Chapter Handbook: Ethics (OLD)
In order to preserve OWASP non for profit status and open non-commercial principles it is important that no commercially oriented talks are given in OWASP events, be it chapter meetings or conferences. Such talks are not just against OWASP principles, but also blur the line between OWASP and commercial conference orgenizers, thus diluting the OWASP brand name and status.
However employee of vendors or service providers are among the top experts in application security and are welcomed to share their knowledge at OWASP meetings. Additionally, information about products and services is valuable to OWASP members.
The goal of this section is to provide guidelines that will enable chapter leaders to ensure that anyone cane give a talk in an OWASP chapter meeting, and that non commercially oriented information about products and services can be provided in the meetings, while avoiding commercial presentations.
Talks about products
Generally speaking, presentations at OWASP meetings should not discuss products. The exceptions are:
- An event in which multiple competing vendor speak about their products prod
- A talk by a customer about a product. The nature of the relationship must disclosed.
- A talk about an innovative product. An innovative product would be any product that does not have direct competitors. As this definition is subjective, it is advisable to require submitting the presentation before authorizing the talk.
It is advisable that any talk about a product is submitted to the chapter leader or board before hand for approval. In case of doubt the chapter leader can consult the Global Chapter Committee. In any case the presentation must be published on the OWASP site after the event so it can be inspected by anyone.
Talks by employees
Employee of product vendors and service providers are encouraged to speak at OWASP meetings, however special care should be taken if the subject of their talk is close to the field of operation of the company they represent.
Some important guidelines to follow to ensure non commercial talk in such a case is:
- The presentation opportunity is awarded to an individual and not to the company he represent and is based on his/her own personal qualification. If the person cannot present, the chapter leadership is responsible for finding another speaker and not the company the speaker works for.
- The speaker should submit the presentation slides before hand to enable the chapter leadership to determine that the presentation is of interest to the audience and not commercial in nature.
In any case the presentation must be published on the OWASP site after the event so it can be inspected by anyone.
The global chapter committee will develop a black list of vendors who abuse OWASP meetings to help leaders avoid them in the future.
Information that should not be provided
- Pricing information
In order to organize events an OWASP chapter often need to raise sponsors. These sponsors may provide meeting facilities, refreshments etc. While sponsorship is important, it is important to avoid the commercialization pitfalls that may accompany them. Specifically the following is prohibited:
- Providing the sponsors with a list of people registering or attending the event. This might be even illegal in certain countries due to privacy laws. The sponsor can collect leads in its booth, for example by offering a prize for people filling in details.
- Providing a lecture for money. Such an arrangement is bound to lead to commercial presentations which are against OWASP principles.
So what can sponsors get?
- Many thanks, and hopefully a very good feeling of helping the community.
- A table top style mini booth where they can put up a "roll up" poster or two and hand out your brochures and freebies.This might not be possible in certain meeting facilities.
- Logo on the conference page.