March 2026 Videoconference

Meeting Details

• Date: 24 March 2026
• Time: 12PM US Eastern Daylight Time, UTC 1600 convert
• Location: Remote
• Recording

Agenda

CALL TO ORDER

Chair Steve Springett called the March 2026 OWASP Global Board meeting to order at 12:05 PM Eastern.

Board Members

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Sam Stepanyan
• Marisa Fagan
• Ashwini Siddhi (ABSENT)
• Kelly Santalucia (ABSENT)

Guests

• Andrew van der Stock
• Starr Brown
• Christian Capellan
• Stacey Ebbs
• Chris Barbeau
• Leea Hudson-Wilson

Method of minutes preparation

As per the forthcoming OWASP AI Policy, the fact that AI has been used in the preparation of these minutes is acknowledged, but the responsibility for their accuracy and completeness lies with the Executive Director and OWASP Foundation Secretary, who have reviewed and edited the minutes as necessary to ensure they accurately reflect the discussions and decisions of the Board. The use of AI in this context is intended to assist in the drafting and organization of the minutes, but it does not replace the need for human review and oversight to ensure that the minutes are an accurate and complete record of the meeting. If in doubt, the recording of the meeting is provided above for complete context and reference.

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

No conflicts of interest were disclosed.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

No changes to the agenda were made.

APPROVAL OF MINUTES

• Previous Meeting Minutes - February 2026

Result: Passed (unanimous among Directors present; no abstentions recorded).

• Ricardo Griffith — Yes
• Harold Blankenship — Yes
• Sam Stepanyan — Yes
• Marisa Fagan — Yes
• Steve Springett — Yes
• Ashwini — Absent
• Kelly — Absent

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• Finance Board Summary

Executive Director Report

• Staffing: Dawn Aitken resigned and departed effective end of the prior month; her departure created gaps in institutional knowledge and impacted delivery. Hayden previously resigned; last day noted as March 9.
• Hiring: Missy Lindsay to join as Director of Corporate Relations, Starrting April 1.
• Executive session topics (planned): Discussion on whether to structure a new role as an Operations role or an Associate Executive Director role; intent to finalize and begin advertising the chosen role.
• Role naming: Proposal to rename “Operations Support Associate” to “Community Support Associate” (same duties); stated that several candidates have already applied and resumes have been provided, suggesting minimal need for broad advertising.

Website / Platform Updates

• Status: Board requested regular website updates; none reported while Christian was away. Accounts payable delays affected timely billing, now reported back on track.
• Vendor engagement: A meeting with developers was scheduled following payment clearance; priorities for the week included addressing three community-facing blockers (including embedded HTML display issues) plus completion/validation of penetration test findings.
• Delivery date request: Director Ricardo Griffith requested a “hard date” for delivery rather than continued delays; staff indicated intent to lock a date during the vendor meeting.
• Data migration: Migration from the old site was stated to have occurred; work remaining focused on cleanup and restoring pages. It was clarified that chapter/project leaders’ existing update efforts would not be overwritten or lost.
• Meetup administration: Meetup groups were stated to be restored; an extension for one year was obtained. A two-year extension option was discussed but not pursued as unfavorable. Leaders reassignment back to Meetup groups and ticket resolution were in progress.

Insurance and Finance Operations

• Insurance renewal: Insurance renewal due at the beginning of April; outreach to insurers underway. Several chapters requested certificates of insurance; these will be provided once renewed.
• Finance operations: Runbook development for financial operations was underway (credit given to Starr and Lauren). Uncategorized income/expenses and some unentered expenses were noted; expectation stated that items would be cleared within the next month.
• Payment cards: Executive Director’s credit card expired and replacement had not arrived; services were being moved to another card where possible, with a plan to adjust credit limits accordingly.

Events and Community Programs

• NDC: Starr reported NDC was a strong fit for OWASP with well-attended tracks and valuable community engagement; a trip report was expected by the next Board meeting.
• Membership drive: A membership drive was planned but postponed until staffing is in place to process additional tickets.

New Business

2026 Budget Approval

• Overview presented: Draft budget totals discussed included income of approximately $4.8M and expenses of approximately $5.054M, projecting an operating deficit of approximately $217K.
• Key drivers/variances: Conference expenses were discussed as a major driver of increased costs (notably San Francisco; also Vienna as a new location). Increased travel and venue costs (e.g., AV, Wi Fi, food and beverage) were cited. Board discussed tighter reimbursement controls (e.g., limiting hotel nights; essential staff only).
• Meetup expense correction: Meetup costs were clarified as an annualised figure (approx. $48–49K across 12 months, based on per-group pricing and number of groups). A correction was required in the budget to reflect the full year rather than partial months.
• Project budgets: Increased project revenue/expense assumptions were discussed (e.g., SAM and GenAI projects raising and spending larger amounts), with intent to track projects via separate locations/P&Ls and hold projects accountable while allowing spending aligned to raised funds.
• Donations/corporate supporters: Discussion included confidence in an aggressive corporate supporter target (referenced as $600K), citing early-year renewal progress and the planned Director of Corporate Relations role to pursue broader fundraising, grants, and project support.
• Budget artefacts: The Board requested distribution of the budget spreadsheet; guidance was given to handle salary information appropriately when sharing.

Motion “Resolved, that the 2026 OWASP Foundation Budget is approved, effective immediately.”

Sponsor: Ricardo Griffith Second: Marisa Fagan

Vote held at 1:03 hours into the recording. Result: Passed (unanimous among Directors present; no abstentions recorded).

• Ricardo Griffith — Yes
• Harold Blankenship — Yes
• Sam Stepanyan — Yes
• Marisa Fagan — Yes
• Steve Springett — Yes
• Ashwini — Absent
• Kelly — Absent

Motion Passed 5-0 (2 absent)

Motion to Amend Signatory Policy

Background The current OWASP Signatory Policy authorizes the Executive Director to approve and execute expenditures, contracts, and other financial commitments up to $10,000 per transaction without a second approver, with transactions above that threshold requiring dual authorization from the Executive Director and either the Treasurer or the Chair.

Motion “Resolved, the Board amends the Signatory Policy to increase the Executive Director’s signing authority from $10,000 to $25,000 per transaction, with transactions above $25,000 continuing to require dual authorization under the existing policy.”

At around 1:27 into the recording, there was discussion around the amount from $20 to $25k. A poll was run, and $25k was selected as the preferred threshold by the majority of present Directors.

Sponsor: Ricardo Griffith Second: Marisa Fagan

Vote held at 1:28 hours into the recording. Result: Passed 3-2 (2 absent)

• Ricardo Griffith — No
• Harold Blankenship — Yes
• Sam Stepanyan — No
• Marisa Fagan — Yes
• Steve Springett — Yes
• Ashwini — Absent
• Kelly — Absent

Discussion on Policy Review Process

Marisa Fagan requested a plan for community policy reviews. It was stated that this item was expected to be on the agenda; otherwise, the plan was to track the work in monday.com and allocate owners. A permissions issue preventing some users in the “owasp.org” domain from accessing monday.com was noted; a potential remedy discussed was to claim the domain to restore permissions. Alternative tracking approaches mentioned included Jira/Trello or GitHub Issues.

Note from ED: Monday.com permissions have since been resolved. We can continue to use monday.com to track policy reviews.

Action Items

Executive Session

The Board adjourned to an Executive Session to discuss a membership and a personnel matter. The Executive Session will be attended by Board members only, and the minutes of the Executive Session will be recorded separately and kept confidential.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

Adjournment motion

Adjournment motion is held at 1:41 hours into the recording. Result: Passed (unanimous among Directors present; no abstentions recorded).

Sponsor: Steve Springett Second: Ricardo Griffith

The next general Board meeting is on April 28, 2026 at 12 pm US Eastern Time.

• April 2026