Impact Report 2025 Ready for Publication
2 views
Skip to first unread message
Andrew van der Stock
Mar 2, 2026, 5:03:03 PM (5 days ago) Mar 2
to Global-board
Hi Board,
Here's the 2025 Impact Report, including unaudited year end financials. A huge thank you to Stacey Ebbs for bringing this together with our community, leaders, and staff members. Unless I hear otherwise, this will go on our website shortly.
Sam Stepanyan
Mar 2, 2026, 6:53:52 PM (5 days ago) Mar 2
to Andrew van der Stock, Global-board
Hi Andrew,
First of all, congratulations on getting the report completed! It is a significant piece of work and an important milestone for OWASP.
I have a few points of feedback that I think could help strengthen clarity and ensure the impact of OWASP’s work is represented more accurately.
First of all, congratulations on getting the report completed! It is a significant piece of work and an important milestone for OWASP.
I have a few points of feedback that I think could help strengthen clarity and ensure the impact of OWASP’s work is represented more accurately.
1. "Events: 12" - Potential Misinterpretation
I believe the line stating "Number of events: 12" is problematic.
To an external reader, this gives the impression that the entire OWASP Foundation only hosted 12 events in 2025, which is clearly not accurate. We have 250+ chapters globally, and chapters alone run 800+ chapter meetings annually. For example, OWASP London hosted 11 events / chapter meetings last year by itself (including the London Agentic AI Summit).
What OWASP internally defines as "events" is very specific, but this nuance is not obvious to external readers. As we often say, "perception is reality". The current wording unintentionally minimizes the scale of OWASP’s global activity.
Additionally, every one of the 12 “events” listed was actually a conference, not a generic event:
I believe the line stating "Number of events: 12" is problematic.
To an external reader, this gives the impression that the entire OWASP Foundation only hosted 12 events in 2025, which is clearly not accurate. We have 250+ chapters globally, and chapters alone run 800+ chapter meetings annually. For example, OWASP London hosted 11 events / chapter meetings last year by itself (including the London Agentic AI Summit).
What OWASP internally defines as "events" is very specific, but this nuance is not obvious to external readers. As we often say, "perception is reality". The current wording unintentionally minimizes the scale of OWASP’s global activity.
Additionally, every one of the 12 “events” listed was actually a conference, not a generic event:
- Global AppSec EU 2025 (Barcelona)
- Global AppSec USA 2025 (Washington, DC)
- AppSec Days Bangalore
- AppSec Days France
- AppSec Days Singapore
- AppSec Days Uruguay
- AppSec Days Israel
- BASC BeNeLux
- German OWASP Day
- OWASP Italy Day
- LASCON
- SnowFROC
As shown above, these were all conferences.
I propose renaming “Events” to “Conferences” throughout the report wherever this list is referenced. This would be more precise and would avoid confusion with chapter meetings and other community events.
It may also be worth explicitly stating the number of chapter meetings separately (e.g., 800+ chapter meetings globally), to better reflect the scale of community engagement.
2. Website Launch Timeline
In the “Looking Ahead” section, it currently states:
“Please keep in touch with our new website, which will launch in early January 2026,”
As we all know, this is no longer accurate. I suggest removing the word “January” so it reads:
“…which will launch in early 2026.”
This keeps the statement accurate while avoiding setting a specific month.
3. OWASP Nettacker omission - Demo Lab
The list of projects represented in the OWASP Project Demo Lab at Global AppSec does not include OWASP Nettacker, even though:
- Nettacker had a booth in the Demo Lab at every Global AppSec last year
- The booth was located directly next to the GenAI project
- Given its visible presence, the omission appears unintentional.
4. Nettacker OpenAI Grant Recognition
Nettacker was the only OWASP project selected by OpenAI for a Codex Open Source Grant last year, yet this milestone is not mentioned in the report. This is significant external validation from a major AI organization and reflects positively on OWASP’s ecosystem. It seems like an important achievement was not included.
5. Meetups/Meetings Inconsistency
In the report, it states there were 822 "meetups" run by chapters. It also stresses: "the retirement of our association with Meetup"
This directly conflicts with the earlier “12 events” metric unless clearly differentiated. I propose that the structure should be instead of "12 events":
- 2 Global Conferences
- 10 Regional Conferences
- 822 Chapter Meetings
- 2 Summits / Hackathons
If we feel it is OK to call the chapter meetings "meetups" then we should at least change: "the retirement of our association with Meetup" to: "the retirement of our association with Meetup.com".
Clear categorization would prevent confusion.
I hope this is helpful. Thanks again for all the work that went into this report and to everyone involved!
Best regards,
Sam
--
You received this message because you are subscribed to the Google Groups "Global-board" group.
To unsubscribe from this group and stop receiving emails from it, send an email to global-board...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/global-board/CADtrMx7s%2BsisonNGQmfqCw0uoP3zq28CsTH1ojWiNG_jDdDGew%40mail.gmail.com.
--
Sam Stepanyan
OWASP London Chapter Leader
OWASP Global Board Member
sam.st...@owasp.org
https://owasp.org/london
Follow OWASP London Chapter on Twitter/X: @owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch video recordings of our events on YouTube: https://www.youtube.com/OWASPLondon
Consider giving back and supporting the open community by becoming an OWASP member today!
Sam Stepanyan
OWASP London Chapter Leader
OWASP Global Board Member
sam.st...@owasp.org
https://owasp.org/london
Follow OWASP London Chapter on Twitter/X: @owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch video recordings of our events on YouTube: https://www.youtube.com/OWASPLondon
Consider giving back and supporting the open community by becoming an OWASP member today!
Steve Springett
Mar 3, 2026, 11:15:00 AM (4 days ago) Mar 3
to Andrew van der Stock, Global-board
Exceptional work Andrew. Congrats! It looks amazing.
— Steve
Reply all
Reply to author
Forward
0 new messages