Chapter Handbook/Chapter 2: Mandatory Chapter Rules
This section outlines the most basic rules for chapter leaders, or stated differently, these are the bottom-line rules required of chapter leaders. Chapters that are in compliance with these rules shall be considered Active Chapters. Each of these will be elaborated on later in the handbook.
- 1 Organize free and open meetings
- 2 Hold a minimum of 4 chapter meetings or events each year
- 3 Give official meeting notice through the wiki, chapter mailing list, and OWASP Calendar
- 4 Abide by OWASP principles and the code of ethics
- 5 Protect the privacy of the chapter’s local contacts
- 6 Maintain vendor neutrality (act independently)
- 7 Spend any chapter funds in accordance with the OWASP goals, code of ethics, and principles
- 8 Chapter Oversight
- 9 Chapter Leader Perks
Organize free and open meetings
Chapter meetings must be free and open to anyone for everyone to attend, regardless of whether the attendee is a paid member. All chapter run channels of communication must be free and open either as a matter of course as with social media like Twitter, Facebook, and MeetUp or through archives as with discussion platforms like Slack, Mailing Lists and Google Groups.
Hold a minimum of 4 chapter meetings or events each year
There are a variety of meeting “formats” or events that may be used to fulfill this requirement. Most chapters host a series of in-person meetings with 1-3 talks about security and time to network. Successful chapters usually supplement these types of meetings with specialty events like virtual meetings, social hours, hackathons, study groups, and contests like capture the flag. Chapters that represent an entire state, region, or country usually host a smaller number of larger events in various locations throughout their geographic range. Possibilities for meeting formats and events are nearly limitless.
Give official meeting notice through the wiki, chapter mailing list, and OWASP Calendar
Chapter meetings must be posted on the Chapter’s page on the OWASP wiki and a meeting announcement must be sent out to the OWASP mailing list [insert discourse pg]) to notify the OWASP community of each upcoming meeting. Also, the meeting must be listed on the OWASP Global Events Calendar. All chapter social media accounts must be linked on the wiki page. If you are using MeetUp chapter leaders should consider joining the Foundation’s MeetUp pro account to take advantage of the ability to simply update the MeetUp page and have your information mirrored on the OWASP Calendar and your wiki page (Available in late 2017).
Abide by OWASP principles and the code of ethics
Breaches of the Code of Ethics may result in the Foundation taking disciplinary action, including replacing chapter leadership or revoking membership.
Protect the privacy of the chapter’s local contacts
The privacy of chapter members and meeting attendees must be protected at all times. You should not disclose names, email addresses, or other identifying information about OWASP members or meeting attendees. Only aggregate statistics can be referenced. Sponsors should not have access to member lists; however, they may ask attendees to share contact information voluntarily, for example via submitting business cards voluntarily for a raffle.
Maintain vendor neutrality (act independently)
In order to preserve OWASP’s non-profit status and open, non-commercial principles it is important that no commercially-oriented “sales pitch” talks are given at OWASP events, be they chapter meetings or conferences. Such talks are not only against OWASP principles, they also blur the line between OWASP and commercial entities, thus diluting the OWASP brand name and agnostic status globally.
To avoid sales pitches please adhere to the following guidelines:
- Limit discussion of meeting sponsors to 5 minutes at either the beginning or end of each chapter meeting.
- Limit branded slides to the first slide
- You may allow a small information booth in the room for the meeting, but it should not be placed at the sign in table or anywhere else the attendees must pass through to get to the meeting. At the same time, it should not be so out of the way as to be useless.
Anybody that observes chapter leaders that are not following these basic rules is urged to report it to us.
Spend any chapter funds in accordance with the OWASP goals, code of ethics, and principles
Chapter funds should be used for your chapter and must be spent in line with the OWASP Foundation goals, principles, and code of ethics. Accordingly, chapter finances should be handled in a transparent manner. OWASP defines transparency as:
- Keeping a public record of all requests for funding, who proposed the request, relevant discussions, votes around funding, and request approval/denial in a publicly accessible location. We suggest on your wiki page.
- If a request for funding has been approved for one chapter or project, then it can be considered an acceptable expense for all chapters or projects which have funds to cover the expense in full.
For more rules regarding handling chapter funds, see section 4.7 on Handling Money.
OWASP Chapters and Chapter Leaders are overseen on an operational basis by the Foundation Staff and, ultimately, the Global OWASP Board. Overall activities must comply with bylaws, policies and handbooks, and code of ethics. If the Foundation Staff or Global OWASP Board determines that an OWASP Chapter Leader has not complied with these rules, their status as an OWASP Chapter Leader may be revoked. Additionally, OWASP administrative access (including the leader’s owasp.org email address) may be immediately revoked.
Chapter Leader Perks
We know that being a Chapter Leader is a lot of work--even when your chapter has multiple leaders. As thanks for your contribution OWASP offers the following perks for every leader who has served for 6 months and hosted at least one event:
- All chapter leaders can opt-in to Honorary Membership
- All Chapter are provided with three passes for use by their leaders who have fulfilled the above requirements
- At each Global AppSec Training event there will be 2 seats in each training event for leaders to have on a first come-first served basis.
- Any leader who attends the in person Leader meetings can receive a special leader’s only shirt (first come-first served, limited quantities)
Chapters are not mini organizations, instead they are akin to branches. While you can develop your chapter to meet the needs of your audience and therefore have great freedom, your chapter is not an independent legal entity. Chapters cannot sign contracts, hold independent insurance, or hold funds independently of the Foundation. Chapters must abide by the code of conduct, Foundation bylaws, the Core Purpose, Core Values, and the Chapter Leader Handbook. If any of these are contradictory please abide by the document preceding it in the above list. If you are confused, you can contact the Community Manager through email, slack, or the contact us page.