow the creation of working groups. This requires a super majority of the Board.”

Sponsor: Steve Springett Second: Ricardo Griffith

• Steve Springett: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Ricardo Griffith: YES

Results

Passes 7-0

Motion: “Resolved, the committee policy is amended to ensure that the working group policy is the primary source of information for working groups. This requires a super majority of the Board.”

Sponsor: Steve Springett Second: Ricardo Griffith

• Steve Springett: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Ricardo Griffith: YES

Results

Passes 7-0

• Committees Policy

Motion: “Resolved, that working groups policy is approved.”

Sponsor: Steve Springett Second: Ricardo Griffith

• Steve Springett: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Ricardo Griffith: YES

Results

Passes 7-0

• Approved Working Groups Policy

Motion to approve the privacy policy

Background The privacy policy outlines how OWASP collects, uses, and protects personal information. It is designed to ensure compliance with applicable privacy laws and regulations, and to provide transparency to individuals about their data.

• Privacy Policy

Motion: “Resolved, that the privacy policy is approved.”

Sponsor: Avi Douglen Second: Diego Silva Martins

• Steve Springett: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Ricardo Griffith: YES

Results

Passes 7-0

Motion to approve the travel policy

Background The travel policy outlines the guidelines and procedures for OWASP Board members, participants and volunteers when traveling for OWASP-related business. It is designed to ensure consistency, accountability, and cost-effectiveness in travel arrangements.

• PR for Travel Policy

Motion: “Resolved, that the travel policy is approved.”

Sponsor: Diego Silva Martins Second: Ricardo Griffith

• Steve Springett: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Ashwini Siddhi: YES
• Avi Douglen: YES
• Diego Silva Martins: YES
• Ricardo Griffith: YES

Results

Passes 7-0

OWASP EU Discussion

Background The OWASP EU discussion is an ongoing conversation about the future of OWASP in Europe, including potential changes to the organizational structure, funding, and outreach efforts.

Amsterdam Board Strategy Meeting Summary

Background The Amsterdam summary provides an overview of the recent OWASP Global Board of Directors strategy meeting held in Amsterdam, including key takeaways and action items.

• Amsterdam Strategy Meeting Summary

Certification Program Update

Background The certification program update provides an overview of the current status of OWASP’s certification effort, including any changes or improvements that have been made since the last update.

Shruti Kulkarni provided an update on the Certification curriculum development progress. Shruti Kulkani also ran a session on the certification program at AppSec EU 2025 for more information after the Board meeting.

Education & Training Committee Update

Presented by Shruti Kulkarni:

• Progress on training programs and proof of concept training event in London being planned.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

An open Q&A session was held to address questions and comments from OWASP members attending the meeting in person.

ADJOURNMENT

Adjournment motion

The next general Board meeting is on June 24 2025, at 12 pm US Eastern Time.

• June 2025

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith Second: Avi Douglen