[Owasp-board] GMC's proposal to the board - New Membership Revocation Page
helen.gao at owasp.org
Wed Apr 4 12:11:36 UTC 2012
Dear board directors,
In light of a couple of unfortunate incidents, the Membership committee
believe that we could protect the image of OWASP and its members by
introducing formality and transparency to the membership revocation
process. I have shared our proposal with you and hope that you will discuss
it on the board meeting tomorrow.
New Membership Revocation Page
What is the issue?
A couple of recent events have signaled the need for a public and
transparent membership revocation process.
What GMC proposed?
We have created a new Membership Revocation
page.<https://www.owasp.org/index.php/Membership_Revocation>A link to
the page has been put on the Code
of Ethics portion of the About OWASP
Content of the revocation page is below. I have also included Christian
Heinrich’s request to Review OWASP Appeal Proceedings on April 2, 2012.
Due to the sensitivity of the issue, we don’t plan to send the proposal to
other committees and OWASP leaders for review. We plan to lock this page
together with several other important membership pages in the near feature.
In situations where an individual has had their OWASP Membership revoked:
- A revoked member will no longer have the privilege to use a
@OWASP.ORGemail address for a period not less than 24 months.
- A revoked member will no longer be allowed to qualify for its
membership benefits such as discounts, OWASP on the move programs, grants
issued by OWASP Foundation or vote for a period not less than 24 months.
- A revoked member will no longer be allowed to operate as a chapter
- A revoked member will no longer be allowed to be an OWASP Project
- A revoked member will no longer be allowed to access OWASP AppSec
global conferences or regional events at no-charge
- A revoked member IS permitted to attend OWASP meetings as they are
open and free by design.
- A revoked member IS permitted to utilize OWASP materials as they are
under open source licenses and do not require membership in the
organization to do so
- A revoked member will not be allowed to reapply for membership for a
period not less than 24 months. The revoked member has the option to then
reapply for membership with reinstatement pending approval by the board.
- A revoked member is disqualified from participating in OWASP CFPs and
from speaking at a Global or regional AppSec conference as well as chapter
meetings for a period not less than 24 months.
- A revoked member, upon inquiry to the OWASP Foundation concerning
membership, will show as no longer a member.
Code of Ethics <https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics>
Christian Heinrich’s request to to Review OWASP Appeal Proceedings on April
I wish to request that the Global Membership Committee review the
proceedings conducted by the OWASP Board in relation to the matter of
termination of my OWASP membership.
As a term of reference, I have attached the due process in handling
complaints of the Australian Information Security Association as
documented within their bylaws as an incorporated association in NSW
Australia. I would welcome the OWASP Board to provide their
documentation of their corresponding process as part of the execution
of their duties as a 501(c)(3) not-for-profit charitable organization
in the United States?
The following are considered in scope of this request:
1. The correspondance prior to the appeal call but no later than the
conclusion of the
unless referenced during the appeal proceeding
2. The conference call.
3. The correspondance after the conference call on the OWASP Leaders List.
In the likely event that the GMC rescinds the OWASP Board action then
another request will be made to have the record of the
Can the GMC please acknowledge this request?
Christian has attached the due process in handling complaints of the
Australian Information Security Association. See below.
Version 1.0, December 2004
COMPLAINTS AGAINST MEMBERS
This document describes the procedure to be for receiving complaints and
read in conjunction with the ISIG Rules. By publishing these procedures,
ISIG does not
expect, invite, solicit, or encourage such complaints. The use of these
procedures is for
the sole purpose of protecting the reputation of the profession. They are
not intended to
be used to coerce or punish members.
ISIG will undertake to keep the identity of the complainant and respondent
complaint confidential from the general public. While disclosure of the
identity of the
complainant will be avoided where possible, upon filing a complaint, the
implies consent to disclose his identity to the respondent, where the
Committee deem it necessary for due process.
Actions of the Executive Committee may be published at its discretion. If
is expelled from ISIG, this may include publication of the respondent’s
name and the
reason(s) for expulsion.
Parties are encouraged to maintain confidentiality and members are reminded
obligation to protect the profession.
Specificity of Complaints
The Executive Committee will only consider complaints as determined by the
in respect to a member who is alleged to have:
(a) persistently refused or neglected to comply with a provision or
the ISIG rules,
(b) persistently and wilfully acted in a manner prejudicial to the
interests of ISIG,
(c) failed to comply with the provisions of the code of ethics.
Standing of Complainant
Complaints from non-members will be accepted only from those who claim to
by the alleged behavior.
Form of Complaints
All complaints must be in writing. The Executive Committee is not an
and does not have investigative resources. Only information submitted in
writing will be
Complaints and supporting evidence must be in the form of statutory
other documents with legal standing before the courts of Australia. The
committee will not consider other allegations.Version 1.0, December 2004
Complaints should be sufficiently complete to enable the executive
committee to reach
an appropriate resolution. At a minimum, the statutory declaration should
respondent, the behavior complained of, the section of the rules or code of
breached, the standing of the complainant, and any corroborating evidence.
The committee may, at its discretion, seek clarification of details or
form the complainant related to the complaint.
N.B. The executive committee is not an investigative body and has no
compel testimony. We can consider only evidence submitted to us
may be many cases where this evidence is not sufficient to support any
action. We can
proceed only where a prima facie case is made.
Where no such case is made, the board will close the complaint without
Complaint Handling Procedures
Where a prima facie case has been, the executive committee will review and
with the handling of a complaint as specified within the ISIG Rules.
Rights of Respondents
Respondents to complaints are entitled to timely notification of
complaints. It is the intent
of the executive committee to notify the respondent within fourteen days
from receipt of
the complaint. The respondent is entitled to see all complaints, evidence,
The respondent will have fourteen days from accepting and acknowledging
submit information in defense, explanation, rebuttal, extenuation, or
mitigation. As with
the complaint, in order to be considered this information must be in the
form of a
statutory declaration. As in the law, silence implies consent. That is, to
the extent that
the respondent is silent, the committee may assume that he or she does not
allegations. The committee may grant necessary extensions of time to the
Disagreement on the Facts
Where there is disagreement between the parties over the facts alleged, the
committee, at its sole discretion, may invite additional corroboration,
rebuttals and sur-rebuttals in an attempt to resolve such dispute. The
committee is not
under any obligation to make a finding where the facts remain in dispute
parties. Where the committee is not able to reach a conclusion on the
facts, the benefit
of all doubt goes to the respondent. That is to say, where the respondent
facts alleged, then the burden of proof is on the complainant.
Note that any outcome of mediation or arbitration, or judgement of an
with reference to the complaint will be regarded as definitive.Version 1.0,
Findings and Resolution
In reaching a resolution, the executive committee will prefer the most
conservative action consistent with its findings and in accordance with the
Notification of Resolution and Right of Appeal
The secretary will notify the respondent of its resolution seven days prior
to any action
as specified under section 13(4) of the ISIG Rules. Respondents may execute
to appeal within 7 days after notice is served in accordance of section 14
of the ISIG
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board