May 2026 Videoconference

Meeting Details

• Date: 26 May 2026
• Time: 12PM US Eastern Daylight Time, UTC 1600 convert
• Location: Remote
• Recording

Agenda

CALL TO ORDER

The call to order was made by Chair Steve Springett at 12:03 PM US Eastern Daylight Time. All directors were present, and a quorum was established.

Board Members

• Ricardo Griffith
• Steve Springett
• Harold Blankenship
• Sam Stepanyan
• Ashwini Siddhi
• Kelly Santalucia
• Marisa Fagan (arrived during roll call)

Guests

• Andrew van der Stock
• Missie Lindsey
• Starr Brown
• Christian Capellan
• Stacey Ebbs
• Chris Barbeau
• Leea Hudson-Wilson

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

There were no conflicts of interest disclosed by Board members.

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

Ricardo Griffith asked for a change of agenda to discuss the timing of delivery of pre-reading materials. The Board agreed to discuss this topic with a unanimous vote.

APPROVAL OF MINUTES

The minutes from the April 2026 Board meeting were approved with a unanimous vote.

• Previous Meeting Minutes - April 2026

PRE-READING MATERIAL

• OWASP Foundation Board Summary
• Finance Board Summary
• Finance Board Cash Flow Forecast
• Finance Board Uncategorized Income/Expenses
• (Updated) Finance Summary Slides

NEW BUSINESS

Motion to update Distinguished Lifetime Member Benefits

Background Discussion on the benefits for Distinguished Lifetime Members. The policy has been through the community review process, and feedback has been incorporated in pull request 160, which also removes Wufoo in favor of our GDPR compliant form provider.

Motion “Resolved, the Board of Directors approves the update to the Distinguished Lifetime Member Benefits as outlined in pull request 160.”

• Pull Request 160 - Update Distinguished Lifetime Member Benefits

• Sponsor: Sam Stepanyan

• Second: Ricardo Griffith

• Ricardo Griffith YES
• Steve Springett YES
• Harold Blankenship YES
• Sam Stepanyan YES
• Ashwini Siddhi YES
• Kelly Santalucia YES
• Marisa Fagan YES

Motion passes with a unanimous vote 7 YES-0 NO.

Discuss Code of Conduct Updates for OWASP Participants and Members

Background Discussion on the reviewing and updating the code of conduct for OWASP participants and members. If so, what should it include? How should it be promoted and complied with?

• OWASP Code of Conduct

After discussions, the Board decided that the policy needs to be redrafted by Sam Stepanyan to divide them into a Code of Conduct and a Code of Ethics. This will be presented during a closed session in the June Vienna Board meeting, and if approved, will be put through the Community Review Process for a vote at a future Board meeting.

Discuss proposed Corporate and Social Responsibility policies

Background Charity Navigator, Candid (nee Guidestar), and many vendors are now requiring us to have policies on modern slavery and human trafficking, more robust anti-corruption, and other social contract policies. Andrew van der Stock to detail the need for the three social contract policies below. If the Board agrees to these policies, they would be put through the Community Review Process for a vote at a future Board meeting.

• New Modern Slavery and Human Trafficking Policy
• New Corporate and Social Responsibility Policy
• Updated Anti-Trust, Anti-Corruption and Competition Policy

After discussion, the Board agreed to put these policies through the Community Review Process, with Sam and Marisa to shepherd them through the process. Andrew van der Stock to obtain legal advice on their implementation and any necessary updates.

Discussion on OWASP Staff Liaison at Committee Meetings and Conferences

Background Discussion on staff liaisons at committee meetings, and staffing at conferences. Should staff attend conferences? If so, which ones? What is the budget for staff attendance at conferences?

The discussion evolved to be around OWASP appearing at more developer conferences, rather than committee meetings. Stacey Ebbs discussed how the co-marketing form works, and will publish a slide on upcoming developer conferences that OWASP plans to attend. The focus should be on getting speaking slots and more active participation rather than passive sponsoring or having a table.

Discuss safety team for events

Background Starr Brown to provide an update on the status of the safety team training and implementation for OWASP events. What is the status of the safety team training? How is it being implemented at events?

Starr discussed the upcoming safety team training, and the implementation of the safety team at events. The safety team will be trained on how to handle various situations that may arise at events, and will be available to assist attendees who may feel unsafe or uncomfortable. The safety team will also be responsible for reporting any incidents that occur at events to the appropriate authorities. They will have yellow lanyards. A recording of the training will be made available for leaders and Board members who are not able to attend the training.

Operational Update on Chapter and Project Tickets

Background Harold Blankenship, Starr Brown, and Andrew van der Stock will provide an update on the status of chapter and project tickets. Has chapter leader tickets been updated to include that chapter leaders should be members? The policy should be updated to reflect that chapter leaders should be members, and the ticket should be updated to reflect that as well.

After discussions, the Board asked that the chapter and project ticket statistics be included in the pre-reading materials for future Board meetings, and that the ticket statistics be updated on the day of the Board meeting to ensure that they are as up to date as possible. There was a further ask to see if Nest could be updated to include live statistics from our systems. Andrew van der Stock to talk with Nest project leadership about this, and report back.

Operational Update on Industry Advisory Council

Background Starr Brown and Missie Lindsey to provide an update on the status of the Industry Advisory Council and what’s required to launch it and when it will be launched.

After discussions, the staff will bring options to the closed Board meeting in Vienna in June, and obtain further feedback from the Board on the structure and launch of the Industry Advisory Council.

Operational Update on New Website

Background Update on status of the website update and penetration testing, including

• Status of OWASP Foundation provided content before go live including ensuring all current projects and chapters are listed on the new website.
• Status of penetration testing and remediation of any findings before go live.
• Status of training for chapter and project leaders on the new website, and if we are going to have a leader town hall / training session on the new website for chapter and project leaders to learn how to use the new website.
• Update on the status of chapter management, and if GlueUp moves to the main website rather than keep on paying for chapter management on Glue Up.
• Status of Meetup migration as a result of this effort.

The update was contained in the pre-reading materials. There was some concern as to when the new website would be going live, and if there would be any issues with the new website. The Board asked for a commitment to have the new website go live by the end of June. This will be a tight deadline considering that the penetration test will take 2-3 weeks, and remediation and content updates will need to be completed within that timeframe, but it should be possible.

Operational Update on EU Entities

Background Update on the status of the old and new entities in the EU, and the status of the funds held in ING.

The EU entity status is in a slide in the pre-reading materials. The main focus in the coming month is funding the bank account, working on an intra-entity agreement, and working on the transfer of funds from the US and ING to the new bank account. The Board will be meeting with the new EU entity’s directors in person in Vienna in June, and will be discussing the EU entity in more detail at that time.

(Additional item) Update on timing of delivery of pre-reading materials

Ricardo Griffith asked for a change of agenda to discuss the timing of delivery of pre-reading materials. The Board agreed to discuss this topic with a unanimous vote.

The Board asked for a reason for why the pre-reading materials were not delivered in a timely manner, and if there was anything that they could assist with. Andrew van der Stock explained that there were some delays in getting some of the financials from the finance team, and that there were some delays in getting the pre-reading materials together. The Board asked for a commitment to deliver the pre-reading materials by COB the Thursday prior to the meeting, and Andrew van der Stock committed to this.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

Adjournment motion

The next private Board meeting is on June 23-24, 2026, at 9 am Central European Time, in person at OWASP Global AppSec Vienna 2026. Details will be sent to Board members separately.

• June Private Board Meeting 2026

The next general Board meeting is on June 24, 2026, at 5:30 - 7:00 pm Central European Time, in person at OWASP Global AppSec Vienna 2026.

• June Public Board Meeting 2026

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Chair Second: TBA