Project Sponsorship Operational Guidelines
The set of guidelines below aim to inform project sponsors of what they can expect if they donate funds, or other resources, to an OWASP Project. Additionally, they outline what project leaders can offer sponsors in exchange for donating funds to their OWASP Project.
In order to avoid any problems or misunderstandings, we have developed these guidelines to provide clear expectations of how sponsors and projects are expected to interact when funds are given to a project for product development.
- Any company or individual can donate funds, software, development time, et al to a project in exchange for the placement of one sponsorship logo on the OWASP project page and product they have sponsored.
- There is no limit or minimum amount that a company or individual can give to an OWASP Project. However, the minimum amount required to have a company logo on the OWASP Project wiki page and product is $1000 USD in value.
- Sponsors that donate less than $1000 USD in value will have their company name, and website url added to the project wiki page and product. No logo will be placed for donations below this amount.
- A sponsor can choose to donate to the overall OWASP Projects budget. If the sponsor chooses to donate to the overall Projects budget, then one logo of their choosing will be placed on the OWASP Projects wiki page under the 'Sponsors' tab. The minimum amount required to have their company logo on the OWASP Project page is $1000 USD. This is an annual sponsorship.
- The OWASP 24/7 Podcast program also qualifies as a project eligible to receive sponsorship donations. Logo on the sponsorship page, and an audio recognition as a 'Sponsor of the 24/7 Podcasts' is provided for a one year sponsorship donation of $1000 USD. As an example it would sound something like this "You've been listening to OWASP 24/7 podcast. 24/7 is sponsored by the Open Web Application Security Project, with support from Company A, and Company B."
- If a sponsor is donating funds to a specific project, then the logo must be placed in the 'Acknowledgements' tab under the 'Project Sponsors' heading using the new OWASP Projects wiki template.
- Sponsor logos must NEVER be placed anywhere other than within the 'Acknowledgements' tab under the 'Project Sponsors' heading on the project wiki page.
- Logos must be created using the following specifications for placement on the wiki page:
- Resolution: 72dpi
- File Type:.PNG or .JPEG
- Size: No longer than 300 x 300 px
- Sponsor logos on the product: All sponsor logos must be placed on a page/section/location that is separate from the content of the product. They must contain the company logo, their name, and their website url. The aim is to have a separate section on the product that clearly lists sponsor information. Template acknowledgement copy: “OWASP does not endorse vendors, but we would like to acknowledge the following contributions....”
- Logos must be created using the following specifications for placement on the product:
- Resolution: 300dpi
- File Type: .EPS
- Size: No smaller than 5in x 5in
- All sponsorship logos will be placed on the project product and wiki page for one year or until the next major release. All legacy projects will be given one year to comply with these guidelines starting on January 01, 2014.
- Logos must be sent to the OWASP Project Leader for inclusion on the OWASP Project wiki page and product. It is the responsibility of the Project Leader to make sure all of his/her project sponsors are properly represented on the OWASP Project wiki page and product.
- All additional contributors get their name, email address, company name (if desired), and a link to one external website (no logo). No logos should be added for individuals who only contribute time, or for any other sort of contribution.
- Project Sponsorship Rejection: A Project Leader can decide to accept sponsorships or not, but this must be across the board. In essence, a Project Leader must agree to accept all sponsors, or he/she must agree to deny all sponsorship support. However, if a Project Leader wants to reject a specific sponsor (not across the board) then an exception will have to be requested from the Board of Directors.
- If a Project Leader fails to follow these guidelines, the OWASP Projects Manager will notify the Project Leader of the infringement. If the infringement continues, the Project Leader may face the removal of all Project Leader privileges until further notice.