July 4th, 2018

Meeting Date: July 4th, 2018

Meeting Location: Virtual (GoToMeeting) and Burns room, 4th Floor, QEII Centre, London, UK Meeting Times: July 4th, 2018 at 3:30 PM Virtual: GoToMeeting Meeting ID: 861-328-838

International Toll Free Calling Information

Additional meeting at AppSec EU 2018

Meeting Date: July 4th, 2018

Meeting Location: Virtual (GoToMeeting) and Chaucer room, 4th Floor, QEII Centre, London, UK Meeting Times: July 4th at 12:00 PM Virtual: GoToMeeting Meeting ID: 861-328-838

International Toll Free Calling Information

Note: Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording
 * Meeting recording
 * Meeting Minutes for this meeting

AGENDA OWASP Executive Director CALL TO ORDER
 * Draft Strategic Plan
 * AppSec Conference Selection Criteria
 * Action on sponsorship guidelines. No sponsorship can be used to solicit additional chapter donations.  As a non profit it is prohibited to solicit or trade out commercial exposure for donations to chapters.
 * New Chapter Opening Guidelines: Chapter's can only be opened by those who reside and will manage the chapters in the said country and region of the chapter.  Opening of a chapter must be predicated by interviews with the required leadership in said location of the chapter with a confirmation by the leaders that they live and work and will manage the chapter in the location.

CHANGES TO THE AGENDA

APPROVAL OF MINUTES prior meeting minutes

REPORTS Executive Director Board report for July 2018

Registration report for AppSec EU 2018 OLD BUSINESS

NEW BUSINESS COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

New Business

 * To vote on the events strategy as discussed during the June Board meeting http://sl.owasp.org/globalappsecstrategy
 * To hear the foundations feedback on a global (AppSec) event in Tel Aviv and vote on hosting an event there in 2019.
 * I could urge the board to listen back to the recordings on what has been communicated to the community.
 * The recodring can be found here: https://drive.google.com/file/d/1yXPSr8XcFnO63vXSTOCRTb16tn5YTFww/view
 * Vote of the compliance committee charter.
 * Coursera
 * UC Davis would like to use OWASP ideas and content to create coursware on Coursera consisting of:
 * Unchanged OWASP reference materials (we would link these directly from OWASP site so they are always current).
 * Video lectures based on OWASP materials and instructor experience.
 * Quizzes and small practice exercises based on the OWASP materials.
 * Exercises with OWASP tools such as JuiceShop (we would not modify the tools, but will create prompts, context, and peer grading rubrics).
 * This course would be marketed to Coursera's audience of 30M+ learners globally.
 * Video, quiz, and exercise content may be derivative work from the OWASP source content.
 * Videos can be accessed without login or any other authentication requirement from UC Davis, Coursera, and OWASP.
 * Access to the videos within context of the course requires learners to set up a Coursera login.
 * Assignments and exercises will be behind the paywall for the courses. Scholarships are available and widely used for the courses.
 * Amend bylaws in relation to board meeting attendance

Discussion

 * 1) The structure of the board:
 * 2) Do we need more diverse views on the board? e.g. adding 1 or 2 indpependent board memebers who have difference experiences in charities/foundations (i.e. specialise in finance/HR/Governance etc..).
 * 3) The concern is we have a rotating list of board memebers who specialise in AppSec, but not necessarily the skills needed to set the strategy for a foundation. For most foundations (can companies their boards are people form diverse backgrounds for that very reason.
 * 4) Adding Resilence in the managment of the foundation:
 * 5) An ED for OWASP must be a full time epmployee. If the chairperson would like to step in the role of (interim) ED they can do so, but only if they take a full time position within OWASP (which also means resigning from their current full eomployment roles).
 * 6) Should we have a clause that says at any time we need a named iterim ED incase anything goes wrong.
 * 7) Establish a process for the interm period (either we find a new ED, or tranistion the interm ED into the permanent role.
 * 8) Setting Scheduled Cycles for the foundation strategy:
 * 9) We need a process to develop, review, and adjust the strategic direction for the foundation on a regularl basis, that is also in-sync with the BoD elections.
 * 10) We still (as of end of June) do not have a strategy for the foundation agreed for the foundation to execute, granted we have a few initiatives we need to address in peice meal but we have not set the over all picture.
 * 11) I have seen a proposal from Karen but this needs to be reviewed and agreed with the BoD ammendments. As a board we have yet to set one, and I would like us to go over this during the meetings.
 * 12) Addressing the effectiveness of OWASP Board meetings
 * 13) How do we bring more votable items and valuable strategic discussions to our meetings.