[Owasp-leaders] Clarification on OWASP Policy re: Paid Training & 3rd Party Sponsorship

Paul Ritchie paul.ritchie at owasp.org
Fri Apr 3 17:14:48 UTC 2015


To OWASP Leader Community:

Recently a number of our Chapters have shown an amazing degree of
innovation and initiative to bring training and other 3rd party sponsors
into their Chapter activities.
But, as a Charitable, nonprofit organization, we have an obligation to
follow our Code of Conduct concerning vendor neutrality and non-endorsement
of commercial products or services.

Our Code of Conduct policies are well documented and were created by you,
our community, to provide clarity as we grow globally.  They apply to many
areas including Trade organizations, Government bodies, Standards groups
and Certifying Bodies.

https://www.owasp.org/index.php/OWASP_Codes_of_Conduct

One area that has been debated recently is the hosting of paid training,
specifically Certification training at the Chapter level.

In summary, this activity is quite valuable to the OWASP Community and
follows our Code of Conduct if the following steps are implemented.

1.  *No endorsement or implied endorsement. * Watch the language used in
promotions and invitations.  Its OK to promote and recognize the value
being offered, but be careful with words like 'partnership' or exclusive
offer, that suggest an endorsement by OWASP.

2.  *Provide transparency in selecting the training or trainer*.  Follow
AppSec Conference policy including public Call For Training.  This helps
minimize the appearance of a preferred or endorsed provider.

3.  *Has the trainer or supplier been informed of the Code of Conduct
pertaining to their industry?*  Did they proactively confirm they
understand our Code of Conduct & policies concerning vendor neutrality?  Is
the entity providing the training a nonprofit like OWASP or a commercial
entity?

4.  *Is there a disclaimer describing our vendor neutral, no endorsement
policy included in your promotions and invitations?*  This step alone will
help position OWASP properly and confirm our policy.  Something as simple
as:
*'OWASP is a worldwide not-for-profit charitable organization focused on
improving the security of software.  We operate under a vendor neutral
policy and we do not endorse products or services.  We gratefully
acknowledge the support of <Sponsor name here> in the pursuit of our
mission.'*

2015 is already shaping up to be an exciting year for OWASP projects and
chapters with increased activities across the globe.  I look forward to
working with all of you as we move OWASP forward.

Best Regards, Paul Ritchie
OWASP Interim Executive Director
paul.ritchie at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150403/2aecafc9/attachment.html>


More information about the OWASP-Leaders mailing list