August 2025 Agenda/Minutes

Meeting Details

• Date: 26 August 2025
• Time: 0900 AM US EDT, UTC 1300 convert
• Location: Remote
• Video Recording

Agenda

CALL TO ORDER

Board Members

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Sam Stepanyan
• Ashwini Siddhi
• Avi Douglen
• Diego Silva Martins

Guests

• Andrew van der Stock
• Dawn Aitken
• Lauren Thomas
• Hayden Corry
• Starr Brown
• Christian Capellan
• Heather Kennedy
• Chris Barbeau
• Leea Hudson-Wilson
• Kyle Smith
• Edmond Momartin
• Garth Boyd

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

Proposed additions (time permitting):

• Discussion on forming an Audit Committee (sponsored by Ricardo)
• Discussion on the Project Summit (sponsored by Sam)

APPROVAL OF MINUTES

• Previous Meeting Minutes - July 2025

• Steve Springett: Yes
• Harold Blankenship: Abstain (Harold was absent at July Meeting)
• Sam Stepanyan: Yes
• Ashwini Siddhi: Yes
• Diego Silva Martins: Yes
• Avi Douglen: Yes
• Ricardo Griffith: Yes

Result: The Vote PASSES, 6–0 (1 abstained).

PRE-READING MATERIAL

The finance summary was being presented in video format to see if it can help streamline the Board meeting. Please read the finance reports and watch the video.

• OWASP Foundation Board Summary
• Finance Management Report
• Finance Management Report - Video
• Finance Cash Flow Forecast
• Finance Accounts Receivable

Andrew van der Stock - Executive Director

Andrew presented the management reports and finance update. Key highlights:

• Prioritization: Focus areas for 2025 include website migration, 25th anniversary planning, EU entity setup, AppSec DC preparations, and social policy gap analysis.
• Website Migration: Targeted for go-live within 30 days, with redirects and Google indexing issues being addressed.
• 25th Anniversary: Staff coordinating outreach, events, and membership drive. Marketing hire remains a top staffing priority.
• Chapter Activity: Chapter expenses and volume of requests increasing, indicating growth in activity. A chapter audit process is needed.
• Finance: Uncategorised income remains an issue. A new process is being finalized with Charity CFO, to be operational by September.
• Audit & Form 990: Audit fieldwork continues. Form 990 expected to be filed before November deadline. Budget planning for 2026 to begin shortly.
• Membership Audit: Small number of errors found (0.2% of records) due to legacy system migration. Issues resolved. Confidence expressed in GlueUp going forward.
• Working Groups: Infrastructure still being finalized; expected to operationalize by September.

Finance Report by Chris Barbeau - The Charity CFO (Video Recording)

The finance summary was presented in video format: Finance Management Report - Video

• Finance Management Report
• Finance Management Report - Video
• Finance Cash Flow Forecast
• Finance Accounts Receivable
• Cash Position: $1.99M, down by $213k from June due to payables. Cash reserves cover 5.3 months of operations.
• Accounts Receivable: $554k, mainly from conference sponsors and attendees.
• Operating Revenue: $372k in July (vs $208k in June), driven by conference income.
• Year-to-Date Revenue: $3.16M, exceeding budget by 23% and slightly above 2024 levels.
• Revenue Variances: Sponsorships +$628k above budget; Training –$265k below budget.
• Operating Expenses: $285k in July (down from $372k in June). YTD expenses $2.47M, 5% over budget.
• Net Income: $86.7k recognized income in July; YTD net income $703k.
• Balance Sheet: Net assets at $3.14M.

Board Comments & Actions:

• Ricardo stressed urgency in resolving uncategorized income categorization by the September meeting.
• Sam highlighted importance of legacy web link redirects due to deep links in government frameworks.
• Dawn confirmed follow-ups on Accounts Receivable; approx. $50–60k already recovered since reporting period.
• Charity CFO will also provide Form 990 follow-ups to the Board.

NEW BUSINESS

Committee Reports

Motion to approve the OWASP Chapter Committee Charter - TABLED

Background The OWASP Chapter Committee has been working on a charter to formalize its role and responsibilities within the OWASP community. The charter outlines the committee’s purpose, membership, and operational guidelines.

• Representatives from the Chapter Committee (Kyle Smith, Garth Boyd and Edmond Momartin) attended.
• Current draft committee charter was based on the outdated Committee Policy
• Committee requested the charter be tabled and left for the next committee cycle (elections due January 2026).

Motion to table the OWASP Chapter Committee Charter

Motion: “Resolved, that the OWASP Chapter Committee Charter be tabled” Sponsor: Ricardo Griffith Second: Steve Springett

Board Members

• Steve Springett: Yes
• Harold Blankenship: Yes
• Sam Stepanyan: Yes
• Ashwini Siddhi: Yes
• Avi Douglen: Yes
• Diego Silva Martins: Yes
• Ricardo Griffith: Yes

Result: Motion PASSES, 7-0

Old EU Entity Status Update

Background The Executive Director provided an update on the current status of the winding down of the old EU entity.

• Old EU entity Directors will travel to Belgium in September to finalize closure of the entity with accountants.

New EU Entity Status Update

Background The Executive Director will provide an update on the current status of the establishment of the new EU entity.

• Belgian Government approval still pending; directors Diego and Ashwini to provide ID and residency proof by 9 September for Regus offices.
• Andrew to confirm SLA with Belgian authorities.

Jira and Working Group Status Update

Background The Executive Director will provide an update on the current status of the OWASP Working Groups and other ticket types in Jira. Funding and Marketing Working Group.

• Delayed due to membership audit prioritization. Infrastructure setup expected September.

Discussion on proposed Mission Impact Reporting and Executive Review policy

Background Steve Springett has drafted a proposal for a Mission Impact Reporting and Executive Review policy to enhance the accountability and transparency of the OWASP Foundation’s activities. This is a discussion of the policy’s objectives and to solicit feedback from the Board before a public comment period is opened up per the standard

• Draft Policy

Discussion on proposed Director Qualification and Election Policy changes

Background Avi Douglen will lead a discussion on proposed changes to Director Qualifications and Elections policies.

• Draft Policy
• Draft presented by Avi Douglen.
• Proposed stronger qualifications for candidates, conflict-of-interest clarifications, and ranked-choice voting (STV).
• Not applicable to 2025 elections (timeline already in progress).
• Further discussion to continue offline.

Events Policy Minor Changes

Background The Events Policy has a small number of minor changes that need to be made to increase the time for AppSec Days to require AppSec Days to apply within a suitable period of time prior to the previous year’s budgeting cycle, including Executive Director approval. This change is to ensure that there is sufficient time to budget for and properly plan future AppSec Days events.

• Draft Policy Changes PR

• Proposal to require AppSec Days and major events to be budgeted in the prior year cycle (by September 1).
• Sam and Andrew to consolidate proposed edits into a single Events Policy and publish for review before October meeting.

Executive Session on OWASP Corporation

• Board will enter an executive session to discuss legal matters.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

Adjournment motion

The next general Board meeting is on September 23 2025, at 9 am US Eastern Time.

• September 2025

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith Second: Steve Springett