October 2025 Agenda/Minutes (delayed to November 5)

Meeting Details

• Date: 05 November 2025
• Time: 1700 PM US EDT, UTC 2100 convert
• Location: Remote
• Video Recording

Agenda

CALL TO ORDER

Board Members:

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Sam Stepanyan
• Ashwini Siddhi ABSENT
• Avi Douglen ARRIVED 3 MINUTES LATE AND WAS MARKED AS PRESENT
• Diego Silva Martins

Guests

• Andrew van der Stock
• Dawn Aitken
• Lauren Thomas
• Hayden Corry
• Starr Brown
• Christian Capellan
• Heather Kennedy
• Stacey Ebbs (Incoming Community and Marketing Manager)
• Edmond Momartin (OWASP LA Chapter leader)
• Maryam Tehrani (OWASP LA Chapter Leader)
• Shruti Kulkarni (OWASP Educational and Training Committee Secretary)
• Apologies from Chris Barbeau and Leea Hudson-Wilson from Charity CFO due to the rescheduling of this meeting.

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

Andrew highlighted agenda changes:

• Update from the OWASP LA Chapter, presented by Edmond Momartin.
• Update on the Chapter Handbook, presented by Edmond Momartin from the Chapter Committee.
• Update on the Certification Project, presented by Shruti Kulkarni

Note: A formal motion to approve the amended agenda was not taken

APPROVAL OF MINUTES

• Previous Meeting Minutes - September 2025

Vote:

• Steve Springett: YES
• Harold Blankenship: YES
• Sam Stepanyan: YES
• Ashwini Siddhi: ABSENT
• Avi Douglen: YES
• Diego Silva Martins: YES
• Ricardo Griffith: YES

Result: The Vote PASSES, 6–0 (1 absent)

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• OWASP Finance Video
• Finance September 2025 Management Report
• Finance September 2025 Cash Flow Forecast
• Finance September 2025 AR Aging Report

Committee and Community Reports

Update from the LA Chapter, presented by Edmond Momartin and Maryam Tehrani:

• Chapter leadership transitioned in 2023 (Edmond, Maryam, Martin Espinosa).
• ~1,000 new Meetup members since transition; nearing 3,500 total.
• Sponsorships booked through 2027.
• Approx. $25,000 raised, $10,000 net after expenses.
• High activity across regional conferences; all booths secured free-of-charge.
• Strong social media growth (1,200+ LinkedIn followers).
• Monthly talks + quarterly workshops.

Board praised the chapter’s exemplary performance.

Update on the Chapter Handbook, presented by Edmond Momartin from the Chapter Committee:

• Full rewrite completed by Edmond, Kyle Smith, and Garth Boyd.
• Updated references to latest policies and procedures.
• Pull request submitted; Andrew confirmed PR was merged during the meeting.

It was clarified that the Chapter Handbook is not a “policy”, so does not require Policy Review Team approval.

Update on the OWASP Certified Secure Software Developer (OCSD) Project, presented by Shruti Kulkarni:

• Certification aimed at developers needing secure coding competency verification (e.g., PCI DSS).
• 15-topic curriculum drafted in Markdown on GitHub.
• Book of Knowledge materials will use OWASP content exclusively (no external purchases).
• Working with PearsonVue/Prometric on testing delivery models and intellectual property protections.
• Additional academic initiative: 3 university modules (Risk Mgmt, SSDLC, SecOps) moving into CC-BY-4.0 licensed OWASP project structure.
• Proposed London training event (target: late Feb 2026), pending trainer availability.

Board emphasized the tight timeline for training promotion.

Management Reports

• OWASP Foundation Board Summary
• OWASP Finance Video
• Finance September 2025 Management Report
• Finance September 2025 Cash Flow Forecast
• Finance September 2025 AR Aging Report

Andrew van der Stock - Executive Director

• New hire announced: Stacey Ebbs – Community & Marketing Manager, starting Monday.
• Corporate Support Director recruitment to resume; board asked to amplify job posting.
• Corporate support likely to fall short of the $600k target.
• Underspend in Projects and Website expected to soften impact.
• January 2026 Special Board Meeting: Officer elections + onboarding of incoming directors (Kelly & Marisa).
• Q1 2026 in-person board meeting proposed for late January in Amsterdam; awaiting director confirmations.
• New website nearing deployment but requires fixes before launch (missing content, incorrect buttons).
• Mandatory penetration test before go-live.
• New OWASP EU entity approved; VAT registration to follow; general meeting to be scheduled.
• Old EU entity (Barcelona/Lisbon VAT issues) remains stalled; awaiting cooperation from legacy administrators.
• Board of Directors Commitment Agreement to be updated for new governance edits.
• Chapter & membership ticket processing moving under Dawn as part of reorganization.
• Uncategorized income largely resolved (only ~$7.5k pending identification).

Finance Report by Chris Barbeau - The Charity CFO (Video Recording)

Key Highlights:

• Cash essentially flat for the month.
• Prepaid expenses increased due to Global AppSec 2026 EU venue deposit.
• YTD Income: $3.607M (over budget by $227k).
• YTD Net Income: $265k.
• Project donations significantly exceeded expectations.
• Conference revenue above plan; conference expenses slightly above due to timing.
• Cash on hand: ~5 months operating reserve.
• Projected 2025 year-end cash: ~$2M (+ ~$600k in CDs).
• AR aging improving; several large amounts received during the week.
• Audit & IRS Form 990 expected to be delivered by November 15 deadline.
• FY2026 Budget planning under way

NEW BUSINESS

Summary of Closed Board Meeting

Background Prior to this public Board meeting, the Board met in a closed session to discuss strategic matters, such as AI policy to be created, amongst other topics. Steve Springett presented the summary of the closed meeting outcomes for the public record.

Board reviewed:

• Election Policy and Committee Policy reforms.
• Proposal to consolidate Committee Policy + Working Group Policy.
• New policy drafted: Mission Impact Reporting & Executive Review Policy.
• Reviewed and updated the strategic mind-map; preparing concise strategy artifacts for public release.
• OKR/KPI baseline discussions for Executive Director evaluation.

More work required - the documents will be presented publicly later.

Discussion on the Community Policy Review process

Background The Board will discuss the Community Policy Review process, including how policies are reviewed, who is involved, and how feedback is incorporated. This discussion aims to ensure transparency and community involvement in policy development. One issue that needs to be addressed is how best to move the policy through drafting, pull requests, issues, and processing feedback from the community. Another issue is replacing the policy team seating requirements with a working group model.

• Community Review Process

Discussion to modify the Membership Policy to add benefits for Distinguished Lifetime Members

Sponsored by: Sam Stepanyan

Background The Board will discuss a proposal to modify the Membership Policy to add specific benefits for Distinguished Lifetime Members. This change aims to recognize and reward long-term commitment and contributions to OWASP.

Summary:

• Proposal: Distinguished Lifetime Members receive lifetime leader benefits, including leader discounts and access privileges.
• Board voiced general support.
• Sam will prepare a formal policy modification for next meeting.

Discussion on updates to the OWASP Board of Director’s Code of Conduct on election campaigning

Background A discussion needs to be had on if or to what extent the OWASP Board of Director’s Code of Conduct should be updated to include guidance on election campaigning. This follows recent events during the 2025 Director elections where some candidates engaged in campaigning activities that raised questions about fairness and adherence to ethical standards.

Summary of Issues Discussed:

• Director endorsements of candidates.
• Accuracy of candidate claims.
• Directors should not endorse candidates.
• Candidate campaigning rules belong in the Election Policy, not the Director Code of Conduct.
• Staff must remain strictly neutral.
• Future board (Jan 2026) should evaluate policy restrictions.

Discussion on proposed Director Qualification and Election Policy changes

Background Avi Douglen has led a proposed change to the Director Qualification and Election Policy for Board discussion, creating a new draft policy for consideration, replacing the old Election Policy. This policy has received feedback from the community, which has been incorporated into the current draft by the Policy Review Team. The new policy proposes stronger qualifications for candidates, conflict-of-interest clarifications, and ranked-choice voting (STV). The director qualifications in the new policy is not applicable to the 2025 elections for Director qualifications, but the new seating procedure will be used for the 2026 Directors.

NB: Policy is not yet ready for vote pending Policy Review Working Group review.

Discussion also covered:

Background checks for incoming directors:

• Requirement to use third-party portals (no PII handled by OWASP staff).
• Only criminal + sanctions checks recommended; credit checks possibly for Treasurer.

• ED will proceed with new director onboarding now; background checks added once policy approved.

• Draft Policy
• Feedback Summary

Motion: “Resolved, that the revised Director Qualification & Election Policy is tabled.”

Note: No sponsor/second needed for tabling the motion

Vote:

• Steve Springett – Yes
• Harold Blankenship – Yes
• Sam Stepanyan – Yes
• Ashwini Siddhi - ABSENT
• Avi Douglen - Yes
• Diego Silva Martins – Yes
• Ricardo Griffith – Yes

Result: The Vote PASSES, 6–0 (1 absent)

Discussion chapter leader orientation course

Background Sam Stepanyan led the discussion on the proposed chapter leader orientation course and training, with a view to starting a Working Group to create the course. Working group activities and proposed change to the chapters policy. Should the policy be changed to make the course mandatory for new chapter leaders?

• Chapter Leader Orientation Course

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Announcements:

• Dawn coordinating with 2026 Board for a January 1, 2026 – 25th Anniversary video.
• Leaders Meeting being held tomorrow; board welcome to attend.

ADJOURNMENT

Adjournment motion

The next general Board meeting is on November 25 2025, at 09:00 am US Eastern Time.

• November 2025

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Ricardo Griffith Second: Avi Douglen