Chapter Handbook/Chapter 2: Mandatory Chapter Rules
This section outlines the “musts” for chapter leaders, or stated differently, these are the bottom line rules required of chapter leaders. The rest of the handbook is composed of best practices and guidance, which are only suggestions for chapter leaders. Chapters that are in compliance with these rules shall be considered Active Chapters.
- 1 Organize free and open meetings
- 2 Hold a minimum of 2 local chapter meetings or events each year
- 3 Give official meeting notice through the wiki, chapter mailing list, and OWASP Calendar
- 4 Abide by OWASP principles and the code of ethics
- 5 Protect the privacy of the chapter’s local contacts
- 6 Maintain vendor neutrality (act independently)
- 7 Spend any chapter funds in accordance with the OWASP goals, code of ethics, and principles
- 8 Chapter Oversight
Organize free and open meetings
Local chapter meetings must be free for everyone to attend, regardless of whether the attendee is a paid member, and open to anyone.
Hold a minimum of 2 local chapter meetings or events each year
While this is the minimum number of chapter meetings which you need to hold, 4 meetings a year is recommended to maintain an active chapter. There are a variety of meeting “formats” or events that may be used to fulfill this requirement including virtual meetings or even small gatherings to discuss application security. Possibilities for meeting formats and events are discussed more below.
Give official meeting notice through the wiki, chapter mailing list, and OWASP Calendar
Chapter meetings must be posted to the OWASP wiki (on the chapter’s page) and a meeting announcement must be sent out to the OWASP mailing list (i.e. owasp-CHAPTERNAME@lists.owasp.org) to notify the OWASP community of each upcoming meeting. Also, the meeting must be listed on the OWASP Global Events Calendar.
Abide by OWASP principles and the code of ethics
Breaches of the Code of Ethics may result in the foundation taking disciplinary action, including revoking membership.
Protect the privacy of the chapter’s local contacts
The privacy of chapter members and meeting attendees should be protected at all times. You should not disclose names, email addresses, or other identifying information about OWASP members or meeting attendees. Only aggregate statistics can be referenced. Sponsors should not have access to member lists; however, they may ask attendees to share contact information voluntarily, for example via submitting business cards voluntarily for a raffle.
Maintain vendor neutrality (act independently)
In order to preserve OWASP’s non-profit status and open, non-commercial principles it is important that no commercially-oriented “sales pitch” talks are given at OWASP events, be it chapter meetings or conferences. Such talks are not only against OWASP principles, they also blur the line between OWASP and commercial entities, thus diluting the OWASP brand name and agnostic status globally.
Anybody that observes chapter leaders that are not following these basic rules are urged to report this to: http://sl.owasp.org/contactus.
Spend any chapter funds in accordance with the OWASP goals, code of ethics, and principles
Chapter funds should be used for your chapter and must be spent in line with the OWASP Foundation goals, principles, and code of ethics. Accordingly, chapter finances should be handled in a transparent manner. For more suggestions on handling chapter funds, see section 4.7 on Handling Money.
OWASP Chapters and Chapter Leaders are overseen on an operational basis by the Foundation Staff and, ultimately, the Global OWASP Board. Overall activities must comply with bylaws, policies and handbooks, and code of ethics. If the Foundation Staff or Global OWASP Board determines that an OWASP Chapter Leader has not complied with these rules, their status as an OWASP Chapter Leader may be revoked. Additionally, OWASP administrative access (including the leader’s owasp.org email address) may be immediately revoked.