Chapter Handbook/Chapter 3: How to Start a Chapter
(Work in progress)
Starting or Restarting a chapter
An OWASP local chapter organizes OWASP activity in a given geographical area. A person or a group (the "founding group") can request to start a new chapter in a geographical area not currently served by an OWASP group. The global chapter committee should actively seen founders to start groups in geographical ares not covered by an OWASP chapter.
A request to start or restart a chapter should be submitted by the founding group to the OWASP board and should include:
- List of the people that are founding the chapter
- The founding group members should join as OWASP members
- The request should in include their resumes.
- The geographical area to be covered by the new chapter
- The geographical area should not overlap with an existing chapter.
- OWASP chapters promote face to face meetings and the geographical area covered should be no more than a reasonable travel for an afternoon meeting .
- Recommendation by 5 current OWASP leaders
- This requirement can be waived by the board, especially if the chapter is started in a remote area in which OWASP currently has no activity.
- Recommendation by 5 people who practice information security in the covered geography
- Required to complement the founding group if it is smaller than 5. If there is one founder, 4 recommendations are needed, if there are two founders, 3 recommendations are needed as so on.
- Relevant bio details of the recommending people should be added.
The OWASP board will decide whether to grant the person of group the opportunity to start the new chapter for a trial period, but not before submitting the request for a review by OWASP leaders. The review will enable OWASP
The founding members of the local chapter should achieve the minimum activity listed below. The global chapter committee would review the chapters activity after 3 months and after
Terminating a Chapter
Terminating a chapter should be rare. An OWASP chapter is terminated by a board decision if:
- The chapter did not meet the minimum activity requirements
- The chapter leadership has not followed the chapter guidelines as outlines in this manual. Critical guidelines are:
- Operation with the OWASP charter
- Lack of conflict of interest in running the chapter
The board will inform the chapter leadership about the decision and will allow it to correct the issues leading to the termination within 3 months.
The global chapter committee should periodically review chapters activity and if the do not meet the minimum activity requirement may recommend to the board to terminate them. If terminated, the OWASP Global chapters committee would actively seek a replacing founding team to restart the chapter.
OWASP does not enforce a chapter structure. We believe that this hard volunteering work should be split between whoever is willing to take the load. A chapter only needs to have a chairman responsible to the OWASP board.
- Chairman: the only requirement is for chapter needs to have a chairman who is responsible to answer to the OWASP board. In case of dispute over the chairman title, we suggest rotation over the 24 months term, if there are multiple candidates and no rotation agreement, elections should be held for a 24 months term (see elections below).
- Board: Chapters are free to decide on the number of role holders, their titles, how they are selected and for how long. We recommend that a chapter would have also a board with at least 3 members, each one having a specific role. Common roles
- Organization: Secretary, PR/Marketing, Web, Membership, Finance & Meetings/Conferences
- Content: Education, Industry, Projects
- In case there are multiple candidates for a specific role, and no restructuring, rotation or teaming works, elections for the role should be held for a 24 months term.
The membership of a chapter includes all individual members who associated their membership with the chapter and a single representative for a corporate OWASP members associated with the chapter. Note that the lack of symmetry between level of payment and representation is intentional as OWASP is sponsored, but not run, by companies.
Elections & Polls
- When to hold elections of polls?
- It is always advisable to avoid elections. Running a chapter is a voluntary hard job and sharing the load is always advisable. Since the chapter role structure is flexible, a proper chapter structure may help to avoid elections. However, if there is a lack of agreement between chapter members on structure, roles or any other issues an election for a role or a poll on any other subject may be required:
- A poll on a subject will be held if 10% of the chapter members request it.
- Elections for a role will be held if there are multiple candidates for a role at the end of the term for the role.
- How to hold elections?
- OWASP does not enforce any procedure for elections and polls. An agreement on procedure between candidates or suggestion makers is sufficient. If such an agreement is not reached, the following procedure would be followed:
- The subject and options for vote along side the names of the people requiring the vote would be submitted to the OWASP foundation.
- The OWASP foundation will request confirmation by e-mail from the people requiring the vote.
- Once confirmed, The OWASP foundation will send the ballot to the chapter members setting a deadline.
- One results are in, the OWASP foundation will notify chapter members of the results.
- The procedure for election heavily involves the OWASP foundation as we feel that if the chapter cannot get to an agreement even as to how to hold elections, central intervention is required.
Conflict of interest
- Proper disclosure guidelines
Minimum activity requirements
 An open issue is country chapters. As a result of the OWASP chapters geographical area definition, they are usually limited to a city. While country chapters exist, there is currently no formal concept of a country chapter and no guidelines for the relationship between the country chapter and local city chapters. This may be of interest as some activities are national in essence such as translation of OWASP material, participation in regulatory bodies and large scale conferences.