This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

How OWASP Works

Jump to: navigation, search

The Open Web Application Security Project (OWASP) is the name for all the activities of the OWASP Foundation. The OWASP Foundation is a 501(c)(3) non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. The OWASP community facilitates conferences, local chapters, articles, and message forums. Participation in OWASP is free and open to all, as are all the materials we produce.


OWASP projects are managed using a collaborative, consensus-based process. We do not have a hierarchical structure. Rather, different groups of contributors have different rights and responsibilities in the organization. OWASP is a meritocracy where these rights and responsibilities follow from the skills and contributions of participants. This document outlines our general structure. Individual projects define their own rules to add additional structure to their development processes.


The most important participants are the people who use our documentation, tools, and standards. The majority of our participants start out as users and guide their participation from the user's perspective. Users contribute to the OWASP projects by providing feedback to project members in the form of bug reports and feature suggestions. Users participate in the OWASP community by helping other users on mailing lists and user support forums.

Project Members

A user who contributes to a project in the form of code or documentation becomes a project member. They take extra steps to participate in a project, are active on the project mailing list, participate in discussions, provide comments, enhancements, documentation, suggestions, and criticism. Project members are noted in project credits.

Project and Chapter Leaders

The OWASP Leaders is the group of individuals who take responsibility for the long-term direction of the projects in their area. There is a single Project Leader for each project which is commissioned directly by the OWASP Foundation Board of Directors. Chapter leaders coordinate activities in their local area. The OWASP Leaders are responsible for making decisions about technical direction, project priorities, schedule, and releases. Collectively, the OWASP Leaders can be thought of as the management of the OWASP Foundation.


The OWASP Board provides guidance to the OWASP Leaders on market direction, fundraising, strategic direction, and vision.

The board for calendar year 2015 is made up of: