Governance/ProjectSponsorship

= Purpose = OWASP needs to define our approach to handling corporate sponsorship and branding of OWASP projects. To do so we are engaging the community to discuss and flush out different options. We'll then include a vote on the 2013 annual election ballot on this issue. The new policy will take effect for all new branding and sponsorships starting January 1, 2014. Existing branding decisions will not be required to retroactively modify.

= The Options = ''Please feel free to add additional bullets to any of the cells. Please do not remove existing items.''

= Additional Comments = Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section.
 * 1) MichaelCoates (talk) 12:59, 8 October 2013 (CDT) - Example comment with signature
 * 2) Clerkendweller (talk) 07:59, 9 October 2013 (UTC) - Re Andrew V's comment to list - also need to discuss "how can projects spend their money"
 * 3) * MichaelCoates (talk) 15:50, 9 October 2013 (CDT) I agree. I also consider this to be a separate issue from the sponsorship and branding (though tightly related). I'd like to tackle this large piece and then move on to the next item of clarifying how projects can feel empowered to easily use their resources
 * 4) Clerkendweller (talk) 08:00, 9 October 2013 (UTC) - For Option 2, will the project leaders have the ability to opt out from having their own work branded by someone else - for a period, and/or forever?
 * 5) *MichaelCoates (talk) 15:50, 9 October 2013 (CDT) That hasn't been flushed out in these options. But my initial thought is a project could choose to reject sponsorship under option 2.
 * 6) Clerkendweller (talk) 08:00, 9 October 2013 (UTC) - The issue of branding/logos on project outputs hasn't been addressed, but might be expected as well by sponsors, or might be desired by some project contributors. For example a logo on a tool UI or in a tool's help pages, or a logo on a document front cover or on an inside page.
 * 7) *MichaelCoates (talk) 15:49, 9 October 2013 (CDT) Good point. I do think this should be clarified in the options above. For option 1 it is determined by the project leader. For option 2 it would be defined as a consistent approach across all projects and there would be a sponsor acknowledgement area within the output. For option 3 it would be a non-issue since all sponsorship is done for the OWASP organization. I'll add a new row with this info above. Note: I updated the section "How are logos handled" to better include this item.
 * 8) *Abraham_Aranguren (talk) 23:20, 9 October 2013 (UTC) I think Option 2 is the only one that makes sense: Option 1 is too demanding for a project leader and would ensure chaos, flame wars and inconsistency across OWASP. Option 3 shuts the door to potentially useful revenue sources, we have seen with examples like Rapid7 and Metasploit or SpiderLabs and ModSecurity that open source and commercial businesses can cooperate and feed each other successfully. We might be able to figure out a way to appropriately recognise non-sponsored contributors for "doing it without being paid" to counter the disadvantages of Option 2.

= 2013 Election Referendum Results =


 * Option 1: 130 Votes (15.0%) - See details above
 * Option 2: 429 Votes (49.7%) - See details above
 * Option 3: 192 Votes (22.2%) - See details above
 * Option 4: 107 Votes (12.4%) - "I don't have an opinion on the topic"
 * Option 5: 6 Votes (0.7%) - Write in:
 * A Mix Of 1 And 2 Where We Have A Process But We Can Chose To Modify It With Enforced Limitations
 * Abstain
 * Any Of The Above But All Monies And Activities Are To Be Published/disclosed (eg If A Company Takes The Leader/team/board To An Event/meal, It's Publicly Available So That We Know Who's Putting Their Money Where Their Mouth Is & Who's "buying" Our Brand
 * Hybrid Of 2 & 3 ... When A Specific Project Is Sponsored Directly, Some Percentage Of The Sponsorship Goes To Owasp To Support Projects Across The Ecosystem, And The Remainder Goes Directly To The Project.
 * Merge 2 And 3; Sponsorship Include Project And Foundation Funding. Project Acknowledgement Is Individual Contributors Only. Sponsor Page Lists Projects Supported.
 * Will Feel More Comfortable Voting Once I Have A Chance To Start Coming To Some Of The Meetings And Meet The People

Summary

Answered Questions 864 (100.0%)

= OWASP Output from this process= Project_Sponsorship_Operational_Guidelines