|
|
| (11 intermediate revisions by 6 users not shown) |
| Line 1: |
Line 1: |
| − | [[Category:Chapter_Handbook]]
| + | ==Start-up Information== |
| | + | The following information should be provided in an application to start or restart an OWASP Chapter: |
| | + | * List of the people that are founding the chapter. Each founding member(s) must submit: |
| | + | ** Statement regarding their professional background or resume, and |
| | + | ** Statement of why he or she wants to be an OWASP Leader. |
| | + | * The geographical area to be covered by the new chapter. Chapter names should represent the immediate city or region that is being served. It is also required that the chapter leader(s) work or live in the immediate geographical area. |
| | + | * Acknowledgement that founding member(s) read, understands, and agrees to the terms of the Chapter Handbook. |
| | + | * While it is not mandatory, a good understanding of English will help with communication within the OWASP global community. |
| | + | Requests to start or restart an OWASP Chapter may be initiated through the Chapter Request form. If at any time you wish to leave your position as leader or add a new leader the same form may be used by selecting “Modify Chapter Leadership” from the drop down menu. |
| | | | |
| − | == Starting or Restarting a chapter == | + | ==New Chapter Approval Process== |
| − | An OWASP local chapter organizes OWASP activity in a given geographical area. A person or a group (the "founding group") can request to start a new chapter in a geographical area not currently served by an OWASP group. The global chapter committee should actively seek founders to start groups in geographical areas not covered by an OWASP chapter.
| + | After receiving the above information via the online form, an OWASP employee will give a cursory check of the above items to ensure new chapter leaders are serious and understand their commitment. Upon review of requester's credentials and resolution of any potential conflicts, the applicant can move forward as a chapter leader. A chapter wiki page and mailing list will be set up for the new leader(s) and the chapter leader(s) will be given an OWASP email account and password to operate as the administrator of the new chapter mailing list. Additionally, every new chapter with at least 2 chapter leaders will be allocated a $500 budget to begin with. |
| | | | |
| − | <strike>
| + | ==Chapter Naming== |
| − | A request to start or restart a chapter should be submitted by the founding group to the OWASP global chapters committee and should include:
| |
| − | ; List of the people that are founding the chapter
| |
| − | * The founding group members should join as OWASP members
| |
| − | * The request should in include their resumes.
| |
| − | ; The geographical area to be covered by the new chapter (see notes below)
| |
| − | ; Recommendation by 5 current OWASP leaders
| |
| − | * This requirement can be waived by the board, especially if the chapter is started in a remote area in which OWASP currently has no activity.
| |
| − | ; Recommendation by 5 people who practice information security in the covered geography
| |
| − | * Required to complement the founding group if it is smaller than 5. If there is one founder, 4 recommendations are needed, if there are two founders, 3 recommendations are needed as so on.
| |
| − | * Relevant bio details of the recommending people should be added.
| |
| | | | |
| − | The global chapters committee will submitting the request for a review by OWASP leaders and prepare a recommendation for the OWASP board who will decided whether to grant the person of group the opportunity to start the new chapter. | + | The format used for naming a chapter is: OWASP [Insert City, Region, or Country Name of Chapter]. For example: OWASP Austin, OWASP London, OWASP Malaysia. |
| − | </strike>
| |
| | | | |
| | + | It is not necessary to specify your chapter is a “local” chapter, because by definition any chapter is “local”. When registering your chapter name on Linkedin, Meetup, Twitter, or any other social media site this naming convention must be followed as it makes sorting and finding chapters easier. Where the Foundation owns an account with the same service, it is advisable to follow, join, or otherwise link the chapter’s account to the foundation’s. |
| | | | |
| − | <span style="color:red">Modified by Global Chapters Committee 19-Oct-2011 ([[Global Chapter Committee Voting Record]]). New process as follows: </span>
| + | ==Geographic area== |
| | + | An OWASP chapter organizes OWASP activity in a given geographical area. A person or a group (the "founding members") can request to start a new chapter in a geographical area not currently served by an OWASP group. |
| | | | |
| | + | One key to a successful OWASP chapter is selecting the right geographical area. Naturally, the geographical area should not overlap with an existing chapter. OWASP chapters promote face-to-face meetings and the geographical area covered should be no more than a reasonable travel for a meeting. On the other hand, the area should be large enough to serve enough people who are interested in web application security and enough people to be active in the chapter. |
| | | | |
| − | '''A request to start or restart a chapter should be submitted by the founding member or group to the [https://spreadsheets.google.com/a/owasp.org/viewform?hl=en&formkey=dFN1R2NIMTNROXN3dml4ZEcxXzJQYXc6MQ#gid=0 OWASP Feedback Form]''' and should include:
| + | If a chapter is to cover a regional or national area, there should be a plan in place to serve all applicable areas. For instance, both OWASP Germany and OWASP Italy serve an entire nation by hosting larger conference-like meetings in multiple cities throughout the year. In this way AppSec professionals from the entire geographic region have access. For example, it would not be acceptable to host OWASP Germany only in a single city and ignore the other regions where a OWASP Chapter is desired. |
| | | | |
| − | # List of the people that are founding the chapter and the geographical area to be covered by the new chapter,
| + | ==Student, University, or Academic Chapters== |
| − | # Brief description of professional background or resume (from each of the founding leaders),
| + | OWASP student, university, academic chapters must follow the same mandatory guidelines set for standard OWASP Chapters, however there are generally special funds and people in place to provide support and guidance for these chapters. Visit the [[OWASP Student Chapters Program|Student Chapters]] and [[Academic Supporter]] pages for details on these guidelines. |
| − | # Statement of why he or she wants to be an OWASP Leader (from each of the founding leaders).
| |
| − | # Each founding leader(s) (as well as any leaders joining the chapter after its creation) must read, understand, and agree to the terms of the [[Chapter Leader Handbook]].
| |
| | | | |
| − | | + | [[Category:Chapter_Handbook]] |
| − | Upon receiving the request, [mailto:[email protected] Sarah Baso] (or whoever is providing administrative support to the Chapters Committee) will give a cursory check of the above items to ensure new chapter leaders are serious and understand their commitment, and and forward the request to the Global Chapter Committee for a second approval. Upon receipt of a second approval by a member of the Global Chapter Committee, the applicant can move forward as a chapter leader. A chapter wiki page and mailing list will be set up for the new leader(s). Additionally the chapter leader(s) will be given an owasp email account and password to operate as the administrator of the new chapter mailing list. | |
| − | | |
| − | | |
| − | | |
| − | === Geographical Area ===
| |
| − | A key to successful OWASP chapters is selecting the right geographical area. Naturally the geographical area should not overlap with an existing chapter. OWASP chapters promote face to face meetings and the geographical area covered should be no more than a reasonable travel for an afternoon meeting. On the other hand the area should be large enough to serve enough people who are interested in web application security and enough people to be active in the chapter. While there might be exceptions, we expect each metropolitan area to have one chapter.
| |
| − | | |
| − | === Country Wide Activity ===
| |
| − | Some activities such as conferences, media relation and involvement with legislation and regulatory bodies is nationwide by nature. Such activities should be handled collectively by all chapters in the country and should be led by one of the chapter leaders, either by mutual agreement, election, or if all else fails, but appointment by the OWASP board.
| |
| − | | |
| − | == Terminating a Chapter ==
| |
| − | Terminating a chapter should be rare. An OWASP chapter is terminated by a board decision if:
| |
| − | * The chapter did not meet the minimum activity requirements
| |
| − | * The chapter leadership has not followed the chapter guidelines as outlines in this manual. Critical guidelines are:
| |
| − | ** Operation with the OWASP charter
| |
| − | ** Lack of conflict of interest in running the chapter
| |
| − | | |
| − | The board will inform the chapter leadership about the decision and will allow it to correct the issues leading to the termination within 3 months.
| |
| − | | |
| − | The global chapter committee should periodically review chapters activity and if the do not meet the minimum activity requirement may recommend to the board to terminate them. If terminated, the OWASP Global chapters committee would actively seek a replacing founding team to restart the chapter.
| |
| − | | |
| − | == Chapter Structure ==
| |
| − | OWASP does not enforce a chapter structure. We believe that this hard volunteering work should be split between whoever is willing to take the load. A chapter only needs to have a chairman responsible to the OWASP board.
| |
| − | * '''Chairman''': the only requirement is for chapter needs to have a chairman who is responsible to answer to the OWASP board. In case of dispute over the chairman title, we suggest rotation over the 24 months term, if there are multiple candidates and no rotation agreement, elections should be held for a 24 months term (see elections below).
| |
| − | * '''Board''': Chapters are free to decide on the number of role holders, their titles, how they are selected and for how long. We recommend that a chapter would have also a board with at least 3 members, each one having a specific role. Common roles
| |
| − | ** Organization: Secretary, PR/Marketing, Web, Membership, Finance & Meetings/Conferences
| |
| − | ** Content: Education, Industry, Projects
| |
| − | : In case there are multiple candidates for a specific role, and no restructuring, rotation or teaming works, elections for the role should be held for a 24 months term.
| |
| − | | |
| − | Notes:
| |
| − | * Most OWASP chapters, even successful ones are ran by a single person. However chapters with a more robust structure have proved to be able to perform better and bring OWASP activity to a new level. Examples are the [[New_York|NYC/NJ Chapter]] and the [[Belgium]] chapter which have an organized structure and pulled together the two major OWASP events in 2008.
| |
| − | * '''Remote leader''' - while a situation in which a person who lives remotely leads an OWASP chapter is not desirable in general, it might be the best choice if a leader leaves the community, but would like to continue lead the chapter and feels capable to do so. His performance should be evaluated periodically, like any chapter to validate that the chapter continues to run well. In the past Kuai Hinojosa let successfully the Minneapolis. Additionally travel expenses for the leader to attend the meetings can be considered valid OWASP expenses. Such a situation should be dimmed temporary and if someone local suggests to replace the remote leader, the request should be reviewed favorably.
| |
| − | | |
| − | === Members ===
| |
| − | The membership of a chapter includes:
| |
| − | * All individual OWASP members who associated their membership with the chapter
| |
| − | * A single representative for a corporate OWASP members associated with the chapter. Note that the lack of symmetry between level of payment and representation is intentional as OWASP is sponsored, but not run, by companies.
| |
| − | * Past and present role members in the chapter.
| |
| − | | |
| − | === Elections & Polls ===
| |
| − | ; When to hold elections of polls?
| |
| − | : It is always advisable to avoid elections. Running a chapter is a voluntary hard job and sharing the load is always advisable. Since the chapter role structure is flexible, a proper chapter structure may help to avoid elections. However, if there is a lack of agreement between chapter members on structure, roles or any other issues an election for a role or a poll on any other subject may be required:
| |
| − | ** A poll on a subject will be held if 10% of the chapter members request it.
| |
| − | ** Elections for a role will be held if there are multiple candidates for a role at the end of the term for the role.
| |
| − | ; How to hold elections?
| |
| − | : OWASP does not enforce any procedure for elections and polls. An agreement on procedure between candidates or suggestion makers is sufficient. If such an agreement is not reached, the following procedure would be followed:
| |
| − | ** The subject and options for vote along side the names of the people requiring the vote would be submitted to the OWASP foundation.
| |
| − | ** The OWASP foundation will request confirmation by e-mail from the people requiring the vote.
| |
| − | ** Once confirmed, The OWASP foundation will send the ballot to the chapter members setting a deadline.
| |
| − | ** One results are in, the OWASP foundation will notify chapter members of the results.
| |
| − | : The procedure for election heavily involves the OWASP foundation as we feel that if the chapter cannot get to an agreement even as to how to hold elections, central intervention is required.
| |
| − | | |
| − | == Minimum activity requirements ==
| |
| − | The minimum activity requires by a chapter is 4 meetings a year:
| |
| − | * The attendance should be on average 10 people for each 1 million residents in the area served. For example, if a chapter serves an area with 5 million residents, there should be 50 people on average in each meeting.
| |
| − | * The agenda should be published at least a week prior to the meeting date on the Wiki.
| |
| − | * The 1st chapter meeting should be within 3 months of a chapter's founding and should have at least 15 people attending.
| |
| − | | |
| − | Note that this is a minimum activity and a successful OWASP chapter should do much more as outlined in other sections of this manual.
| |
| − | | |
| − | == Finding a new leader ==
| |
| − | In the course of time, a leader may want to move on and leave his/her role. While this chapter provides guidelines to the technical process to follow, we found in the past that the actual challenge is find the new leader, especially in chapters that lack a board. We strongly suggest that a chapter leader who wants to stop would try to find a successor among the active members of the chapter. Such a process has the best chance of ensuring the continuous success of the chapter.
| |
| − | | |
| − | In any case, please inform the [[Global Chapter Committee]] of your wish to leave the job and let us help you in finding a successor.
| |
The following information should be provided in an application to start or restart an OWASP Chapter:
Requests to start or restart an OWASP Chapter may be initiated through the Chapter Request form. If at any time you wish to leave your position as leader or add a new leader the same form may be used by selecting “Modify Chapter Leadership” from the drop down menu.
After receiving the above information via the online form, an OWASP employee will give a cursory check of the above items to ensure new chapter leaders are serious and understand their commitment. Upon review of requester's credentials and resolution of any potential conflicts, the applicant can move forward as a chapter leader. A chapter wiki page and mailing list will be set up for the new leader(s) and the chapter leader(s) will be given an OWASP email account and password to operate as the administrator of the new chapter mailing list. Additionally, every new chapter with at least 2 chapter leaders will be allocated a $500 budget to begin with.
The format used for naming a chapter is: OWASP [Insert City, Region, or Country Name of Chapter]. For example: OWASP Austin, OWASP London, OWASP Malaysia.
It is not necessary to specify your chapter is a “local” chapter, because by definition any chapter is “local”. When registering your chapter name on Linkedin, Meetup, Twitter, or any other social media site this naming convention must be followed as it makes sorting and finding chapters easier. Where the Foundation owns an account with the same service, it is advisable to follow, join, or otherwise link the chapter’s account to the foundation’s.
An OWASP chapter organizes OWASP activity in a given geographical area. A person or a group (the "founding members") can request to start a new chapter in a geographical area not currently served by an OWASP group.
One key to a successful OWASP chapter is selecting the right geographical area. Naturally, the geographical area should not overlap with an existing chapter. OWASP chapters promote face-to-face meetings and the geographical area covered should be no more than a reasonable travel for a meeting. On the other hand, the area should be large enough to serve enough people who are interested in web application security and enough people to be active in the chapter.
If a chapter is to cover a regional or national area, there should be a plan in place to serve all applicable areas. For instance, both OWASP Germany and OWASP Italy serve an entire nation by hosting larger conference-like meetings in multiple cities throughout the year. In this way AppSec professionals from the entire geographic region have access. For example, it would not be acceptable to host OWASP Germany only in a single city and ignore the other regions where a OWASP Chapter is desired.
OWASP student, university, academic chapters must follow the same mandatory guidelines set for standard OWASP Chapters, however there are generally special funds and people in place to provide support and guidance for these chapters. Visit the Student Chapters and Academic Supporter pages for details on these guidelines.
