Projects/Project Leader Cheat Sheet

Revision as of 17:57, 5 April 2013 by Samantha Groves (Talk | contribs)

Jump to: navigation, search

OWASP Projects


What is an OWASP Project?

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 141 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the OWASP Project Mailing Lists page. For more information on OWASP Projects, please Download the OWASP Projects Handbook 2013.

Why should I start a project with OWASP?

As all project leaders are volunteers, OWASP recognizes the need for incentives for both the project leader and the project itself. There are standard resources made available to project leaders based on their project’s current maturity level. Aside from leveraging the OWASP brand, we can offer a number of benefits to an OWASP project leader for starting a project. These include: Financial Donation Management, Technical Writing Support, Graphic Design Support, Professional Project Review Support, WASPY Awards Nominations, OWASP Projects Track Participation, Opportunity to get $500 for Project Development, and Community Engagement and Support. These benefits increase as the project moves through each project stage within the OWASP Global Projects Infrastructure.

What will be my responsibilities as a Project Leader (PL)?

OWASP Project Leaders (PLs) are directly responsible for promoting, protecting, and managing their projects brand as well as the overall OWASP brand. Project Leader's are also directly responsible for managing all aspects of their OWASP Project. Please visit the OWASP Project Leader's Responsibilities page for a quick overview of Leader responsibilities both to his/her project, and to the OWASP Foundation as a whole.

How do I start an OWASP Project?

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community. The best OWASP projects are strategic as they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support. You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project. To apply for an OWASP Project, please fill in the Project Application Form. The OWASP PM will reach out to you within seven days of making your application. Please be prepare to answer questions from the overall OWASP community before your project is accepted.

What are acceptable license choices for an OWASP Project?

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See for more information and note that they label these two license as "not a Free Culture License"
Tool Project
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)

OWASP Global Projects Infrastructure

How do I navigate through the OWASP Global Projects Infrastructure (OGPI)

This is where we would put the info-graphic. To be developed by our designer.

What are the different project stages?

The OWASP Project Lifecycle is broken down into the following stages:

Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

Labs Projects: OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

How do I move from one stage to another?

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Typi non habent claritatem insitam; est usus legentis in iis qui facit eorum claritatem. Investigationes demonstraverunt lectores legere me lius quod ii legunt saepius. Claritas est etiam processus dynamicus, qui sequitur mutationem consuetudium lectorum. Mirum est notare quam littera gothica, quam nunc putamus parum claram, anteposuerit litterarum formas humanitatis per seacula quarta decima et quinta decima. Eodem modo typi, qui nunc nobis videntur parum clari, fiant sollemnes in futurum.

What incentives does my project get at each stage?


  • Financial Donation Management Assistance
  • Project Review Support
  • WASPY Awards Nominations
  • OWASP OSS and OPT Participation
  • Opportunity to submit proposal: $500 for Development.
  • Community Engagement and Support
  • Recognition and visibility of being associated with the OWASP Brand.


  • All benefits given to Incubator Projects
  • Technical Writing Support
  • Graphic Design Support
  • Project Promotion Support
  • OWASP OSS and OPT: Preference


  • All benefits given to Incubator & Labs Projects
  • Grant finding and proposal writing help
  • Yearly marketing plan development assistance
  • OWASP OSS and OPT participation preference

OWASP Project Manager

Who is the OWASP Project Manager?

Sam2.jpg Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She is eager to begin her work at OWASP and help the organization reach its project completion goals.

Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha recently attained her Prince2 (Foundation) project management certification.

What are her responsibilities at OWASP?

The OWASP PM provides support and direction to the Project Leaders (PLs) within the OWASP organisation. She helps them with starting and running their OWASP based projects, aiding them in reaching their project goals. She is directly responsible for developing and managing the global projects infrastructure which is the innovation and research division of the organisation. She manages 142 global projects, and I 142 project teams ensuring that they all have what they need to be successful both within the OWASP Global Projects Infrastructure, and outside the community. She is also responsible for grant research, writing, and fundraising, and directly project manages those projects that have been awarded grant funding. Please see the Project Manager Role Description for more information.

How can I contact the OWASP PM?

If you have any questions, please do not hesitate to contact the OWASP Project Manager, Samantha Groves by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

Social Media

We recommend using the links below to contact the OWASP PM via social media. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world.

Twitter-32x32.png Facebook-32x32.png Linkedin-32x32.png Google-32x32.png