OWASP Codes of Conduct

Project's Purpose
[Page currently being put together, CW 15th June 2011]

OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks"

At the Summit 2011 in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve.

This project develops and maintains OWASP Codes of Conduct, and began with those initially created at the working sessions on Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies and Certification at the 2011 OWASP Summit in Portugal.

The Codes of Conduct
{| width="100%" cellspacing="20" cellpadding="10"
 * - valign="top"
 * width="33%" style="background:#e6f5e9" |

OWASP Green Book
The OWASP Application Security Code of Conduct for Government Bodies

Download the current release

v1.0 draft:


 * English version PDF
 * English version MS Word

Translations

None are currently available.


 * width="33%" style="background:#e6eef6" |

OWASP Blue Book
The OWASP Application Security Code of Conduct for Educational Institutions

Download the current release

v1.0 draft:


 * English version PDF
 * English version MS Word

Translations

None are currently available.


 * width="33%" style="background:#fafcdb" |

OWASP Yellow Book
The OWASP Application Security Code of Conduct for Standards Groups

Download the current release

v1.0 draft:


 * English version PDF
 * English version MS Word

Translations

None are currently available.


 * - valign="top"
 * style="background:#ecdcfd" |

OWASP Purple Book
The OWASP Application Security Code of Conduct for Trade Organizations

Download the current release

v1.0 draft:


 * English version PDF
 * English version MS Word

Translations

None are currently available.


 * style="background:#f1d8d7" |

OWASP Red Book
The OWASP Application Security Code of Conduct for Certifying Bodies

Download the current release

v1.0 draft:


 * English version PDF
 * English version MS Word

Translations

None are currently available.


 * style="background:#ffffff" |

What's missing?
What other types of organization might be able to support OWASP's mission? What are the most important things they should do?

Join in the OWASP Codes of Conduct Mailing List with your suggestions and feedback.


 * }

The Codes of Conduct are all licensed with a Creative Commons Attribution ShareAlike 3.0 license.

Project Details
Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions. All the Codes are discussed on a single shared mailing list. It is free and open.