Projects/Project Leader Cheat Sheet

Jump to: navigation, search

OWASP Projects


What is an OWASP Project?

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 141 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the OWASP Project Mailing Lists page. For more information on OWASP Projects, please Download the OWASP Projects Handbook 2013.

Why should I start a project with OWASP?

As all project leaders are volunteers, OWASP recognizes the need for incentives for both the project leader and the project itself. There are standard resources made available to project leaders based on their project’s current maturity level. Aside from leveraging the OWASP brand, we can offer a number of benefits to an OWASP project leader for starting a project. These include: Financial Donation Management, Technical Writing Support, Graphic Design Support, Professional Project Review Support, WASPY Awards Nominations, OWASP Projects Track Participation, Opportunity to get $500 for Project Development, and Community Engagement and Support. These benefits increase as the project moves through each project stage within the OWASP Global Projects Infrastructure.

What will be my responsibilities as a Project Leader (PL)?

OWASP Project Leaders (PLs) are directly responsible for promoting, protecting, and managing their projects brand as well as the overall OWASP brand. Project Leader's are also directly responsible for managing all aspects of their OWASP Project. Please visit the OWASP Project Leader's Responsibilities page for a quick overview of Leader responsibilities both to his/her project, and to the OWASP Foundation as a whole.

How do I start an OWASP Project?

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community. The best OWASP projects are strategic as they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support. You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project. To apply for an OWASP Project, please fill in the Project Application Form. The OWASP PM will reach out to you within seven days of making your application. Please be prepare to answer questions from the overall OWASP community before your project is accepted.

What are acceptable license choices for an OWASP Project?

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See for more information and note that they label these two license as "not a Free Culture License"
Tool Project
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)

OWASP Global Projects Infrastructure

How do I navigate through the OWASP Global Projects Infrastructure (OGPI)

This is where we would put the info-graphic. To be developed by our designer.

What are the different project stages?

The OWASP Project Lifecycle is broken down into the following stages:

Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

Labs Projects: OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

How do I move from one stage to another?

In order for a project to move from one stage to another, the project must go through a Project Graduation Process. The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions. Similarly, an OWASP Labs project must follow the same process to graduate into the Flagship stage. For more information on, please Download the OWASP Projects Handbook 2013.

What incentives does my project get at each stage?


  • Financial Donation Management Assistance
  • Project Review Support
  • WASPY Awards Nominations
  • OWASP OSS and OPT Participation
  • Opportunity to submit proposal: $500 for Development.
  • Community Engagement and Support
  • Recognition and visibility of being associated with the OWASP Brand.


  • All benefits given to Incubator Projects
  • Technical Writing Support
  • Graphic Design Support
  • Project Promotion Support
  • OWASP OSS and OPT: Preference


  • All benefits given to Incubator & Labs Projects
  • Grant finding and proposal writing help
  • Yearly marketing plan development assistance
  • OWASP OSS and OPT participation preference

Social Media

We recommend using the links below to contact the OWASP PM via social media. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world.

Twitter-32x32.png Facebook-32x32.png Linkedin-32x32.png Google-32x32.png