[Owasp-board] Potential Next Generation OWASP Project Guidelines

Jim Manico jim.manico at owasp.org
Mon Apr 15 14:27:57 UTC 2013

Please take a look at:


This is a work in progress (thank you Samantha for your work on this!)

The key section I'd like to focus your attention on is this:

Project Sponsors and Acknowledgement

As an OWASP Project Leader, it is important that your project, in its entirety, is run independently of commercial influence. Additionally it is important that every project related communication or activity presents the public perception that the project is run independently of commercial influence. There should be no misinterpretation by any user on either the mailing lists, OWASP Wiki, or any other external website that the project is run solely by the project leader, and not by any other organizations.

We do actively encourage our project leaders to find sponsorship, partnership, and collaborative opportunities with other members or organizations within the information security community. As a community run organization, we feel these relationships are paramount to the success of our projects. While we do value the contributions of our project sponsors, we do have branding and sponsorship acknowledgement rules that must be adhered to by all OWASP Project Leaders. We feel these rules are necessary to maintain the integrity of our vendor neutrality stance. Here are the rules below:

* OWASP Projects can be sponsored in a number of ways: Giving staff time to work on project deliverables, financial donations, working space in your offices, and/or project donation.
* OWASP Project sponsors may have their company name listed in the "Project Sponsors" section of the OWASP Project Wiki Page with a link to the sponsor's page on our wiki.
* OWASP Project sponsors may have their logo, a short company bio, and their project contributions listed on the sponsor's page. (This is the suggested "global sponsorship page" and is not attached to a project ed: Jim)
* OWASP Project sponsors may NOT place their logo on any OWASP Project Wiki Page.
* OWASP Project sponsors may NOT place their logo on any OWASP Project deliverable. A company name may be placed under a sponsor's section, but NEVER the company logo.
* All contributors must be listed in a neutral way where contributor name, company, and roles are displayed textually in a table if they are to be placed on the OWASP Project wiki page.

Six month audits will be conducted based on these rules to make sure all projects are in compliance. It is the responsibility of the individual Project Leader to make sure these rules are followed for their project.

For your consideration,

More information about the Owasp-board mailing list