|Join hundreds of other Developers and InfoSec professionals for Training, Sessions and Community at our first conference of 2019|
[AppSec Tel Aviv, May 26-30th]
This document aims to outline the process and expectations to be followed when raising a concern or conflict within OWASP. This document strives to create a usable system where concerns can be voiced, responded to and resolved. In addition, this process is intended to ensure the system of discussion does not overwhelm individuals who are not interested or necessary in the conflict discussion.
Assume Positive Intent First
- Information and intent can be lost within electronic communication.
- Before raising any issue it is strongly recommended to consult with the specific individual(s) related to the issue and openly clarify the issue.
- After clarifying the situation if a conflict is still present then the situation should be addressed.
Raising a Conflict
- To clarify OWASP policy and receive other opinions on the situation the issue should be directed to the OWASP Governance List
Use of Leaders List
- It is appropriate, if necessary, to send a single email to the leaders list to advise them of the situation and ask for involvment/comments within the governance thread.
- However, the leaders list is specifically NOT to be used for discussion of the conflict. The leaders list contains a large number of people, many of whom will not be related to the specific incident. Conflict related threads on the leaders list will be refocused to the Governance list.