How OWASP Works

How OWASP Works

The Open Web Application Security Project (OWASP) is the name for all the activities of the OWASP Foundation. The OWASP Foundation is a 501(c)3 non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. The OWASP community facilitates conferences, local chapters, articles, and message forums. Participation in OWASP is free and open to all, as are all the materials we produce.

Management

OWASP projects are managed using a collaborative, consensus-based process. We do not have a hierarchical structure. Rather, different groups of contributors have different rights and responsibilities in the organization. OWASP is a meritocracy where these rights and responsibilities follow from the skills and contributions of participants. This document outlines our general structure. Individual projects define their own rules to add additional structure to their development processes.

Users

The most important participants are the people who use our documentation, tools, and standards. The majority of our participants start out as users and guide their participation from the user's perspective. Users contribute to the OWASP projects by providing feedback to project members in the form of bug reports and feature suggestions. Users participate in the OWASP community by helping other users on mailing lists and user support forums.

Project Members

A user who contributes to a project in the form of code or documentation becomes a project member. They take extra steps to participate in a project, are active on the project mailing list, participate in discussions, provide comments, enhancements, documentation, suggestions, and criticism. Project members are noted in project credits. Project and Chapter Leaders The OWASP Leaders is the group of individuals who take responsibility for the long-term direction of the projects in their area. There is a single Project Leader for each project which is commissioned directly by the OWASP Foundation Board of Directors. The OWASP Leaders are responsible for making decisions about technical direction, project priorities, schedule, and releases. Collectively, the OWASP Leaders can be thought of as the management of the OWASP Foundation.

Board of Advisors

The OWASP Board of Advisors provides guidance to the OWASP Leaders on market direction, fundraising, strategic direction, and vision. The Board is comprised of distinguished information security experts, security executives from major corporations, and business leaders.

Officers

The Officers of the OWASP Foundation oversee the business and affairs of the corporation. While the officers retain ultimate responsibility for the Foundation, the decision-making authority for the technical direction of projects is completely delegated to the OWASP Leaders.