Code of Conduct                

OWASP is a free and open community.

The software market obscures information about application security and makes it difficult for consumers to make informed decision about application security risks.At OWASP, we are dedicated to the idea that visibility can transform the software market and improve application secuity for everyone. This same visibility and trust is essential to the way OWASP collaborates within its community. Within OWASP, the community members need  to work together effectively, and this code of conduct provides the ground rules for our work going forward.

OWASP is open to all and this openness allows the community to collaborate freely on a volunteer basis to create ecosystems around projects, education, conferences, and members to increase the visibility of security.  We improve on the work of others, which we have been given freely, and then share our improvements on the same basis.

Collaboration, and indeed the entire ecosystem, depends on good relationships between community members. To this end, OWASP has agreed on the following code of conduct to help define the ways that we think collaboration and cooperation should work.

This code of conduct covers our behaviour as members of the OWASP Community, in any forum, mailing list, wiki, website, Internet relay chat (IRC) channel, chapter meeting, conference or private correspondence. The OWASP elected and then current Board of Directors is ultimately accountable to the community and will arbitrate in any dispute over the conduct of a member of the community.

* It seems like the following topics are missing:

-- no full disclosure at OWASP - we’re not in the exploit business

-- we all work for commercial companies and OWASP is NOT a forum for competitive posturing

-- all of our work is collective authorship - not one person’s baby.  Everyone is encouraged to edit everything

-- we respect copyright and licenses

-- all disagreements should focus on the technical topic and never the people. Ad hominem arguments are strictly forbidden.

-- Nothing in these principles should be interpreted as saying that OWASP has to be boring. We strongly encourage creativity, irreverence, provocative thoughts, and even good-natured ribbing.

Mailing lists

Mailing lists are an important part of the OWASP community platform. This code of conduct applies to your behaviour in those forums too. Please follow these guidelines in addition to the general code of conduct:

  1. Please use a valid email address to which direct responses can be made.
  2. Please avoid flamewars, trolling, personal attacks, and repetitive arguments. Escalation can be taken to the Global Committee covering that area of the OWASP community.