This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Summit 2011 Working Sessions/Session203/Deliverable 1

Revision as of 11:54, 7 February 2011 by Chris Schmidt (talk | contribs)

Jump to: navigation, search

Deliverable 1

OWASP Project Disclosure Policy

Example Policies and Bylaws from Founding of the Apache Security Team

A. Reestablishing the Apache Security Team

      WHEREAS, the Board of Directors deems it to be in the best
      interests of the Foundation and consistent with the
      Foundation's purpose to establish the ASF Board Committee
      charged with maintaining the security of software produced by
      the various projects established under the ASF's umbrella,
      but not for the security of the servers and other
      infrastructure used by the ASF.

      NOW, THEREFORE, BE IT RESOLVED, that the ASF Board Committee,
      known as the "Apache Security Team", be and hereby is
      reestablished pursuant to Bylaws of the Foundation; and be it

      RESOLVED, that the Apache Security Team be and hereby is
      responsible for organization and oversight of efforts to
      maintain the security of ASF projects and shall act as a
      single point of contact between the ASF and any entity
      wishing to report or fix any security related issue in any

      RESOLVED, that each project shall appoint at least one
      non-voting liaison to the committee, who shall have commit
      privilege for the project's repository, and the technical
      ability to release new versions, advisories or security
      patches on behalf of the project.

      RESOLVED, that the committee shall have the power to act on
      behalf of any project in matters of security.

      RESOLVED, that Mark Cox shall serve at the direction of
      the Board of Directors as the chair of the Security Team and
      have primary responsibility for managing the Security Team;
      and be it further

      RESOLVED, that the persons listed immediately below be and
      hereby are appointed to serve as the members of the Apache
      Security Team:

          Ben Laurie
          Mark Cox

      There was some discussion over the small number of "initial"
      members of the team. It was noted that it was expected that
      new members would be added as soon as the team rebooted.

     Special Order 6A, Reestablishing the Apache Security Team, was
     approved by Unanimous Vote.

Mozilla Security Policies