Difference between revisions of "Global Conferences Committee/Policies"

From OWASP
Jump to: navigation, search
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
'''If you have questions or require an exception to any of these please [http://owasp4.owasp.org/contactus.html contact the OWASP Staff].'''   
 
'''If you have questions or require an exception to any of these please [http://owasp4.owasp.org/contactus.html contact the OWASP Staff].'''   
  
Comprehensive tracking of committee votes was not started until January 2011, policies with an NA entered into the "votes" column were conducted before this policy was implemented.  Although the Global Conference Committee was retired effective April 1, 2013, the policies established by the committee remain in full effect.
 
  
 
{| class="prettytable"
 
{| class="prettytable"
 
! Policy
 
! Policy
! Rationale
 
! Last Updated
 
 
! Applicability
 
! Applicability
! Votes
 
 
|-
 
|-
 
| All content must be vendor neutral  
 
| All content must be vendor neutral  
| OWASP Core Value
 
| N/A
 
 
| All Events - Core Value
 
| All Events - Core Value
| N/A
 
 
|-
 
|-
 
| All content must be made available to the public after the conference  
 
| All content must be made available to the public after the conference  
| OWASP Core Value
 
| N/A
 
 
| All Events - Core Value
 
| All Events - Core Value
| N/A
 
 
|-
 
|-
| All calls for papers, training and registration must be open to the public
+
| All calls for papers, training and registration must be open and promoted to the public
| OWASP Core Value
 
| N/A
 
 
| All Events - Core Value
 
| All Events - Core Value
| N/A
 
 
|-
 
|-
| All events must be conducted in a manor consistent with the [[About OWASP|OWASP Mission, Principles and Code of Ethics]]
+
| Selecting Committee Members  (Training or Papers) must not submit
| OWASP Core Value
+
| All Events
| N/A
+
|-
 +
| Use the conference website/wikipage to submit papers. It must supports blind paper submissions.
 +
| All Events
 +
|-
 +
| All events must be conducted in a manner consistent with the [[About OWASP|OWASP Mission, Principles and Code of Ethics]]
 
| All Events - Core Value
 
| All Events - Core Value
| N/A
 
 
|-
 
|-
 
| [[OWASP Event Definitions]]
 
| [[OWASP Event Definitions]]
| These definitions were established to define the different categories of OWASP events to support OWASP GCC Planning and Policies.
 
| 12/22/2010
 
 
| All Events
 
| All Events
| [https://lists.owasp.org/pipermail/global_conference_committee/2010-December/000663.html Vote Thread]
 
 
|-
 
|-
 
| [[OWASP Event Requirements]]
 
| [[OWASP Event Requirements]]
| These definitions were established to define requirements imposed on individual events by type.
 
| N/A
 
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
| Local host chapters will share in OWASP event profits under the following schedule.  In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event.
+
| Local host chapters will share in OWASP event profits under the following schedule.  In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. [https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit Policy Document]
* Global AppSec Conference - 25% of event profits with a $5,000 USD cap ($10,000 for multi-chapter events)
+
* Global AppSec Conference - 10% of event profits up to Profit Goal set in annual Foundation Budget ($10,000 for multi-chapter events), 40 % of event profits in excess of Profit Goal.  No profit cap.
* Regional/Theme Events - 30% of event profits with a $4,000 USD cap
+
* Local and Regional Events - 90% of event profits. No profit cap.  
* Local Events - 50% of profits with a $3000 USD cap
 
| In addition to the  Membership Committee membership split that provides funds to local chapters, it is also appropriate to allow local chapters to leverage the hard work that goes into planning events as additional revenue streams.  The committee considered weighing the needs of the OWASP Foundation, Local Chapters entrepreneurship, the desire not to create "haves and have not" chapters within OWASP in addition to many other factos when setting this policy.
 
| 2011/01/13
 
 
| All Events
 
| All Events
| [https://docs.google.com/a/owasp.org/document/d/1eVX6lDyAtsUBrDKp6C7pcPTk8ObCv-QgnFAGq_zj510/edit?hl=en Jan 11 mtg]
 
 
|-
 
|-
| All Events must be coordinated with the [[Global Conferences Committee]] and receive their approval
+
| All OWASP Events must be coordinated with OWASP Foundation Staff by submitting an events description via OCMS.  An approval that the event will be posted on the  OWASP Wiki and Event announcement webpage will be sent from the OCMS input.  Any request for funding support must follow normal funding request procedures separate from the OCMS submission.
| These ensures coordination of event schedules, content and budget priorities
 
| N/A
 
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
| Events must have an OWASP Wiki Page  
+
| Events must have an OWASP Wiki Page, or a webpage showing the OWASP logo and be linked to the OWASP wiki Events Pages
| The Wiki remains the authoritative source of OWASP information
 
| N/A
 
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
 
| Only OWASP Board members or their designates may enter into contracts on behalf of the foundation
 
| Only OWASP Board members or their designates may enter into contracts on behalf of the foundation
| Required by the [http://www.owasp.org/images/0/0d/OWASP_ByLaws.pdf OWASP By-Laws]
 
| N/A
 
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
| All finances must be handled by the OWASP Foundation unless exceptions are granted by the [[Global Conferences Committee]]
+
| All finances must be handled by the OWASP Foundation
| This ensures the central management of Foundation resources for activities occurring under the OWASP Brand
 
| N/A
 
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
| Free admission should be made available for OWASP Leaders, Committee and Board members
+
| Complimentary conference admissions are provided to speakers, volunteers, staff, Global Board members and active OWASP Leaders.
| OWASP Board Decision
+
A “Leader” is defined as a chapter or project leader that is clearly identified on the chapter or project wiki page AND has been documented as a leader in the Foundation’s records.
| N/A
+
If a leader registers for a conference complimentary ticket but does not appear for the conference, the chapter will be charged 60% of the retail cost of a conference ticket.
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
 
| OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee.  
 
| OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee.  
| OWASP Membership Perk
 
| N/A
 
 
| All Events
 
| All Events
| N/A
 
 
|-
 
|-
| A complete [[Conference Budget Planning Tool|budget]] must be submitted and approved by the [[Global Conferences Committee]]
+
| A complete [[Conference Budget Planning Tool|budget]] must be submitted if the event requires any funds from the OWASP Foundation and funding requests will be reviewed and approved by OWASP Executive Director. Please submit a requests via our Contact Us link on the OWASP Wiki homepage.
| It is the responsibility of the [[Global Conferences Committee]] to ensure that OWASP Foundation resources are appropriately managed as it relates to OWASP conferences. This requirement ensures GCC visibility into conference expenditures and allows the GCC to assist where appropriate.
 
| N/A
 
 
| Regional/Theme Conferences
 
| Regional/Theme Conferences
| N/A
 
 
|-
 
|-
| A board member must be present at all OWASP AppSec and Regional Conferences to provide a welcoming statement
+
| An OWASP leader should be invited to provide welcome and state of the union.
| OWASP Board Decision
+
| All Events
| N/A
 
| Regional/Theme Conferences
 
| N/A
 
 
|-
 
|-
 
| Global AppSec Conferences must include training
 
| Global AppSec Conferences must include training
| As the flagship events for OWASP Global AppSec Conferences must also have a training component.
 
| N/A
 
 
| Global AppSec Conferences
 
| Global AppSec Conferences
| N/A
 
 
|-
 
|-
 
| Global AppSec Conferences must charge an admission fee
 
| Global AppSec Conferences must charge an admission fee
| Global AppSec Conferences are large expenditures for the OWASP foundation.  In order to ensure that the foundation can recover some or all of these costs, an admission fee must be charged.
 
| N/A
 
 
| Global AppSec Conferences
 
| Global AppSec Conferences
| N/A
 
 
|-
 
|-
 
| Sessions must be recorded and posted to the public after the conference
 
| Sessions must be recorded and posted to the public after the conference
| As the flagship events for OWASP Global AppSec Conferences must also provide video coverage and post it post conference.  See the [Global Conference Resources] for information on additional resources.
 
| N/A
 
 
| Global AppSec Conferences
 
| Global AppSec Conferences
| N/A
 
 
|-
 
|-
 
| There must be at least one networking event at the conference
 
| There must be at least one networking event at the conference
| As the flagship events for OWASP Global AppSec Conferences must have a networking event.
 
| N/A
 
 
| Global AppSec Conferences
 
| Global AppSec Conferences
| N/A
 
 
|-
 
|-
| All Training providers are required to sign a [http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]
+
| All Training providers are required to sign a [https://www.owasp.org/images/6/64/Training_Instructor_Agreement_Template_v2.docx Training Instructor Agreement]
| Clearly outline responsibilities and provide some legal cover for the foundation.
 
| N/A
 
 
| Training
 
| Training
| N/A
 
 
|-
 
|-
 
| Training revenue will be split 60/40 (OWASP/Training Provider)
 
| Training revenue will be split 60/40 (OWASP/Training Provider)
| GCC has set what it considers a fair policy in order to share training profits with training providers
 
| N/A
 
 
| Training
 
| Training
| N/A
 
 
|-
 
|-
| Free training should be made available for OWASP Leaders. This must be included in the [http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]
+
| Each training class allows for two complimentary seats to be made available to OWASP Leaders. This must be included in the [http://www.owasp.org/images/4/4b/SAMPLE_Training_Instructor_Agreement.doc Training Instructor Agreement]. These are available on a first come basis. Only one training seat per session is allowed per chapter to allow for diversity in distribution of seats.
| Board Policy
+
If a leader registers for a complimentary training seat but does not attend the full training session the chapter will be charged 60% of the retail cost of the training session and the leader will not be given a complimentary ticket (conference or training sessions) for any other Global AppSec events in the following year.
| N/A
 
 
| Training
 
| Training
| N/A
 
 
|-
 
|-
 
| Speakers must sign a [[Speaker Agreement]]
 
| Speakers must sign a [[Speaker Agreement]]
| The allows OWASP to use the speaker's materials as well as their likeness as well as set some boundaries for content.  Electronic signatures are permissible.
 
| N/A
 
 
| Speakers
 
| Speakers
| N/A
 
 
|-
 
|-
 
| Speakers will not receive compensation for their speaking engagement
 
| Speakers will not receive compensation for their speaking engagement
| This policy allows OWASP to keep admissions costs low so that OWASP can help spread knowledge of application security issues to the widest audience.  Exceptions to this policy may be granted in certain cases so contact the [[Global Conferences Committee]] if you need an exception.
 
| N/A
 
 
| Speakers
 
| Speakers
| N/A
+
|-
 +
| Event organizers must reach out to the WIA program to assist with the program committee and to help find suitable keynote and invited speakers.
 +
| Global AppSec Conferences & Regional Events
 +
|-
 +
| Event organizers must send an open call for participation for volunteers, papers committee.
 +
| Global AppSec Conferences & Regional Events
 +
|-
 +
| Event organizers should encourage all training and CFP proposals to go through the “Talk bootcamp” process.
 +
| Global AppSec Conferences & Regional Events
 +
|-
 +
| WIA initiative should lead a search for women keynotes, featured, panel speakers.
 +
| Global AppSec Conferences & Regional Events
 +
|-
 +
| Event organizers and WIA initiative should reach out to women speaker lists to encourage training proposals and speakers to submit through the normal CFP process. If there is to be a women in AppSec panels to be organized, the WIA initiative must be involved and feature predominantly women panelists.
 +
| Global AppSec Conferences & Regional Events
 +
|-
 +
| ''These aren’t quotas, but a goal. Global events organizers are free to exceed these metrics.''
 +
*At least 10% of the program committee must be women, and must include the WIA initiative members
 +
*At least 50% of keynotes and featured speakers must be women
 +
*At least 25% of panel participants must be women. If there are no women participants, the panel should be cancelled.
 +
*At least 10% of talks must be women
 +
If these metrics cannot be reached, the organizing committee should reach out to the Conference Manager for assistance, and must apply for an exception if they can’t be reached after all avenues have been exhausted.
 +
| Global AppSec Conferences
 +
|-
 +
|''These aren’t quotas, but an aspiration goal for regional events. Organizers are free to exceed these metrics.''
 +
*At least one of the program / papers committee must be a woman, and should include the WIA initiative members
 +
*At least one of keynotes, featured and invited speakers must be a woman
 +
*At least 25% of panel participants should be women. If a panel has no women participants, it should be cancelled
 +
*At least 10% of talks chosen should be women speakers
 +
| Regional Events
 
|-
 
|-
 
|}
 
|}

Latest revision as of 19:04, 19 May 2016

If you have questions or require an exception to any of these please contact the OWASP Staff.


Policy Applicability
All content must be vendor neutral All Events - Core Value
All content must be made available to the public after the conference All Events - Core Value
All calls for papers, training and registration must be open and promoted to the public All Events - Core Value
Selecting Committee Members (Training or Papers) must not submit All Events
Use the conference website/wikipage to submit papers. It must supports blind paper submissions. All Events
All events must be conducted in a manner consistent with the OWASP Mission, Principles and Code of Ethics All Events - Core Value
OWASP Event Definitions All Events
OWASP Event Requirements All Events
Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. Policy Document
  • Global AppSec Conference - 10% of event profits up to Profit Goal set in annual Foundation Budget ($10,000 for multi-chapter events), 40 % of event profits in excess of Profit Goal. No profit cap.
  • Local and Regional Events - 90% of event profits. No profit cap.
All Events
All OWASP Events must be coordinated with OWASP Foundation Staff by submitting an events description via OCMS. An approval that the event will be posted on the OWASP Wiki and Event announcement webpage will be sent from the OCMS input. Any request for funding support must follow normal funding request procedures separate from the OCMS submission. All Events
Events must have an OWASP Wiki Page, or a webpage showing the OWASP logo and be linked to the OWASP wiki Events Pages All Events
Only OWASP Board members or their designates may enter into contracts on behalf of the foundation All Events
All finances must be handled by the OWASP Foundation All Events
Complimentary conference admissions are provided to speakers, volunteers, staff, Global Board members and active OWASP Leaders.

A “Leader” is defined as a chapter or project leader that is clearly identified on the chapter or project wiki page AND has been documented as a leader in the Foundation’s records. If a leader registers for a conference complimentary ticket but does not appear for the conference, the chapter will be charged 60% of the retail cost of a conference ticket.

All Events
OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee. All Events
A complete budget must be submitted if the event requires any funds from the OWASP Foundation and funding requests will be reviewed and approved by OWASP Executive Director. Please submit a requests via our Contact Us link on the OWASP Wiki homepage. Regional/Theme Conferences
An OWASP leader should be invited to provide welcome and state of the union. All Events
Global AppSec Conferences must include training Global AppSec Conferences
Global AppSec Conferences must charge an admission fee Global AppSec Conferences
Sessions must be recorded and posted to the public after the conference Global AppSec Conferences
There must be at least one networking event at the conference Global AppSec Conferences
All Training providers are required to sign a Training Instructor Agreement Training
Training revenue will be split 60/40 (OWASP/Training Provider) Training
Each training class allows for two complimentary seats to be made available to OWASP Leaders. This must be included in the Training Instructor Agreement. These are available on a first come basis. Only one training seat per session is allowed per chapter to allow for diversity in distribution of seats.

If a leader registers for a complimentary training seat but does not attend the full training session the chapter will be charged 60% of the retail cost of the training session and the leader will not be given a complimentary ticket (conference or training sessions) for any other Global AppSec events in the following year.

Training
Speakers must sign a Speaker Agreement Speakers
Speakers will not receive compensation for their speaking engagement Speakers
Event organizers must reach out to the WIA program to assist with the program committee and to help find suitable keynote and invited speakers. Global AppSec Conferences & Regional Events
Event organizers must send an open call for participation for volunteers, papers committee. Global AppSec Conferences & Regional Events
Event organizers should encourage all training and CFP proposals to go through the “Talk bootcamp” process. Global AppSec Conferences & Regional Events
WIA initiative should lead a search for women keynotes, featured, panel speakers. Global AppSec Conferences & Regional Events
Event organizers and WIA initiative should reach out to women speaker lists to encourage training proposals and speakers to submit through the normal CFP process. If there is to be a women in AppSec panels to be organized, the WIA initiative must be involved and feature predominantly women panelists. Global AppSec Conferences & Regional Events
These aren’t quotas, but a goal. Global events organizers are free to exceed these metrics.
*At least 10% of the program committee must be women, and must include the WIA initiative members
*At least 50% of keynotes and featured speakers must be women
*At least 25% of panel participants must be women. If there are no women participants, the panel should be cancelled. 
*At least 10% of talks must be women

If these metrics cannot be reached, the organizing committee should reach out to the Conference Manager for assistance, and must apply for an exception if they can’t be reached after all avenues have been exhausted.

Global AppSec Conferences
These aren’t quotas, but an aspiration goal for regional events. Organizers are free to exceed these metrics.
*At least one of the program / papers committee must be a woman, and should include the WIA initiative members
*At least one of keynotes, featured and invited speakers must be a woman
*At least 25% of panel participants should be women. If a panel has no women participants, it should be cancelled
*At least 10% of talks chosen should be women speakers
Regional Events