Code of Conduct
OWASP is a free and open community.
The software market obscures information about application security and makes it difficult for consumers to make informed decision about application security risks.At OWASP, we are dedicated to the idea that visibility can transform the software market and improve application secuity for everyone. This same visibility and trust is essential to the way OWASP collaborates within its community. Within OWASP, the community members need to work together effectively, and this code of conduct provides the ground rules for our work going forward.
OWASP is open to all and this openness allows the community to collaborate freely on a volunteer basis to create ecosystems around projects, education, conferences, and members to increase the visibility of security. We improve on the work of others, which we have been given freely, and then share our improvements on the same basis.
Collaboration, and indeed the entire ecosystem, depends on good relationships between community members. To this end, OWASP has agreed on the following code of conduct to help define the ways that we think collaboration and cooperation should work.
This code of conduct covers our behaviour as members of the OWASP Community, in any forum, mailing list, wiki, website, Internet relay chat (IRC) channel, chapter meeting, conference or private correspondence. The OWASP elected and then current Board of Directors is ultimately accountable to the community and will arbitrate in any dispute over the conduct of a member of the community.
- Be considerate. Our work will be used by other people, and we in turn will depend on the work of others. Any decision we take will affect users and colleagues, and we should take those consequences into account when making decisions. OWASP has a rich community of contributors. Even if it's not obvious at the time, our contributions to OWASP may impact the work of others. Reach out to related projects and look for areas of alignment.
- Be respectful. The OWASP community and its members treat one another with respect. All the contributors at OWASP are volunteer, and everyone can make a valuable contribution to OWASP. We may not always agree, but disagreement is no excuse for poor behaviour and poor manners. We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It's important to remember that as a global community where people feel uncomfortable or threatened is not a productive one. We expect members of the OWASP community to be respectful when dealing with other contributors as well as with people outside OWASP and with users of OWASP materials.
- Be collaborative. Collaboration is central to OWASP and generally to and to all open to volunteer efforts. We encourage individuals and teams to work together whether inside or outside OWASP. This collaboration reduces redundancy, and improves the quality of our work. Internally and externally, we should always be open to collaboration. Wherever possible, we should work closely with upstream projects and others in the free software community to coordinate our efforts in all areas whether they be technical, advocacy or documentation. Our work should be done transparently and we should involve as many interested parties as early as possible. If we decide to take a different approach than others, we will let them know early, document our work and inform others regularly of our progress.
- When we disagree, we consult others. Disagreements, both social and technical, happen all the time and the OWASP community is no exception. It is important that we resolve disagreements and differing views constructively and with the help of the community. We have the Global Committees and the OWASP Foundation board which help to decide the right course for OWASP. There are also the project leaders and chapter leaders, who may be able to help us figure out the best direction for OWASP during times of disagreement.
- When we are unsure, we ask for help. Nobody knows everything, and nobody is expected to be perfect in the OWASP community. Asking questions avoids many problems down the road, and so questions are encouraged. Those who are asked questions should be responsive and helpful. However, when asking a question, care must be taken to do so in an appropriate list.
- Step down considerately. Members of every project, or chapter or committee come and go and OWASP is no different. When somebody leaves or disengages from OWASP, in whole or in part, we ask that they do so in a way that minimises disruption to the project, chapter or committee. This means they should tell people they are leaving and take the proper steps to ensure that others can pick up where they left off.
* It seems like the following topics are missing:
-- no full disclosure at OWASP - we’re not in the exploit business
-- we all work for commercial companies and OWASP is NOT a forum for competitive posturing
-- all of our work is collective authorship - not one person’s baby. Everyone is encouraged to edit everything
-- we respect copyright and licenses
-- all disagreements should focus on the technical topic and never the people. Ad hominem arguments are strictly forbidden.
-- Nothing in these principles should be interpreted as saying that OWASP has to be boring. We strongly encourage creativity, irreverence, provocative thoughts, and even good-natured ribbing.
Mailing lists are an important part of the OWASP community platform. This code of conduct applies to your behaviour in those forums too. Please follow these guidelines in addition to the general code of conduct:
- Please use a valid email address to which direct responses can be made.
- Please avoid flamewars, trolling, personal attacks, and repetitive arguments. Escalation can be taken to the Global Committee covering that area of the OWASP community.