December 2025 Agenda/Minutes
Meeting Details
Agenda
CALL TO ORDER
Board Members
- Ricardo Griffith
- Steve Springett
- Harold Blankenship
- Sam Stepanyan
- Ashwini Siddhi
- Avi Douglen
- Diego Silva Martins
Guests
- Andrew van der Stock
- Dawn Aitken
- Lauren Thomas
- Hayden Corry
- Starr Brown
- Christian Capellan
- Stacey Ebbs
- Heather Kennedy
- Chris Barbeau ABSENT
- Leea Hudson-Wilson ABSENT
- Aruneesh Salhotra
- Arkadii Yakovets
CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT
As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.
CHANGES TO THE AGENDA
Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.
APPROVAL OF MINUTES
Vote:
- Steve Springett: YES
- Harold Blankenship: YES
- Sam Stepanyan: YES
- Ashwini Siddhi: YES
- Avi Douglen: YES
- Diego Silva Martins: YES
- Ricardo Griffith: YES
Result: The Vote PASSES, 7–0
MANAGEMENT REPORTS
- OWASP Foundation Board Summary
- Finance Board Video Report
- Finance Management Report
- Finance Cash Flow Forecast
- Finance Accounts Receivable
Andrew van der Stock - Executive Director
- 2026 Meeting Schedule: Proposed shift to midday US Eastern to accommodate global staff and Charity CFO participation.
- Director of Corporate Relations Search:
- 483 applicants received
- Screening underway; community applicants to be interviewed where appropriate
- January 2026 In-Person OWASP Board Strategy Meeting in Amsterdam Planning:
- Hotel coordination underway
- Board members reminded to finalize travel promptly due to rising costs
- No concrete plans to be present at FOSDEM
- Annual Impact Report:
- Stacey is working on the report
- Rebranded from “Annual Report”
- Target publication before January 2026 Board meeting
- Audit & Compliance:
- 2024 audit completed with a clean opinion and posted on the OWASP website
- IRS Form 990 completed and published on the OWASP website
- Banking concentration risk noted, but no immediate change recommended
- OWASP EU Entity - OWASP Operations Europe:
- Entity formation progressing
- Banking setup delayed
- VAT obligations to be addressed upon bank account activation
- Security & GitHub Risk:
- Recent industry attacks reviewed (Shai-Hulud worm)
- OWASP repositories not impacted
- Planned risk assessment and review of GitHub Actions, branch protections, and credential hygiene
- 2026 Board Officers Election meeting on January 5th
- Andrew and Sam to check bylaws regarding the meeting
- Dawn advised that some newly elected Board members have not yet submitted required onboarding paperwork. Board members who have not completed all required documentation by January 5, 2026 will not be eligible to vote in the officers election.
Finance Report - presented by Andrew van der Stock due to The Charity CFO representatives absence)
- Cash Position decreased by $203K. Ending balance: $1,754,875
- ~4.68 months cash on hand (excluding CDs)
-
Certificates of Deposit: Recommended rollover; Board expressed agreement
-
Events:
- Global AppSec DC Conference 2025 exceeded profitability expectations
- $50,000 refund pending
- Accounts Receivable: $162,000 total; minimal aging risk
NEW BUSINESS
Update on the UK Training Days
Background Lauren Thomas will provide an update on the forthcoming UK Training Days event, including planning progress, speaker lineup, and promotional activities, and how the Board can help promote the event.
- Lauren provided an update on the UK Training Days event scheduled for February 25-27th .
- Registration was opened shortly before the Thanksgiving holiday period.
- Initial registrations have been slow, which was noted as expected due to the holiday season.
- Marketing and promotion efforts are ongoing, with expectations that registrations will increase after the holidays.
Discussion to modify the Membership Policy to add benefits for Distinguished Lifetime Members
Background The Board will discuss a proposal to modify the Membership Policy to add specific benefits for Distinguished Lifetime Members. This change aims to recognize and reward long-term commitment and contributions to OWASP.
- Draft pull request for Membership Policy changes
- The proposal will be submitted to the Policy Review and Community Review and to undergo additional refinement based on feedback
- The Board agreed to revisit the proposal for a vote at the January 2026 Board meeting.
Update on the OWASP Website Redesign
Background Andrew van der Stock will provide an update on the progress of the OWASP website redesign project, including key milestones, challenges faced, and next steps.
- Website reported as ~95% complete.
- Launch blocked pending required Next.js security update.
- Penetration testing to occur after update completion.
- Board requested an opportunity to review prior to launch.
- Vendor SLA for vulnerability remediation to be formalized.
Update on 25th Anniversary Planning
Background Andrew van der Stock will provide an update on the planning for OWASP’s 25th Anniversary celebrations, including upcoming events, marketing efforts, and community engagement activities.
- Global and chapter-based events planned throughout 2026.
- Chapter-hosted anniversary celebrations underway.
- Request made for a centralized anniversary page or microsite.
- Board encouraged to amplify anniversary messaging via social media.
Discussion on OWASP Marketing Strategy
Background Stacey Ebbs will lead a discussion on OWASP’s marketing strategy, including current initiatives, future plans, and how the Board can support these efforts.
- Comprehensive H1 2026 marketing plan presented.
- Focus areas include:
- Membership growth
- Corporate supporters
- Social engagement metrics
- Anniversary campaign integration
Motion to approve Board of Directors Policy
Background Avi Douglen has led a proposed change to the Election policy, creating a Board of Directors Policy, creating a new draft policy for consideration. This policy has received feedback from the community, which has been incorporated into the current draft by the Policy Review Team. The new policy proposes stronger qualifications for candidates, conflict-of-interest clarifications, and ranked-choice voting (STV). The director qualifications in the new policy is not applicable to the 2025 elections for Director qualifications, but the new seating procedure will be used for the 2026 Directors.
Motion “Resolved, that the Board approves the Board of Directors Policy, replacing the existing Election Policy, effective immediately.”
Sponsor: Avi Douglen Second: Harold Blankenship
Vote:
- Steve Springett – YES
- Harold Blankenship – YES
- Sam Stepanyan – YES
- Ashwini Siddhi - YES
- Avi Douglen - YES
- Diego Silva Martins – YES
- Ricardo Griffith – YES
Result: The Vote PASSES, 7–0
Motion to approve Board of Directors Policy bylaw changes
Motions to amend the bylaws: “Resolved, the OWASP Foundation Bylaws are amended to reflect the change from the Election Policy to the Board of Directors Policy, including removing references to the old Election Policy, effective immediately.”
Sponsor: Avi Douglen Second: Ricardo Griffith
Vote:
- Steve Springett – YES
- Harold Blankenship – YES
- Sam Stepanyan – YES
- Ashwini Siddhi - YES
- Avi Douglen - YES
- Diego Silva Martins – YES
- Ricardo Griffith – YES
Result: The Vote PASSES, 7–0
Motion to approve Anti Trust Policy
Motion to approve the antitrust policy “Resolved, that the Board approves the Antitrust Policy, which is required to ensure compliance with US antitrust laws, effective immediately.”
Sponsor: Avi Douglen Second: Diego Martins
Vote:
- Steve Springett – YES
- Harold Blankenship – YES
- Sam Stepanyan – YES
- Ashwini Siddhi - YES
- Avi Douglen - YES
- Diego Silva Martins – YES
- Ricardo Griffith – YES
Result: The Vote PASSES, 7–0
Board 2025 Year End Review and Social
Background The Board will review the accomplishments of 2025, thank departing Board members, and a social gathering to celebrate the end of the year.
The Chair and Board members expressed appreciation to:
- Departing Board members Avi Douglen and Diego Silva Martins
- OWASP staff for continued operational excellence
Executive Session Placeholder
The Board will potentially adjourn to a closed executive session to discuss confidential matters. Only Board members and invited guests will attend.
- NOTE: The Board did not enter executive session during the December 2025 meeting.
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
- It was noted that the Policy Review Team currently has fewer members than outlined in the Policy. Additional volunteers will be needed to properly staff the Policy Review Team.
- Compliance Committee vacancies noted for 2026
- OWASP is reviewing its insurance coverage and is exploring alternative insurance providers and brokers to potentially obtain better rates. Dawn requested that any Board members with recommendations or contacts for reputable insurance brokers or insurance companies share those referrals with staff.
ADJOURNMENT
Adjournment motion
The next special closed Board meeting to elect Board Officers will be held on Monday January 5 2026, at 12 pm US Eastern Time.
The next general Board meeting is on Wednesday January 28 2026, at 4 pm Central European Time.
“It is moved, and seconded to adjourn. Those in favor, say “aye””
Sponsor: Ricardo Griffith Second: Avi Douglen