This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Codes of Conduct"

From OWASP

Jump to: navigation, search

Latest revision as of 11:10, 19 May 2015

Main
Government Bodies
Educational Institutions
Standards Groups
Trade Organizations
Certifying Bodies
Development Organizations

Project's Purpose

OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks".

At the Summit 2011 in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve.

This project develops and maintains OWASP Codes of Conduct, and began with those initially created at the following working sessions at the 2011 OWASP Summit:

The Codes of Conduct

The current versions (all now Stable Release Quality) are listed below. See each tab for more project details or read the summary pamphlet (English version PDF and MS Word) and presentation.

OWASP Green Book

The OWASP Application Security Code of Conduct for Government Bodies

Download the current release

v1.18 Release:

Translations

None are currently available.

OWASP Blue Book

The OWASP Application Security Code of Conduct for Educational Institutions

Download the current release

v1.18 Release:

Translations

None are currently available.

OWASP Yellow Book

The OWASP Application Security Code of Conduct for Standards Groups

Download the current release

v1.18 Release:

Translations

None are currently available.

OWASP Purple Book

The OWASP Application Security Code of Conduct for Trade Organizations

Download the current release

v1.18 Release:

Translations

None are currently available. Can you help?

OWASP Red Book

The OWASP Application Security Code of Conduct for Certifying Bodies

Download the current release

v1.18 Release:

Translations

None are currently available.

OWASP Gray Book

The OWASP Application Security Code of Conduct for Development Organizations

Download the current release

v1.18 Release:

Translations

None are currently available.

What's Missing?

What other types of organization might be able to support OWASP's mission? What are the most important things they should do?

Join in the OWASP Codes of Conduct Mailing List with your suggestions and feedback.

Statements of Compliance

The implications and format of any statements of compliance is currently being discussed on the Codes of Conduct Project mailing list. The thread starts here.

Project Details

Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions. All the Codes are discussed on a single shared mailing list. It is free and open.

Licensing

The OWASP Codes of Conduct are free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Aggregated Book

There is also an aggregated booklet format (English version MS Word) incorporating all six. This is also available to buy at cost printed in colour from Lulu.com.

News

[19 May 2015] Working session at OWASP Project Summit - Review and publish v1.18

Lost? Not What You Were Looking For?

These Codes relate to OWASP's aspirations for other types of organization. If you were looking for OWASP internal strategic and operational policies and processes, you might want to look at some of the following. They are not part of the OWASP Codes of Conduct Project.

OWASP Core Values, Core Purpose, Code of Ethics and Principles
Projects
- Projects Handbook (coming soon)
Local Chapters
Conferences
Privacy

Classifications

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: The OWASP "Green Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who	is working on this project?
Project Leader(s): Colin Watson @
Project Contributor(s): Jeff Williams @ Dave Wichers @ Dinis Cruz @ Fabio Cerulo @ Sebastien Deleersnyder @
how	can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: Defining a minimal appsec program for universities, governments, and standards bodies (Summit 2011 Working Session)
Key Contacts
Contact Colin Watson @ to contribute to this project Contact Colin Watson @ to review or sponsor this project

current release

The OWASP "Green Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1
Rating: Stable Release - Assessment Details

last reviewed release

The OWASP "Green Book" v1.1 - March 27, 2013 - (download)

Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

Formal review

Rating:

Stable Release - Assessment Details

other releases
The OWASP "Green Book" v1.1 The OWASP "Green Book" 1.0

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: The OWASP "Blue Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Educational Institutions/The OWASP "Blue Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who	is working on this project?
Project Leader(s): Colin Watson @
Project Contributor(s): Jeff Williams @ Dave Wichers @ Dinis Cruz @ Fabio Cerulo @ Sebastien Deleersnyder @
how	can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: Defining a minimal appsec program for universities, governments, and standards bodies (Summit 2011 Working Session)
Key Contacts
Contact Colin Watson @ to contribute to this project Contact Colin Watson @ to review or sponsor this project

current release

The OWASP "Blue Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Educational Institutions/The OWASP "Blue Book", version v1.1.
Rating: Stable Release - Assessment Details

last reviewed release

The OWASP "Blue Book" v1.1 - March 27, 2013 - (download)

Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

Formal review

Rating:

Stable Release - Assessment Details

other releases
The OWASP "Blue Book" v1.1 The OWASP "Blue Book" 1.0

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: The OWASP "Yellow Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Standards Groups/The OWASP "Yellow Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who	is working on this project?
Project Leader(s): Colin Watson @
Project Contributor(s): Jeff Williams @ Dave Wichers @ Dinis Cruz @ Larry Conklin Fabio Cerulo @ Sebastien Deleersnyder @
how	can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: Defining a minimal appsec program for universities, governments, and standards bodies (Summit 2011 Working Session)
Key Contacts
Contact Colin Watson @ to contribute to this project Contact Colin Watson @ to review or sponsor this project

current release

The OWASP "Yellow Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Standards Groups/The OWASP "Yellow Book", version v1.1.
Rating: Stable Release - Assessment Details

last reviewed release

The OWASP "Yellow Book" v1.1 - March 27, 2013 - (download)

Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

Formal review

Rating:

Stable Release - Assessment Details

other releases
The OWASP "Yellow Book" v1.1 The OWASP "Yellow Book" 1.0

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: The OWASP "Purple Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Trade Organizations/The OWASP "Purple Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who	is working on this project?
Project Leader(s): Colin Watson @ Fabio Cerulo @ Sebastien Deleersnyder @
how	can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
Contact Colin Watson @ to contribute to this project Contact Colin Watson @ to review or sponsor this project

current release

The OWASP "Purple Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Trade Organizations/The OWASP "Purple Book", version v1.1.
Rating: Stable Release - Assessment Details

last reviewed release

The OWASP "Purple Book" v1.1 - March 27, 2013 - (download)

Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

Formal review

Rating:

Stable Release - Assessment Details

other releases
The OWASP "Purple Book" v1.1 The OWASP "Purple Book" 1.0

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: The OWASP "Red Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Certifying Bodies/The OWASP "Red Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who	is working on this project?
Project Leader(s): Colin Watson @ Jason Li @
Project Contributor(s): Jason Taylor @ Jason Li @ Martin Knobloch @ Matthew Chalmers @ Justin Searle @ Larry Conklin Fabio Cerulo @ Sebastien Deleersnyder @
how	can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: Cerification (Summit 2011 Working Session)
Key Contacts
Contact Colin Watson @ to contribute to this project Contact Colin Watson @ to review or sponsor this project

current release

The OWASP "Red Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Certifying Bodies/The OWASP "Red Book", Version v1.1.
Rating: Stable Release - Assessment Details

last reviewed release

The OWASP "Red Book" v1.1 - March 27, 2013 - (download)

Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

Formal review

Rating:

Stable Release - Assessment Details

other releases
The OWASP "Red Book" v1.1 The OWASP "Red Book" 1.0

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: The OWASP "Gray Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Development Organizations/The OWASP "Gray Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who	is working on this project?
Project Leader(s): Colin Watson @
Project Contributor(s): Jeff Williams @ Larry Conklin Fabio Cerulo @ Sebastien Deleersnyder @
how	can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
Contact Colin Watson @ to contribute to this project Contact Colin Watson @ to review or sponsor this project

current release

The OWASP "Gray Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Development Organizations/The OWASP "Gray Book", version v1.1
Rating: Stable Release - Assessment Details

last reviewed release

The OWASP "Gray Book" v1.1 - March 27, 2013 - (download)

Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

Formal review

Rating:

Stable Release - Assessment Details

other releases

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Codes_of_Conduct&oldid=195001"

Categories:

Difference between revisions of "OWASP Codes of Conduct"

Latest revision as of 11:10, 19 May 2015

Project's Purpose

The Codes of Conduct

OWASP Green Book

OWASP Blue Book

OWASP Yellow Book

OWASP Purple Book

OWASP Red Book

OWASP Gray Book

What's Missing?

Statements of Compliance

Project Details

Licensing

Aggregated Book

News

Lost? Not What You Were Looking For?

Classifications

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 1: / Line 1: @@
-==== Main  ====
+= Main  =
 ===Project's Purpose ===
-This project envisages to create and maintain OWASP Codes of Conduct. In order to achieve our mission, OWASP needs to take advantage of every opportunity to affect software development everywhere. At the [[:Summit 2011 Working Sessions/Session255|OWASP Summit 2011]] in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve. In this context the following codes will be produced:
-*The OWASP "Green Book" - '''The OWASP Application Security Code of Conduct for Government Bodies''',
-*The OWASP "Blue Book" - '''The OWASP Application Security Code of Conduct for Educational Institutions''',
-*The OWASP "Yellow Book" - '''The OWASP Application Security Code of Conduct for Standards Groups''',
-*The OWASP "Purple Book" - '''The OWASP Application Security Code of Conduct for Trade Organizations''',
-*The OWASP "Red Book" - '''The OWASP Application Security Code of Conduct for Certifying Bodies'''.
-==== Green Book ====
+OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks".
+At the [[Summit 2011]] in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve.
+This project develops and maintains OWASP Codes of Conduct, and began with those initially created at the following working sessions at the 2011 OWASP Summit:
+* [[:Summit 2011 Working Sessions/Session255|Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies]]
+* [[:Summit 2011 Working Sessions/Session039|Certification]]
+* [[:Summit 2011 Working Sessions/Session012|Outreach to Educational Institutions]]
+===The Codes of Conduct===
+The current versions (all now Stable Release Quality) are listed below.  See each tab for more project details or read the summary pamphlet (English version [https://www.owasp.org/index.php/File:OWASP_Codes-of-Conduct_Pamphlet.pdf PDF] and [https://www.owasp.org/index.php/File:OWASP_Codes-of-Conduct_Pamphlet.docx MS Word]) and [http://www.appsecusa.org/p/codesofconduct.pdf presentation].
+{| width="100%" cellspacing="20" cellpadding="10"
+|- valign="top"
+| width="33%" style="background:#e6f5e9" |
+== OWASP Green Book ==
+''The OWASP Application Security Code of Conduct for Government Bodies''
+'''Download the current release'''
+v1.18 Release:
+* [[Media:OWASP_Green_Book-Governmental_Bodies.pdf|English version PDF]]
+* [[Media:OWASP_Green_Book-Governmental_Bodies.docx|English version MS Word]]
+'''Translations'''
+None are currently available.
+| width="33%" style="background:#e6eef6" |
+== OWASP Blue Book ==
+''The OWASP Application Security Code of Conduct for Educational Institutions''
+'''Download the current release'''
+v1.18 Release:
+* [[Media:OWASP_Blue_Book-Educational_Institutions.pdf|English version PDF]]
+* [[Media:OWASP_Blue_Book-Educational_Institutions.docx|English version MS Word]]
+'''Translations'''
+None are currently available.
+| width="33%" style="background:#fafcdb" |
+== OWASP Yellow Book ==
+''The OWASP Application Security Code of Conduct for Standards Groups''
+'''Download the current release'''
+v1.18 Release:
+* [[Media:OWASP_Yellow_Book-Standards_Groups.pdf|English version PDF]]
+* [[Media:OWASP_Yellow_Book-Standards_Groups.docx|English version MS Word]]
+'''Translations'''
+None are currently available.
+|- valign="top"
+| style="background:#ecdcfd" |
+== OWASP Purple Book ==
+''The OWASP Application Security Code of Conduct for Trade Organizations''
+'''Download the current release'''
+v1.18 Release:
+* [[Media:OWASP_Purple_Book-Trade_Organizations.pdf|English version PDF]]
+* [[Media:OWASP_Purple_Book-Trade_Organizations.docx|English version MS Word]]
+'''Translations'''
+None are currently available. Can you help?
+| style="background:#f1d8d7" |
+== OWASP Red Book ==
+''The OWASP Application Security Code of Conduct for Certifying Bodies''
+'''Download the current release'''
+v1.18 Release:
+* [[Media:OWASP_Red_Book-Certifying_Bodies.pdf|English version PDF]]
+* [[Media:OWASP_Red_Book-Certifying_Bodies.docx|English version MS Word]]
+'''Translations'''
+None are currently available.
+| style="background:#cccccc" |
+== OWASP Gray Book ==
+''The OWASP Application Security Code of Conduct for Development Organizations''
+'''Download the current release'''
+v1.18 Release:
+* [[Media:OWASP_Gray_Book-Development_Organizations.pdf‎|English version PDF]]
+* [[Media:OWASP_Gray_Book-Development_Organizations.docx|English version MS Word]]
+'''Translations'''
+None are currently available.
+|}
+{| style="padding:0;margin:0;margin-top:10px;text-align:left;"
+|-
+| valign="top"  width="67%" style="padding-right:25px;" |
+=== <div id="missing">What's Missing?</div> ===
+What other types of organization might be able to support OWASP's mission?  What are the most important things they should do?
+Join in the [https://lists.owasp.org/mailman/listinfo/owasp-codes-of-conduct OWASP Codes of Conduct Mailing List] with your suggestions and feedback.
+=== <div id="compliance">Statements of Compliance</div> ===
+The implications and format of any statements of compliance is currently being discussed on the Codes of Conduct Project mailing list.  The [https://lists.owasp.org/pipermail/owasp-codes-of-conduct/2011-September/000012.html thread starts here].
+===Project Details===
+Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions.  All the Codes are discussed on a single shared [https://lists.owasp.org/mailman/listinfo/owasp-codes-of-conduct mailing list].  It is free and open.
+===Licensing===
+The OWASP Codes of Conduct are free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+&copy; OWASP Foundation
+| valign="top"  width="33%" |
+===Aggregated Book===
+There is also an aggregated booklet format (English version [https://www.owasp.org/index.php/File:OWASP_Codes-of-Conduct_Aggregated-Booklet.docx MS Word]) incorporating all six. This is also available to buy at cost printed in colour from [http://www.lulu.com/shop/owasp-foundation/owasp-codes-of-conduct/paperback/product-21247130.html Lulu.com].
+[[File:Codes-of-conduct-lulu-small.jpg|link=http://www.lulu.com/shop/owasp-foundation/owasp-codes-of-conduct/paperback/product-21247130.html]]
+===News===
+* [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Review and publish v1.18
+|-
+| valign="top" |
+===Lost?  Not What You Were Looking For?===
+These Codes relate to OWASP's aspirations for other types of organization.  If you were looking for OWASP internal strategic and operational policies and processes, you might want to look at some of the following.  They are ''not'' part of the OWASP Codes of Conduct Project.
+* [[:About OWASP|OWASP Core Values, Core Purpose, Code of Ethics and Principles]]
+** [[:OWASP brand usage rules|Brand usage]]
+** [[:File:2012ByLawsFINAL.pdf|By-laws]]
+** [[:OWASP:General disclaimer|General disclaimer]]
+* Projects
+** Projects Handbook (coming soon)
+* Local Chapters
+** [[:Category:Chapter Handbook|Chapter Handbook]]
+** [[:Speaker Agreement|Speaker Agreement]]
+** [[:Chapter Finance Policy and Procedure|Finance]]
+* Conferences
+** [[:Speaker Agreement|Speaker Agreement]]
+** [[:File:Training Instructor Agreement.doc|Training Instructor Agreement]]
+** [[:Global Conferences Committee/Policies|All Global Conferences Committee Policies]]
+* [[:OWASP:Privacy policy|Privacy]]
+| valign="top" |
+==Classifications==
+   {| width="200" cellpadding="2"
+   |-
+   | align="center" valign="top" width="50%" rowspan="2"| [[Image:Owasp-labs-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Lab_Projects]]
+   | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
+   |-
+   | align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=Breakers]]
+   |-
+   | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
+   |-
+   | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
+   |}
+|}
+=  Government Bodies =
 {{:Projects/The OWASP "Green Book" | Project About}}
-==== Blue Book ====
+= Educational Institutions =
 {{:Projects/The OWASP "Blue Book" | Project About}}
-==== Yellow Book ====
+= Standards Groups =
 {{:Projects/The OWASP "Yellow Book" | Project About}}
-==== Purple Book ====
+=Trade Organizations =
 {{:Projects/The OWASP "Purple Book" | Project About}}
-==== Red Book ====
+= Certifying Bodies =
 {{:Projects/The OWASP "Red Book" | Project About}}
+= Development Organizations =
+{{:Projects/The OWASP "Gray Book" | Project About}}
 <!---==== Project About  ====
@@ Line 30: / Line 230: @@
 __NOTOC__ <headertabs />
-[[Category:OWASP_Project|Codes of Conduct]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Document]]
+[[Category:OWASP_Project|Codes of Conduct]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]]