July 2025 Agenda/Minutes

Meeting Details

• Date: 22 July 2025
• Time: 12PM US EDT, UTC 1600 convert
• Location: Remote
• Call-in: Video Recording

Agenda

CALL TO ORDER

Apologies / notes: Harold advised he would be late.

Board Members

• Ricardo Griffith
• Steve Springett
• Harold Blankenship - ABSENT/LATE
• Sam Stepanyan
• Ashwini Siddhi
• Avi Douglen
• Diego Silva Martins

Guests

• Andrew van der Stock
• Dawn Aitken
• Lauren Thomas
• Hayden Corry
• Starr Brown
• Christian Capellan
• Heather Kennedy
• Chris Barbeau
• Leea Hudson-Wilson

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

• It was noted that Chapter Committee Charter item discussion will go ahead only if committee representatives joined (none did)

APPROVAL OF MINUTES

• Previous Meeting Minutes - June 2025

• Diego Silva Martins: Yes
• Avi Douglen: Yes
• Ashwini Siddhi: Yes
• Sam Stepanyan: Yes
• Steve Springett: Yes
• Ricardo Griffith: Yes
• Harold Blankenship: Absent

Result: The Vote PASSES, 6–0 (1 absent).

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• Finance Management Report
• Finance Cash Flow Forecast
• Finance Uncategorized Items

Andrew van der Stock - Executive Director

• OWASP Foundation Board Summary
• Note: Andrew will be on vacation until August 4th
• External audit fieldwork underway; Andrew to supply remaining internal-controls documentation to auditors.
• OWASP Corporation legal advice commissioned, Andrew will share with Board (likely executive session in August).
• Belgium – legacy EU entity: Belgian accountants notified OWASP to close the entity; Andrew is attempting to schedule a meeting with them.
• New OWASP EU entity: No registration update yet (Andrew is monitoring the Belgium Government website).
• Project Summit 2025: Not running in 2025; funds earmarked toward deposits for a 2026 summit co-located after FOSSDEM (avoid open-source week conflicts). 2025 funds may alternatively support other project-leader activities depending on feedback.
• OWASP Global AppSec USA DC 2025: Exploring hybrid attendance option; virtual price will reflect avoided onsite costs (food, etc.)
• Travel agency trial: Using Navan (no fees) for Staff/Board to improve cost visibility and policy control of travel bookings. Directors asked to provide Washington DC 2025 conference arrival details to Events.
• OWASP 25th Anniversary (2026): Planning underway, Q1 focus and messaging to Corporate Supporters. 25th-anniversary logo commissioned; merchandise from 1 Jan 2026. Considering UK venue for a Q1 Board strategy meeting and potential training (visa letter support available).
• WASPY Awards: Voting low to date. Staff open to process changes for 2026; suggestion logged to open nominations to community and have staff select winners to reduce popularity-only outcomes.
• Membership: Observed decline as Glue Up data quality improves; membership drive planned for September
• Website redesign: Initial release by end of July with staged content migration; legacy content to subdomains (e.g., board.owasp.org).
• Working Groups: New Jira request type live; each WG gets a repo + GitHub Pages site
• Jira refactor: Chapter processes reworked to enforce policies (leaders must be members), reduce back-and-forth, and add SLA alerts. Considering SLA separation for reimbursements (Charity CFO pays net-30; typically within 14 days).
• Student Chapters: Andrew to request Chapter Committee review; concerns about non-functional student chapters and funding efficacy. Possible new virtual student-meetup model to meet mission goals with lower overhead.
• OWASP Support site: Building the support site in Confluence with ‘how-to’ guides (expenses, chapters, etc.).
• Platformx audit / consolidation: Moving to monday.com work management; cancelling tools performing similar tasks (Calendly retained; Wufoo, Submittable, Zapier flows, etc. being retired or migrated). Estimated annual savings: ~$9.4k; bigger future savings possible if GlueUp can replace Meetup for chapters.
• Badging program: Selected Credly/Certifier-style platform that integrates with LinkedIn and has an API. Pilot credential badges with leaders/events/board; aim to automate badge issuance from Glue Up before broader rollout, ideally ahead of 25th Anniversary assets.

Finance Report by Chris Barbeau and Leea Hudson-Wilson - The Charity CFO

• Finance Management Report
• Finance Cash Flow Forecast
• Finance Uncategorized Items
• June 2025 results: Income: $28k; Expenses: $329k; Net loss ~$120k (primarily due AppSec Israel Conference expenses getting recorded).
• YTD through June: Income: $2.767M (+$450k vs. budget). Sponsorship ahead of budget, however training income under-reported due to interim coding approach during Glue Up reconciliation. Staff (Dawn) provided detail; corrections to appear in July reports.
• Expenses: $2.1M YTD ($51k under budget), largely timing/underspend on website redesign.
• Cash: Projected year-end cash ~$2.1M (~6 months) excluding CDs. Additional CDs may be considered after year-end obligations.
• Uncategorized items: Reduced significantly; remaining amounts largely May–June timing. Stripe “limbo” payments traced to wrong accounts/unmatched invoices—ongoing cleanup.
• Audit status: Waiting on several items from Andrew (handoff to Operations while Andrew on leave if needed). Charity CFO will also send IRS Form 990 follow-ups.

Working Group Requests and Approvals

The following Working Group (WG) requests and approvals are presented for discussion:

• Funding WG: Members include Andrew, Harold; will invite Aruneesh and align overlapping “Budget WG” ideas while keeping scope focused (donations, corporate supporters, platforms). First meeting to be scheduled.
• Marketing WG: Awaiting staff marketing hire to act as liaison; community expert Brian Reed may participate.
• Certification WG: Led by Shruti Kulkarni; deliverables: body of knowledge and exam within 12 months. Any certification launch will return to the Board for strategy/funding approval.
• 25th Anniversary WG: To be staffed with volunteers (Events to contact former volunteer lead from OWASP Global AppSec Barcelona).

NEW BUSINESS

Motion to approve the OWASP Chapter Committee Charter - TABLED

Background The OWASP Chapter Committee has been working on a charter to formalize its role and responsibilities within the OWASP community. The charter outlines the committee’s purpose, membership, and operational guidelines.

• Link to the OWASP Chapter Committee Charter

Motion: “It is resolved that the Board will table Chapter Committee Charter vote until August 2025 meeting” Note: no sponsor/second needed for this vote

• Diego Silva Martins: Yes
• Avi Douglen: Yes
• Ashwini Siddhi: Yes
• Sam Stepanyan: Yes
• Steve Springett: Yes
• Ricardo Griffith: Yes
• Harold Blankenship: Absent

Result: Motion PASSES, 6–0 (1 absent).

Sponsor: Sam Stepanyan Second: Ricardo Griffith

Discussion on 2026 Board Elections and Director Qualifications

Background Led by Diego Martins and Avi Douglen, the Board is discussing the upcoming 2026 Board elections and the qualifications for Directors. This includes potential changes to the election process and criteria for candidates.

Discussion on OWASP (current) Europe Entity

Background The Belgian government and our current accountants for the old EU entity have requested that OWASP formally close the old entity. The Board is discussing the implications and next steps for this closure.

Discussion on OWASP (new) EU Foundation Entity

Background A status update on the new OWASP EU Foundation iVZW entity. At the time of writing, the new entity.

Discussion on OWASP 25th Anniversary

Background OWASP is celebrating its 25th anniversary in 2026. The Board is discussing plans for the celebration, including events, activities, and potential collaborations.

NOTE: Harold Blankenship joined the meeting at this point and participated in subsequent discussions and vote.

Discussion on OWASP Badging Program

Background The OWASP Badging Program is a new initiative to recognize and reward contributions to OWASP projects and activities. The Foundation is delivering this in the August timeframe, initially focusing on the OWASP Education Committee and the Papers Committee.

Motion to move the Board meetings three hours earlier

Background The Board meeting has traditionally been held at 12 PM US Eastern Time, but this has caused issues for some Board members and the Executive Director in different time zones. The motion is to move the meeting three hours earlier to 9 am US Eastern Time.

Motion: “Resolved, that from August 2025, the OWASP Board of Directors will hold its regular monthly meetings at 9 am US Eastern Time on the fourth Tuesday of each month until further notice.”

Sponsor: Ricardo Griffith Second: Diego Martins

• Diego Silva Martins: Yes
• Avi Douglen: Yes
• Ashwini Siddhi: Yes
• Sam Stepanyan: Yes
• Harold Blankenship: Yes
• Steve Springett: Yes
• Ricardo Griffith: Yes

Result: Motion PASSES, 7–0.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

Adjournment motion

The next general Board meeting is on August 26 2025, at 9 AM US Eastern Time.

• August 2025

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith Second: Avi Douglen