How OWASP Works
How OWASP Works
The Open Web Application Security Project (OWASP) is the name for all the activities of the OWASP Foundation. The OWASP Foundation is a 501(c)3 non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. The OWASP community facilitates conferences, local chapters, articles, and message forums. Participation in OWASP is free and open to all, as are all the materials we produce.
OWASP projects are managed using a collaborative, consensus-based process. We do not have a hierarchical structure. Rather, different groups of contributors have different rights and responsibilities in the organization. OWASP is a meritocracy where these rights and responsibilities follow from the skills and contributions of participants. This document outlines our general structure. Individual projects define their own rules to add additional structure to their development processes.
The most important participants are the people who use our documentation, tools, and standards. The majority of our participants start out as users and guide their participation from the user's perspective. Users contribute to the OWASP projects by providing feedback to project members in the form of bug reports and feature suggestions. Users participate in the OWASP community by helping other users on mailing lists and user support forums.
A user who contributes to a project in the form of code or documentation becomes a project member. They take extra steps to participate in a project, are active on the project mailing list, participate in discussions, provide comments, enhancements, documentation, suggestions, and criticism. Project members are noted in project credits. Project and Chapter Leaders The OWASP Leaders is the group of individuals who take responsibility for the long-term direction of the projects in their area. There is a single Project Leader for each project which is commissioned directly by the OWASP Foundation Board of Directors. The OWASP Leaders are responsible for making decisions about technical direction, project priorities, schedule, and releases. Collectively, the OWASP Leaders can be thought of as the management of the OWASP Foundation.
The OWASP Board provides guidance to the OWASP Leaders on market direction, fundraising, strategic direction, and vision.
The board is currently made up of:
- Jeff Williams (Chair)
- Dave Wichers (Conference Chair and holder of the OWASP books)
- Dinis Cruz (Chief Evangelist)
- Andrew van der Stock (Executive Director)