Scribd Logo
Upload

Welcome to Scribd!

  • Codes of Conduct

    Uploaded by

    Aparup Giri
    18 views25 pages
    OWASP Codes of Conduct

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    OWASP Codes of Conduct

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views25 pages

    Codes of Conduct

    Uploaded by

    Aparup Giri
    OWASP Codes of Conduct

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    The OWASP Foundation

    https://www.owasp.org
    Copyright The OWASP Foundation
    Permission is granted to copy, distriute and/or modi!y this document under the terms o! the OWASP "icense
    AppSec USA 2011
    #inneapo$is
    OWASP Codes o! Conduct Pro%ect
    Supporting OWASP&s #ission

    Co$in Watson
    co$in.watson'at(owasp.org

    Whose Conduct)

    Why)

    What Conduct)

    Comparisons

    Statements o! Comp$iance
    *
    OWASP Codes o! Conduct
    +ot any o! these

    OWASP code ,a$ues, core purpose, code o! ethics and princip$es

    -rand usage

    -y.$aws

    /enera$ disc$aimer

    Pro%ects

    Pro%ects handoo0

    "oca$ chapters

    Chapters handoo0

    Spea0er agreement

    Finance

    Con!erences

    Spea0er agreement

    Training instructor agreement

    /$oa$ Con!erences Committee po$icies


    1
    OWASP Codes o! Conduct
    2n!$uence targets

    +ot these

    Contriutors inc$uding chapter $eaders and pro%ect $eaders

    2ndi,idua$ memers

    3mp$oyees

    Committee memers

    -oard memers

    Supporters

    -ut yes, these

    /o,ernment odies

    Standards groups

    3ducation institutions

    Trade organi4ations

    Certi!ying odies

    ...
    5
    OWASP Codes o! Conduct
    With what purpose)

    To de!ine a set o! minima$ re6uirements speci!ying what OWASP e$ie,es are the most
    e!!ecti,e ways theses types o! organi4ation can support OWASP&s mission

    OWASP&s mission

    7To ma0e app$ication security ,isi$e, so that peop$e and organi4ations can ma0e
    in!ormed decisions aout app$ication security ris0s8
    9
    OWASP Codes o! Conduct
    Codes o! conduct

    Set o! minima$ standards

    +ormati,e standards

    +ot di!!icu$t to achie,e


    :
    OWASP Codes o! Conduct
    ;istory

    Summit *<== wor0ing sessions

    For /o,ernment -odies, Standards /roups > 3ducation 2nstitutions

    Outreach to 3ducationa$ 2nstitutions

    #inima$ AppSec Program !or ?ni,ersities, /o,ernments > Standards -odies

    A$$ participants ut especia$$y @e!! Wi$$iams, Aa,e Wichers and Ainis


    Cru4

    For Certi!ication -odies

    Certi!ication

    A$$ participants ut especia$$y @ason Tay$or and @ason "i

    Suse6uent$y

    For Trade /roups

    Co$in Watson

    For Commercia$ Organi4ations

    @e!! Wi$$iams and Co$in Watson


    B
    OWASP Codes o! Conduct
    Format
    C
    OWASP Codes o! Conduct
    Format 'continued(
    D
    OWASP Codes o! Conduct
    The OWASP 7/reen -oo08

    The OWASP App$ication Security Code o! Conduct !or /o,ernment -odies


    =<
    OWASP Codes o! Conduct
    Code o! Conduct
    =.The /o,ernment -ody #?ST esta$ish and en!orce a standard that re6uires app$ication
    security !or organi4ations and app$ications under their %urisdiction.
    *.The /o,ernment -ody #?ST ui$d app$ication security into so!tware ac6uisition
    guide$ines.
    1.The /o,ernment -ody #?ST pro,ide OWASP a 7notice and comment8 period when
    re$easing $aws and regu$ations that are re$e,ant to app$ication security.
    5.The /o,ernment -ody #?ST de!ine or adopt a de!inition o! app$ication security.
    9.The /o,ernment -ody #?ST create and promote pu$ic ser,ice messages !ocused on
    app$ication security.
    ==
    OWASP Codes o! Conduct
    The OWASP 7-$ue -oo08

    The OWASP App$ication Security Code o! Conduct !or 3ducationa$ 2nstitutions


    =*
    OWASP Codes o! Conduct
    Code o! Conduct
    =.The 3ducationa$ 2nstitution #?ST inc$ude app$ication security content somewhere in the
    standard computer science curricu$um.
    *.The 3ducationa$ 2nstitution #?ST o!!er at $east one course dedicated to app$ication
    security annua$$y.
    1.The 3ducationa$ 2nstitution #?ST ensure that an OWASP Chapter is a,ai$a$e to their
    students and support it.
    =1
    OWASP Codes o! Conduct
    The OWASP 7Ee$$ow -oo08

    The OWASP App$ication Security Code o! Conduct !or Standards /roups


    =5
    OWASP Codes o! Conduct
    Code o! Conduct
    =. The Standards /roup #?ST inc$ude an 7App$ication Security8 section in each so!tware
    re$ated technica$ standard.
    *. The Standards /roup #?ST pro,ide OWASP a 7notice and comment8 period when
    re$easing standards that inc$ude an app$ication security aspect.
    1. The Standards /roup #?ST de!ine or adopt a de!inition o! App$ication Security.
    =9
    OWASP Codes o! Conduct
    The OWASP 7Purp$e -oo08

    The OWASP App$ication Security Code o! Conduct !or Trade Organi4ations


    =:
    OWASP Codes o! Conduct
    Code o! Conduct
    =. The Trade Organi4ation #?ST inc$ude an 7App$ication Security8 section in their own
    memership re6uirements.
    *. The Trade Organi4ation #?ST pro,ide OWASP a 7notice and comment8 period when
    re$easing re6uirements that inc$ude an app$ication security aspect.
    =B
    OWASP Codes o! Conduct
    The OWASP 7Fed -oo08

    The OWASP App$ication Security Code o! Conduct !or Certi!ying -odies


    =C
    OWASP Codes o! Conduct
    Code o! Conduct
    =.The Certi!ying -ody #?ST +OT misrepresent the Certi!ying -odyGs certi!ication as
    endorsed or supported y OWASP.
    *.The Certi!ying -ody #?ST inc$ude a ,isi$e disc$aimer i! the Certi!ying -odyGs certi!ication
    is 7ased on OWASP materia$s8.
    =D
    OWASP Codes o! Conduct
    Simi$ar re6uirements
    Government
    Bodies
    Educational
    nstitutions
    Standards
    Groups
    Trade
    Or!ani"ations
    #erti$%in!
    Bodies
    =. The /o,ernment -ody
    #?ST esta$ish and
    en!orce a standard that
    re6uires app$ication
    security !or organi4ations
    and app$ications under
    their %urisdiction.
    =. The 3ducationa$
    2nstitution #?ST inc$ude
    app$ication security
    content somewhere in the
    standard computer science
    curricu$um.
    =. The Standards /roup
    #?ST inc$ude an
    7App$ication Security8
    section in each so!tware
    re$ated technica$ standard.
    =. The Trade Organi4ation
    #?ST inc$ude an
    7App$ication Security8
    section in their own
    memership re6uirements.
    .
    1. The /o,ernment -ody
    #?ST pro,ide OWASP a
    7notice and comment8
    period when re$easing
    $aws and regu$ations that
    are re$e,ant to app$ication
    security.
    . *. The Standards /roup
    #?ST pro,ide OWASP a
    7notice and comment8
    period when re$easing
    standards that inc$ude an
    app$ication security
    aspect.
    *. The Trade Organi4ation
    #?ST pro,ide OWASP a
    7notice and comment8
    period when re$easing
    re6uirements that inc$ude
    an app$ication security
    aspect.
    .
    5. The /o,ernment -ody
    #?ST de!ine or adopt a
    de!inition o! app$ication
    security.
    . 1. The Standards /roup
    #?ST de!ine or adopt a
    de!inition o! App$ication
    Security.
    . .
    '* more unre$ated( '* more unre$ated( . . '* more unre$ated(
    *<
    OWASP Codes o! Conduct
    Additiona$ recommendations
    Government
    Bodies
    Educational
    nstitutions
    Standards
    Groups
    Trade
    Or!ani"ations
    #erti$%in!
    Bodies
    . . . . Co$$ect and pu$ish
    !eedac0 !rom certi!ication
    app$icants, recipients, and
    organi4ations recogni4ing
    the certi!ication
    . . . . ?ti$i4e 6uestions, answers,
    e,a$uation materia$ and
    processes that are open
    and !ree$y a,ai$a$e to the
    genera$ pu$ic
    -e an OWASP Supporter -e an OWASP Supporter -e an OWASP Supporter -e an OWASP Supporter -e an OWASP Supporter
    Assign a $iaison to OWASP Assign a $iaison to OWASP Assign a $iaison to OWASP Assign a $iaison to OWASP .
    3ncourage educationa$
    institutions to !ocus on
    app$ication security
    . . . .
    "e,erage OWASP y
    attending our e,ents,
    using our materia$s, and
    as0ing our eHperts !or he$p
    "e,erage OWASP y
    attending our e,ents,
    using our materia$s, and
    as0ing our eHperts !or he$p
    "e,erage OWASP y
    attending our e,ents,
    using our materia$s, and
    as0ing our eHperts !or he$p
    "e,erage OWASP y
    attending our e,ents,
    using our materia$s, and
    as0ing our eHperts !or he$p
    "e,erage OWASP y
    attending our e,ents,
    using our materia$s, and
    as0ing our eHperts !or he$p
    .
    3ncourage interested
    students to participate in
    OWASP
    .
    3ncourage interested
    memers to participate in
    OWASP
    .
    . .
    2n,o$,e a security eHpert
    ear$y in their standard
    de!inition process
    . .
    *=
    OWASP Codes o! Conduct
    Statements o! comp$iance)

    7Organi4ations S;O?"A c$ear$y communicate that they are in !u$$ or partia$ comp$iance
    with this Code o! Conduct8

    Aangers

    IJJJ comp$ies with OWASP&s codes =<<KI

    IJJJ is OWASP code comp$iantI

    IA$$ JJJ&s training is underta0en under the terms o! the OWASP Code o! Conduct
    on EEEEI
    **
    OWASP Codes o! Conduct
    A proposa$ !rom @ason "i
    *1
    OWASP Codes o! Conduct
    +eHt steps

    First !i,e

    Fina$i4e ,=.=

    Pro%ect assessment

    Fe$ease

    Promote

    Others
    *5
    OWASP Codes o! Conduct
    Pro%ect we pages
    *9
    OWASP Codes o! Conduct
    #a0e contact
    Co$in Watson

    co$in.watson'at(owasp.org
    Codes o! Conduct Pro%ect

    https://www.owasp.org/indeH.php/OWASPLCodesLo!LConduct
    #ai$ing "ist

    https://$ists.owasp.org/mai$man/$istin!o/owasp.codes.o!.conduct

    You might also like