[Owasp-leaders] Board Off-site - Outcomes

Michael Coates michael.coates at owasp.org
Tue Aug 20 13:58:12 UTC 2013


The board met for 8 hours yesterday before AppSecEU for a board offsite. I
wanted to provide a recap for those that may be interested.



   30 minutes - Open session - Air any concerns

   OWASP Board - purpose, requirements, expectations

      Orientation Process

      Conflict of Interest Policy

      Attendance Expectations

      Board Size


      Looking at 2012, 2013 & paths for growth


      Europe entity board representation

   Corporate Involvement & Support

      Review feedback & proposals

      Draft skeleton of plan

      Define next steps
      6. [1 hr] [closed portion] - 3 month review of the ED role

*Outcomes *

*Corporate Involvement at OWASP*
First, thanks to those that provided thoughts and feedback on the
governance thread regarding corporate involvement. It was great to have
feedback from OWASP leaders in this complex area.
Corporate Membership - Tiered Structure* - The board voted to move to a
tiered corporate membership model. This enables organizations to support
OWASP at a variety of levels. We are still flushing out the final details
and we'll soon update the membership matrix. However, there will be 4 tiers
($2,000, $5,000, $20,000, $50,000) with varying benefits provided to the
corporate member for each level. For those interested in chapter splits for
corporate supporters it will be the following:
$50,000 Corporate Membership - $8000 to local chapter - 16%
$20,000 Corporate Membership - $4000 to local chapter - 20%
$5,000 Corporate Membership - $2000 to local chapter - 40%
$2,000 Corporate Membership - $800 to local chapter - 40%

*Corporate Member Logos - Moving to Acknowledgement Page* - To provide a
single clear page that acknowledges our corporate member supporters we will
move the corporate logs from the bottom of the OWASP home page to a
dedicated acknowledgement page. The home page will have clear graphics that
encourage viewers to click and view the acknowledgements page.

*Project Branding & Sponsorship - *Project sponsorship by corporate members
is a complex item with many positives and negatives to each approach. The
key is to provide clarity and guidance. Without these it is not easy for
corporations to engage and while many will act with the best interests of
OWASP we spend unnecessary cycles debating if individual decisions are
correct. The board discussed the issue at length and outlined 3 different
potential programs in this area.  We hope to provide a clear plan that will
allow us to engage supporters and all understand our overall process.

Next steps:
- The board has outlined 3 different potential programs for project
branding and sponsor. We will clearly document each option including the
positives, negatives and other considerations for each option.
- We will circulate these programs to leaders for review. At that time we
will ask for any other suggested programs or additions/clarifications to
the positives/negatives/considerations of each program.
- Finally, this particular item will be added to the annual vote for a
decision by the OWASP members. This particular item is complex with many
different potential paths. We as OWASP need to decide which option is right
for us. A clear listing of options along with an informed listing of the
trade-offs for each option will allow the larger OWASP membership to lead
in the decision making on this item.

*Board Changes*
*Board Orientation Documents* - An official board orientation set of
documents will be created that includes a stated conflict of interest
policy (in addition to what we have in the bylaws), 2 required reading
short books on non-profit foundations, requirement to read previous
financial reports and 990, and links to our to-be created governance page.
All board members will sign and acknowledge completion of the orientation
by Jan 1, 2014.

Conflict of interest policies will also be extended to all employees and
those in decision making roles for global conferences. We see this as a
natural step to mature OWASP and better align with non-profit requirements.
This is not in response to any concerns.

*Board Size* - OWASP bylaws specify the board must be between 5 and 7
members. Currently the OWASP board is 6 members. We voted to extend to 7
members. The 2013 election will now seat 4 spots instead of 3. The newly
elected board members will begin their terms Jan 1, 2014. At this time
we'll see the board officially expand to 7 members.

*Quarterly Board Meetings* - The board voted to move board meetings from
the current schedule of monthly 1 hour meeting to quarterly 4-6 hour
meetings. The schedule of meetings will be set by the board in December
before the year. It is likely the the board meetings will take place on
Saturdays or on a dedicated day before a large OWASP conference.  This
change is a result of the success of the longer format board meeting and
also a result of the Executive Director role that has enabled full time
involvement and focus on OWASP operations. This will take effect in
January, 2014.

*OWASP Finances*
*Financial Audit *- Every 3 years OWASP has engaged an outside firm to
audit OWASP finances. We decided to move up our next audit since the
organization has grown substantially over the past few years. The next
audit will occur in 2013 for an audit of the 2012 filed information. All
tax filings and audit information can be found here:
Review of Finances* - Sarah and team are doing great work understanding
OWASP finances and also mapping these into quadrants to reflect income/cost
impacts and also value to mission. More information coming soon, but this
type of understanding of our income and expenditures will allow us to
continue to increase the value return on OWASP funds.

As always, please do respond with any questions, comments or concerns.


Michael Coates | OWASP | @_mwc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130820/854bab79/attachment.html>

More information about the OWASP-Leaders mailing list