Jump to: navigation, search


Current OWASP Global Board 2015

  • Tobias Gondrom - OWASP Chair - Hong Kong - tobias.gondrom(at)
  • Josh Sokol - Vice Chair - Texas, USA - josh.sokol(at)
  • Fabio Cerullo - Treasurer - Ireland - fcerullo(at)
  • Matt Konda - Secretary - matt.konda(at)
  • Michael Coates - Special Projects - San Francisco, CA USA - michael.coates(at)
  • Andrew van der Stock - Special Projects - Australia - vanderaj(at)
  • Jim Manico - Special Projects - Hawaii - jim(at)

OWASP Board Elections

2015 Election

2015 Board Election

2014 Election

2014 Board Election

2013 Election

2013 Board Election

2012 Election

2012 Board Election

2011 Election

2011 Board Election

2009 Election

2009 Board Election

  • Teleconference Information: **CHECK MEETING INFORMATION**

Upcoming 2015 Meetings

Past 2015 Meetings

Conflict of Interest Policy and Signed Conflict Statements
Weekly Board/Staff Communication Documents
OWASP Board Calendar

Best practices

Note: these best practices are merely a collection of procedures deemed good process for a board. They are not binding and have not been voted on or ratified by the board to this date. Online:

Best Practices for Board conduct:

We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".

  • That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
    • A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
  • After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.

  • In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
  • In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

Historical Board Members by Year

Historical Board Votes

Past OWASP Boards





Archive for 2014 Meetings

Archive for 2013 Meetings

  • December 2, 2013 - Special Board Meeting - 2014 Budget walk through, Q & A (no meeting notes)
  • November 11, 2013 - cancelled due to in person meeting on Nov. 22
  • August 12, 2013 - canceled due to in person meeting on Aug 19

Archive for 2012 Meetings

Board Meeting Attendance Tracking

OWASP Foundation ByLaws

Global Committees

Archive for 2011 Meetings

Minutes for 2011 Meetings

Archive for 2010 Meetings

Archive of 2010 Meetings

Archive of 2009 Meetings

Archive for 2008 Meetings

Archive of 2008 Meetings

First suggested priority of Board from Paul

  • What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
  • Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

Projects Ideas

  • Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
  • New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
  • Project Summit support & funding
  • International Chapter / Region support & funding for projects
  • Hire full or part time technical writer to help with project (from Simon, flagship project lead)
  • a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
  • help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
  • make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
  • project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
  • get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
  • conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
  • "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
  • continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)


  • Training is OK now....but what do we want to do here? Business as usual?
  • Update current project level training docs, or
  • Begin some form of Curriculum for Academic use?


  • Liaison with other Orgs
    • ID those Developer groups and go to their conferences & meetings
    • ...just a few, but caution is to approach 1-2 at a time and get an outcome
  • Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
  • Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
  • Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

Community Portals

  • Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
  • Focused WG to take action on Wiki Cleanup & ease of use.
  • Consider funding larger wiki cleanup and migration effort (Jim)


  • General PR & Marketing the OWASP Story - Promote ourselves more!
  • Crank up a Recruiting program - Both Corporate & Individual.