Chapter Handbook/Chapter 5: Governance

From OWASP
Jump to: navigation, search

Chapter Leadership

Chapter leaders serve as the main point of contact for the local chapter and are responsible for ensuring that the local chapter fulfills its requirements, including planning at least two meetings per year.

  • An Active Chapter Leader is responsive to all requests within a reasonable amount of time, generally within 5-7 business days. Chapter leaders must have their name and contact information clearly available on the Chapter wiki page.
  • Preferably, a chapter should have as many organizers as possible.  Running a successful chapter requires concerted effort all year long, and these duties should be split between whoever is willing to volunteer to take the load. A single chapter leader has proven to be an anti-pattern for successful chapters and high performing chapters often have three or more co-organizers that meet regularly to plan.  In order to promote checks and balances, there are some benefits given explicitly to chapters with multiple leaders.  The most important of these is that every chapter with at least 2 leaders is given access to a minim starting annual budget of $500.  You can read more about budgets in section four.
  • Chapter Leader (or Coordinator): Every chapter must nominate a Chapter Leader, who is the central point of contact for the chapter and responsible to the OWASP Board.  We suggest (but do not require) that leaders rotate every 24 months to allow for new ideas and to spread the workload. Leadership can be in the form a a few people who work by consensus, a leader with an advisory board, or, if you must, a single leader.   In case of dispute over the leader role, your leadership board may rotate over the 24 month term. If there are multiple candidates and no rotation agreement, elections should be held for a 24 months term (see elections below).
  • Board: Chapters are free to decide on the number of role holders, their titles, how they are selected and for how long. In case there are multiple candidates for a specific role, and no restructuring, rotation or teaming works, elections for the role should be held for a 24 months term.
    • We recommend that a chapter would have also a board with at least 3 members, each one having a specific role. Common roles:
      • Organization: Secretary, PR/Marketing, Web, Membership, Finance & Meetings/Conferences
      • Content: Education, Industry, Projects
  • Any long term change in how governance is handled must be decided either by consensus or votes.  All paid or honorary members affiliated with your chapter must have sufficient notice and opportunity to take part in the discussion and decision making process.  It is incumbent upon the current leaders or actors urging the change to make sure this happens.   Unless otherwise stated, OWASP assumes that the leadership and chapter are governed by consensus.  Any changes in this structure must be posted on the wiki whether it is a simple decision like "We work by consensus" and "We vote every 2 years" or a complex governance document like some of our chapters have.
  • Your chapter page, must clearly identify who is the current leadership for the chapter or on the board of the chapter, including their phone numbers and/or email addresses. Additionally, post information on how people can get involved with the chapter planning, leadership, or decisions. What are your plans for the upcoming year? Are you looking for help with something particular? When are your elections held?

Transferring Leadership.

In the course of time, a leader may want to move on and leave his/her role. While this chapter provides guidelines to the technical process to follow, we found in the past that the actual challenge is find the new leader, especially in chapters that lack a board. We strongly suggest that a chapter leader who wants to stop would try to find a successor among the active members of the chapter. Such a process has the best chance of ensuring the continuous success of the chapter.

Please let us know of your wish to leave the job and let us help you in finding a successor.

When a new leader is to be added to your team or a current leader is leaving you must fill out the change of leadership form to complete the activity.  Chapter leadership is an agreement with the OWASP Foundation to take on responsibilities as well as privileges; records of who is in what role need to be up to date.   

Chapter Elections

It is always advisable to avoid elections. Running a chapter is a hard, volunteer job and sharing the load is always advisable. Since the chapter leader role structure is flexible, choosing the a defined  chapter structure (such as a board of leaders who work by consensus) may help to avoid elections. However, if there is a lack of agreement between chapter members on structure, roles or any other issues an election for a role or a poll on any other subject may be required:

  • A poll on a subject will be held if 10% of the chapter members request it.
  • Elections for a role will be held if there are multiple candidates for a role at the end of the term for the role.
  • Chapters that either choose to hold regular or one off elections as well as those that are driven to elections due to disagreement have the ability to request to use the Foundation’s Simply Voting or Surveymonkey services as their balloting system.


How should elections be held?
OWASP does not enforce any procedure for elections and polls. However all elections must meet the OWASP core value of “Openness.”  To this end, in the absence of a previously agreed upon process that is publicly accessible all elections must be announced on the chapter mailing list and all paid and honorary members must have the opportunity to vote.

When structuring an election in the absence of an established process, an agreement on procedure between candidates or suggestion makers is sufficient. If such an agreement is not reached, the following procedure should be followed:

  • The subject and options for vote alongside the names of the people requiring the vote would be submitted to the OWASP Foundation.
  • The OWASP Foundation will request confirmation by email from the people requiring the vote.
  • Once confirmed, the OWASP Foundation will send the ballot to the chapter members setting a deadline.
  • One results are in, the OWASP Foundation will notify chapter members of the results.


This procedure for election heavily involves the OWASP Foundation as we feel that if the chapter cannot get to an agreement even as to how to hold elections, central intervention is required.

Chapter Bylaws

While there is no requirement for Chapters to have their own bylaws or recommended template, if you do create bylaws, you should incorporate the following information as it applies in your country or region:

    • The Open Web Application Security Project (OWASP) is a not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
    • Reference to the OWASP Foundation Bylaws, the primary governing document for the OWASP, as well as this Handbook. Where there is conflict between chapter bylaws and the Foundation's bylaws or handbook the Foundation’s Bylaws and Handbooks take precedence. Should any Handbook conflict with the Foundation’s Bylaws, the Bylaws take precedence.


Chapter by-laws that currently exist have been posted in one central place on the wiki - https://www.owasp.org/index.php/Local_Chapter_ByLaws

If your chapter has by-laws already or adopts by-laws in the future, please post them to the wiki on the Local Chapter ByLaws page, or submit them through the contact us form.

Legal Entity

While local chapters operate, for the most part, independently from the OWASP Foundation, they are not stand alone legal entities. Local OWASP Chapters are essentially small local “arms” or “branches” of the OWASP Foundation and must abide by any legal and financial duties or responsibilities imposed on the OWASP Foundation. Furthermore, local chapters and chapter leaders are governed by the OWASP Foundation through the Executive Director and the Global OWASP Board.

Disputes

When there is a problem at the local level, at what point does the global organization step in? Chapters are encouraged to handle disputes locally, within their own governance structures. However, what should a chapter leader (or other community member) do if there appears to be a violation of OWASP principles or ethics? Or what if someone feels that the chapter leader him or herself is not following the handbook?


If you feel that a chapter leader is not acting in accordance with the chapter handbook, please follow the following hierarchy in escalating your concern:

  1. Bring your concern to the attention of the chapter leader or chapter board. If possible, make an attempt to handle the issue locally.
  2. If you are unable to resolve at the local level, please contact the Community Manager through the contact us form.
  3. If the Community Manager is not able to handle your concern or you would like to challenge the feedback/decision of the Community Manager, the concern can be raised with the Global OWASP Board.
  4. If you feel an Code of Ethics violation has occurred, you may review the Whistleblower Policy for instructions on how to file a complaint.