This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Codes of Conduct"
(→OWASP Blue Book: 1.17 Release) |
m (→Classifications: Corrected status to Labs) |
||
(19 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Main = | = Main = | ||
+ | |||
===Project's Purpose === | ===Project's Purpose === | ||
− | OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks" | + | OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks". |
At the [[Summit 2011]] in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve. | At the [[Summit 2011]] in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve. | ||
Line 13: | Line 14: | ||
===The Codes of Conduct=== | ===The Codes of Conduct=== | ||
− | The current versions (all | + | The current versions (all now Stable Release Quality) are listed below. See each tab for more project details or read the summary pamphlet (English version [https://www.owasp.org/index.php/File:OWASP_Codes-of-Conduct_Pamphlet.pdf PDF] and [https://www.owasp.org/index.php/File:OWASP_Codes-of-Conduct_Pamphlet.docx MS Word]) and [http://www.appsecusa.org/p/codesofconduct.pdf presentation]. |
{| width="100%" cellspacing="20" cellpadding="10" | {| width="100%" cellspacing="20" cellpadding="10" | ||
|- valign="top" | |- valign="top" | ||
| width="33%" style="background:#e6f5e9" | | | width="33%" style="background:#e6f5e9" | | ||
+ | |||
== OWASP Green Book == | == OWASP Green Book == | ||
Line 24: | Line 26: | ||
'''Download the current release''' | '''Download the current release''' | ||
− | v1. | + | v1.18 Release: |
* [[Media:OWASP_Green_Book-Governmental_Bodies.pdf|English version PDF]] | * [[Media:OWASP_Green_Book-Governmental_Bodies.pdf|English version PDF]] | ||
Line 42: | Line 44: | ||
'''Download the current release''' | '''Download the current release''' | ||
− | v1. | + | v1.18 Release: |
* [[Media:OWASP_Blue_Book-Educational_Institutions.pdf|English version PDF]] | * [[Media:OWASP_Blue_Book-Educational_Institutions.pdf|English version PDF]] | ||
Line 60: | Line 62: | ||
'''Download the current release''' | '''Download the current release''' | ||
− | v1. | + | v1.18 Release: |
* [[Media:OWASP_Yellow_Book-Standards_Groups.pdf|English version PDF]] | * [[Media:OWASP_Yellow_Book-Standards_Groups.pdf|English version PDF]] | ||
Line 79: | Line 81: | ||
'''Download the current release''' | '''Download the current release''' | ||
− | v1. | + | v1.18 Release: |
* [[Media:OWASP_Purple_Book-Trade_Organizations.pdf|English version PDF]] | * [[Media:OWASP_Purple_Book-Trade_Organizations.pdf|English version PDF]] | ||
Line 86: | Line 88: | ||
'''Translations''' | '''Translations''' | ||
− | None are currently available. | + | None are currently available. Can you help? |
Line 97: | Line 99: | ||
'''Download the current release''' | '''Download the current release''' | ||
− | v1. | + | v1.18 Release: |
* [[Media:OWASP_Red_Book-Certifying_Bodies.pdf|English version PDF]] | * [[Media:OWASP_Red_Book-Certifying_Bodies.pdf|English version PDF]] | ||
Line 114: | Line 116: | ||
'''Download the current release''' | '''Download the current release''' | ||
− | v1. | + | v1.18 Release: |
* [[Media:OWASP_Gray_Book-Development_Organizations.pdf|English version PDF]] | * [[Media:OWASP_Gray_Book-Development_Organizations.pdf|English version PDF]] | ||
Line 127: | Line 129: | ||
|} | |} | ||
− | === <div id="missing">What's | + | {| style="padding:0;margin:0;margin-top:10px;text-align:left;" |
+ | |- | ||
+ | | valign="top" width="67%" style="padding-right:25px;" | | ||
+ | |||
+ | === <div id="missing">What's Missing?</div> === | ||
What other types of organization might be able to support OWASP's mission? What are the most important things they should do? | What other types of organization might be able to support OWASP's mission? What are the most important things they should do? | ||
Line 141: | Line 147: | ||
Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions. All the Codes are discussed on a single shared [https://lists.owasp.org/mailman/listinfo/owasp-codes-of-conduct mailing list]. It is free and open. | Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions. All the Codes are discussed on a single shared [https://lists.owasp.org/mailman/listinfo/owasp-codes-of-conduct mailing list]. It is free and open. | ||
+ | ===Licensing=== | ||
+ | |||
+ | The OWASP Codes of Conduct are free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | ||
+ | |||
+ | © OWASP Foundation | ||
+ | |||
+ | | valign="top" width="33%" | | ||
+ | |||
+ | ===Aggregated Book=== | ||
+ | |||
+ | There is also an aggregated booklet format (English version [https://www.owasp.org/index.php/File:OWASP_Codes-of-Conduct_Aggregated-Booklet.docx MS Word]) incorporating all six. This is also available to buy at cost printed in colour from [http://www.lulu.com/shop/owasp-foundation/owasp-codes-of-conduct/paperback/product-21247130.html Lulu.com]. | ||
+ | |||
+ | [[File:Codes-of-conduct-lulu-small.jpg|link=http://www.lulu.com/shop/owasp-foundation/owasp-codes-of-conduct/paperback/product-21247130.html]] | ||
+ | |||
+ | ===News=== | ||
+ | * [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Review and publish v1.18 | ||
+ | |||
+ | |- | ||
+ | | valign="top" | | ||
===Lost? Not What You Were Looking For?=== | ===Lost? Not What You Were Looking For?=== | ||
Line 162: | Line 187: | ||
* [[:OWASP:Privacy policy|Privacy]] | * [[:OWASP:Privacy policy|Privacy]] | ||
+ | | valign="top" | | ||
+ | |||
+ | ==Classifications== | ||
+ | |||
+ | {| width="200" cellpadding="2" | ||
+ | |- | ||
+ | | align="center" valign="top" width="50%" rowspan="2"| [[Image:Owasp-labs-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Lab_Projects]] | ||
+ | | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] | ||
+ | |- | ||
+ | | align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=Breakers]] | ||
+ | |- | ||
+ | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
+ | |- | ||
+ | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] | ||
+ | |} | ||
+ | |||
+ | |} | ||
= Government Bodies = | = Government Bodies = | ||
Line 188: | Line 230: | ||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
− | [[Category:OWASP_Project|Codes of Conduct]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category: | + | [[Category:OWASP_Project|Codes of Conduct]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]] |
Latest revision as of 11:10, 19 May 2015
- Main
- Government Bodies
- Educational Institutions
- Standards Groups
- Trade Organizations
- Certifying Bodies
- Development Organizations
Project's Purpose
OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks".
At the Summit 2011 in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve.
This project develops and maintains OWASP Codes of Conduct, and began with those initially created at the following working sessions at the 2011 OWASP Summit:
- Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies
- Certification
- Outreach to Educational Institutions
The Codes of Conduct
The current versions (all now Stable Release Quality) are listed below. See each tab for more project details or read the summary pamphlet (English version PDF and MS Word) and presentation.
OWASP Green BookThe OWASP Application Security Code of Conduct for Government Bodies Download the current release v1.18 Release: Translations None are currently available.
|
OWASP Blue BookThe OWASP Application Security Code of Conduct for Educational Institutions Download the current release v1.18 Release: Translations None are currently available.
|
OWASP Yellow BookThe OWASP Application Security Code of Conduct for Standards Groups Download the current release v1.18 Release: Translations None are currently available.
|
OWASP Purple BookThe OWASP Application Security Code of Conduct for Trade Organizations Download the current release v1.18 Release: Translations None are currently available. Can you help?
|
OWASP Red BookThe OWASP Application Security Code of Conduct for Certifying Bodies Download the current release v1.18 Release: Translations None are currently available. |
OWASP Gray BookThe OWASP Application Security Code of Conduct for Development Organizations Download the current release v1.18 Release: Translations None are currently available.
|
|
Aggregated BookThere is also an aggregated booklet format (English version MS Word) incorporating all six. This is also available to buy at cost printed in colour from Lulu.com. News
| |||||||
Lost? Not What You Were Looking For?These Codes relate to OWASP's aspirations for other types of organization. If you were looking for OWASP internal strategic and operational policies and processes, you might want to look at some of the following. They are not part of the OWASP Codes of Conduct Project.
|
Classifications |
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|