April 2026 Videoconference

Meeting Details

Date: 28 April 2026
Time: 12PM US Eastern Daylight Time, UTC 1600 convert
Location: Remote
Recording

Agenda

CALL TO ORDER

The meeting was called to order at 12:02 PM US Eastern Daylight Time by Chair Steve Springett.

Board Members

Ricardo Griffith
Steve Springett
Harold Blankenship
Sam Stepanyan
Ashwini Siddhi
Kelly Santalucia
Marisa Fagan

Guests

Andrew van der Stock
Starr Brown
Christian Capellan
Stacey Ebbs
Missie Lindsey
Chris Barbeau
Leea Hudson-Wilson
Avi Douglen (for policy review update)
Grant Ongers (for executive session)

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

No conflicts of interest were disclosed.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

No changes to the agenda were proposed.

APPROVAL OF MINUTES

Previous Meeting Minutes - March 2026

Minutes were unanimously approved.

PRE-READING MATERIAL

e-Votes and Special Meeting Motions to read into minutes

Motion to contract with Harold Blankenship for OWASP Foundation operational support

Motion “Resolved, the Executive Director is permitted to contract with Harold Blankenship at market rates as determined by similar roles advertised on Upwork.

To address perceived or actual conflicts of interest, based upon legal advice, the following guardrails will be in place:

Harold’s Treasurer duties will remain insofar as to provide financial oversight for the Board, reviewing the monthly financial summaries from the Charity CFO, and finally, any preparation needed for the external audit, but not expense co-approvals
The Chair will co-approve amounts exceeding the Executive Director’s signing limit.
Harold will not approve his own expenses, including Board travel and contracting fees.
Harold’s duties will primarily be operational in nature, including processing chapter and membership tickets, assisting with operational matters, and ensuring the day-to-day business of the Foundation is conducted in a timely fashion.
If Harold is still being contracted at the time the election processes kick off, as he is a sitting Board member, he will not be handling any part of the election operational process.

If any actual or perceived conflicts of interest arise, then the Board will follow the Conflict of Interest policy to address any potential breaches.”

Sponsor: Marisa Fagan Second: Ashwini Siddhi

Ashwini Siddhi YES
Steve Springett YES
Marisa Fagan YES
Ricardo Griffith NO
Kelly Santalucia YES
Sam Stepanyan NO

Harold Blankenship recused himself from the vote due to the conflict of interest.

Motion Passed 4-2 (1 recusal)

Executive Director’s Report

Strategic plan: Final draft shared; discussion focused on naming/positioning of an “Industry Advisory Council” concept and whether further input from Missy and Stacey was needed. Stacey indicated the document had already been amended toward “industry” wording; a small follow-up meeting was proposed to finalize. (Approx. 00:03:53–00:07:29)
Staffing / operations: Associate Executive Director role posted (strong initial applicant volume). Community Support Associate hiring to proceed with shortlisting and interviews. Harold has begun contracting; chapter-related ticket volume reportedly declining. (Approx. 00:07:39–00:10:09)
Events: AppSec Israel postponed from May to October due to uncertainty and sponsor/attendee hesitation; force majeure considerations noted; a small venue payment (~$1,000) discussed as part of rescheduling. Virtual conference moved from 21 Sep to 22 Sep to avoid conflict with Yom Kippur and improve participation. (Approx. 00:10:14–00:12:14)
Security / IT risk: Vercel breach discussed (OWASP not using affected CLI tooling, but secret rotation and encrypted variable handling planned before website go-live). Noted it has been ~3 years since last IT security review; intent to scope and perform a review (estimated not more than ~$20K). (Approx. 00:12:26–00:14:46)
Website go-live: Dependent on retesting prior pen-test findings; estimate ~2 weeks. Additional “go-live” readiness tasks mentioned (events, board minutes, etc.). (Approx. 00:14:56–00:16:04)
Insurance renewal: Renewal partially processed previously; full package renewal in progress, expected late week/early next; commitment made to prevent recurrence via a runbook. (Approx. 00:16:18–00:22:04)
Runbooks / documentation: Financial operations runbook being created in Confluence; key “undocumented” procedures called out for elections and WASPE awards. (Approx. 00:17:03–00:18:37)
EU finance/tax: EU bank account established; needs funding (VAT obligations anticipated). Work ongoing to close old ING account and resolve documentation requests (e.g., “certificate of residency” issue). Updates included Portugal tax completion (awaiting authorities) and receipt of Spanish VAT number to close Barcelona VAT return. (Approx. 00:18:41–00:22:25)
25th anniversary chapter celebrations: 12 chapter requests received (within budget), with reimbursement guidance and expectation of photos/updates for social media. (Approx. 00:22:28–00:24:25)

Finance Report

Finance report (Chris Barbeau): March financials showed strong increases in cash, receivables, and net assets; conference-related revenue ahead of plan. Board feedback requested more contextual reporting to avoid misinterpretation of budget vs. actual variances; finance team agreed to update presentation next month to compare YTD vs full-year budget and show year-over-year trends. (Approx. 00:24:56–00:38:18)

NEW BUSINESS

Missie Lindsey - Introducing our new OWASP Foundation Director of Corporate Support

Missie Lindsey presented a two slide deck introducing herself as the new Director of Corporate Support, including her vision for the role and a 90‑day sponsorship roadmap. Immediate priority: contact outstanding renewals (~$150k pipeline) during May. Create tiered sponsorship one‑pager and digital deck for Vienna launch. Early pipeline: $345k in sponsorships; $45k invoiced and active now.

Community Review Policy Review Update

Avi Douglen provided an update on the progress of the community review of the OWASP Foundation policies. Current “policy review” document needs full rewrite into a policy governance lifecycle. Review team has 7–8 volunteers; team recommends board decisions on structural questions. Ricardo will extract major issues and draft a revised policy for board discussion. Board to schedule a short, unscheduled working session to decide key governance points.

OWASP Foundation 2026 Strategic Plan Update

Stacey Ebbs discussed the finalization of the Strategic Plan. Final strategic plan draft ready for publication on website. Naming resolved as “Industry Advisory Council” pending staff confirmation. Ashwini requested staff input; Stacey confirmed document amended to that wording. Missie to advise on operational approach once onboarded. Design and summary prepared; web publishing awaiting final sign‑off.

Website Update

Andrew van der Stock discussed the current status of the website. New website near completion; functional for projects, chapters, events management. Pending actions before go‑live: penetration retest, secret rotation, QA of content. Christian to create admin accounts and enable daily Superbase backups. Andrew to schedule secret rotation and scope an IT security review (~$20k). Migration approach: avoid overwriting chapter leaders’ newer data; manual fixes expected.

Helpdesk ticketing update

Harold contracted; chapter ticket backlog reduced from 71 to 27. Membership and chapter ticket SLA target: respond within three days. Student chapters show abuse and inconsistent activity; board to review pause policy. Sam is restoring the chapter committee to review chapters and set guardrails.

Adjournment to Executive Session

The Board will adjourn to an executive session to discuss a confidential matter. The executive session will be attended only by Board members and any invited guests who are necessary for the discussion. The details of the executive session will be kept confidential and will not be disclosed to the public.

Action Items

Owner	Action item	Due / timing	Notes / source
Marisa Fagan / Andrew van der Stock / Stacey Ebbs / Missy Lindsey	Schedule and hold a follow-up meeting to finalize the naming/positioning of the “Industry Advisory Council” item in the strategic plan (and confirm any remaining edits before publication).	Not stated (ASAP)	Andrew asked Marisa to set up a meeting (timezone coordination). (~00:06:31-00:07:29)
Ori (with Lauren; Andrew to follow up)	Confirm venue payment/rescheduling terms for AppSec Israel postponement and ensure payment is applied to October event (avoid contract breach).	In progress (immediate)	Ori “confirming… at this very moment”; payment discussed as ~\$1,000. (~00:11:09-00:11:35)
Andrew van der Stock	Proceed with Community Support Associate hiring: shortlist candidates (with Christian), interview, and move to hiring.	Not stated (within weeks)	Mentioned 25 community applicants; shortlist 5-6. (~00:09:28-00:09:54)
Andrew van der Stock / Website vendor / Pen-test provider	Rotate secrets and ensure environment variables are properly stored/encrypted prior to website go-live; complete retesting of prior pen-test findings.	~2 weeks estimate	Go-live dependent on retest (~1.5 weeks) and readiness tasks. (~00:12:38-00:15:20)
Andrew van der Stock	Scope and initiate an IT security review (noting ~3 years since last review).	Not stated	Cost expectation “not more than 20K”. (~00:13:54-00:14:46)
Andrew van der Stock	Complete renewal of remaining insurance package and notify board once coverage is fully in place; ensure process does not “fall through the cracks” again.	Late week / early next	Insurance renewal status update and commitment. (~00:16:36-00:22:04)
Starr Brown	Continue building financial operations runbook in Confluence (including capturing procedures with screenshots); ensure key processes are documented.	Ongoing	Runbook being written “as I find things to do”. (~00:17:18-00:17:45)
Andrew van der Stock / Starr Brown	Document election procedure early and run a clean election this year (using Simply Voting logins/dates already available).	Before election timeline	Called out as a major undocumented hurdle. (~00:18:02-00:18:26)
Starr Brown / relevant leads	Determine and document the WASPE awards process (another key undocumented workflow).	Not stated	Explicitly flagged as outstanding. (~00:18:26-00:18:37)
Lauren (with Aram/Maxim; Martin)	Close out old ING account with Martin and complete EU tax/administrative tasks; fund the new EU bank account (starting with VAT-related transfer as needed).	In progress	EU account established; VAT obligations; certificate-of-residency challenge noted. (~00:18:41-00:21:45)
Finance team (Chris Barbeau / Leea)	Revise monthly board financial reporting to include clearer context (YTD vs full-year budget; year-over-year trend view) to reduce “anomaly” rabbit holes.	Next month’s report	Agreed in meeting. (~00:37:41-00:38:18)
Stacey Ebbs / participating chapters	Collect and share chapter anniversary celebration updates/photos for social media campaign (and process reimbursements per guidance already sent).	As celebrations occur	12 chapter requests; process communicated. (~00:23:53-00:24:25)

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

None

ADJOURNMENT

Adjournment motion

The next general Board meeting is on May 26, 2026, at 12 pm US Eastern Time.

May 2026

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Steve Springett Second: Ricardo Griffith

Watch Star