This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Governance/OWASP Committees"

From OWASP
Jump to: navigation, search
(Operational model for creation, operation, and termination of committees for OWASP governance.)
 
(updating the wording of cliff notes)
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
= OWASP Committees 2.0 Operational Model =
+
== '''OWASP Global Committees 2.0 Operational Model''' ==
Passed by a vote of the OWASP Board of Directors on July 16, 2014.
+
Passed by a vote of the OWASP Board of Directors on December 19, 2018.
  
 +
=== Summary ===
  
== I. Introduction ==
+
If an OWASP member wants to create a new OWASP committee the process for that is as follows: 
  
There is a disconnect amongst OWASP Leadership in terms of determining who is empowered to make decisions for our organization. It is our belief that the Board has expressed the desire to empower our leaders, but has, at times, questioned the decisions made.  The goal of the plan which follows is to empower all OWASP leaders who have an idea that merits action with the ability to act.
+
1.    The member must circulate the proposed committee, firstly through the OWASP mailing list. Optionally the member can use other mediums such as Slack so that more community members can lend support to the proposal. This proposal must state the rationale and the desired scope for the creation of the new committee. 
  
== II. High-Level Proposal ==
+
2.     The proposal must get majority support from those who responded to any communications about it and no major arguments against it. 
  
OWASP will once again reinstate a committee structure for participation in key aspects of our organization.  This may include Chapters, Projects, Conferences, Governance, and other topics to be determined later.  The key difference between the proposed committees and those of OWASP past will be in the empowerment to take action.  OWASP Committees may, at any time, conduct a vote to enact change within the stated scope of the committee without prior approval from the Board.
+
3.     If the previous requirement is met the OWASP Board of Directors will determine whether the committee and its scope is in line with OWASP’s goals and if any conflicts exist with other committees.
  
== III. Committee Creation ==
+
4.    If no conflict exists, the proposal will be discussed at the next Board of Directors meeting. This will involve community discussion and a vote on its formation. 
 +
[[File:ProcessFlowCommittee2.0.png|thumb|Process Flow Committee 2.0]]
 +
5.     If a majority vote is established, the Board of Directors will put out a public call for any OWASP members interesting in committee membership, with a 4 week time period. 
  
At any point in time, a community member may propose a new committee via the OWASP Leaders List stating their rationale and desired scope for creating a new committee.  After a community discussion, with perceived majority support and no major arguments against, the OWASP Board of Directors will establish whether there is a conflict of interest with any existing committees and whether the formation of that committee is in line with with OWASP goals.  If no conflict is determined to exist, the Board will initiate a public call for OWASP members interested in committee membership, via the OWASP Community mailing list, with a seven day time window.  So long as the committee receives at least five OWASP members applicants, the Board will vote on the committee creation. A majority vote of support from the Board is sufficient for establishment of a new committee with all OWASP member applicants being granted committee membership.
+
6.    If the committee gets three applications to join the new committee and creates a board to head up the new committee, then its proposal will be deemed successful and the committee is created. The required roles for a committee board are: 
 +
* Chair:  
 +
* Vice-Chair; and  
 +
* Secretary.   
  
== IV. Committee Scope ==
+
Other roles that a committee board can be made up of, but are not limited to, PR/Marketing, Web, Membership, Finance & Meetings/Conferences 
  
The scope of an OWASP committee is established during the initial proposal for the new committee.  In the event that a community member believes that a committee has taken actions outside of it’s scope or would like to adjust the scope of a committee, then they may state their rationale and desired response via the OWASP Leaders List.  After a community discussion, the OWASP Board of Directors will establish the validity of any scope disagreement or proposed scope amendment.  A majority vote of the Board of Directors is required to modify the scope of any OWASP committee.
+
<br>
  
== V. Committee Membership ==
+
<br>
 +
<br>
 +
== '''I. Introduction''' ==
 +
The OWASP Global Committees empower members of the community to help shape OWASP and make the best decisions for the Foundation. The goal of the Global Committees 2.0 plan is to streamline the process for any member of the OWASP community who has an idea to improve the Foundation, to have a vehicle to act upon the idea and successfully implement it.
  
Any community member is welcome to participate in and provide feedback to an OWASP committee. Committee membership (voting privileges and leadership responsibilities), however, is limited to those who meet the following criteria:
+
== '''II. High-Level Proposal''' ==
 +
OWASP’s committees participate in key aspects of our Foundation. This may include Chapters, Projects, Conferences, Governance, and other topics to be determined later. The key difference between the proposed committees and those of OWASP past will be in the empowerment to take action. OWASP believes that Committees should be empowered to vote on change , at any time, that is within the stated scope of the committee. If a committee wishes to change their scope, the committee should add the proposed change to the next BoD meeting for discussion. Once the BoD approves this change, the committee should bring the proposed change to the OWASP Community for feedback.
  
1) Individual must be an OWASP member in good standing.
+
== '''III. Committee Creation''' ==
2) Individual must have the written endorsement of either a current committee member or an OWASP Board member.
+
At any point in time, a community member may propose a new committee via the OWASP mailing lists including other mediums such as slack to ensure greater community coverage,stating their rationale and the desired scope for creating a new committee. After this discussion, with majority support from those who responded on these communications and no major arguments against, the OWASP Board of Directors (BoD) will determine whether there is a conflict of interest with any existing committees and whether the formation of that committee and its desired scope is in line with OWASP’s goals.
3) Individual must demonstrate a history of at least three months participation in the committee for which they are applying for membership.
 
  
Any person who satisfies the above criteria may, by way of the public committee communication medium outlined in section VIII below, request to be granted membership to the committee. The committee will then conduct a vote on the applicant, via the same medium, and if the majority of members agree, they will be granted committee membership as well.
+
If no conflict is determined to exist, the Board, at the next BoD meeting will invite community discussion and vote on its formation.  Once a majority vote is established, the BoD will initiate a public call for OWASP members interested in committee membership, via the OWASP Community mailing list, with a four-week time window. At this point, the committee will be formed once it receives at least five OWASP member applicants. These OWASP member applicants will be granted committee membership on successful completion of the proposed committee.
  
Active committees are responsible for conducting a poll of members, at least every six months, asking each if they would like to continue to serve on the committee.  Committee members who respond “No” or who do not respond at all during a seven day time window will be removed from membership.
+
A committee should have also a board with at least 5 members, each one having a specific role. Common roles:
 +
* Organization: Secretary, PR/Marketing, Web, Membership, Finance & Meetings/Conferences, although specific roles can be created at the discretion of the committee
  
A member of a committee leadership team may have their membership removed for reasons of inactivity over a period of at least six months or misconduct by a unanimous vote of the remaining members of the committee.
+
== '''IV. Committee Scope''' ==
 +
The scope of an OWASP committee is established during the initial proposal for the new committee. This scope should be submitted as a draft to the BoD for discussion purposes prior to the committee formation. The Board will assess if this scope is in line with OWASP’s goals and may seek alterations where necessary.
  
If at any point in time, for any reason, committee membership is less than five people, then the committee leadership must initiate a public call for OWASP members interested in committee membership with a seven day time window. All qualified applicants must be accepted to join the committee as committee members. If there are not at least five committee members at the end of the seven day window, the committee will automatically be removed due to a lack of participating interest with that committee’s functions being reassumed by the OWASP Board of Directors.
+
=== '''Conflict''' ===
 +
In the event that a community or staff member believes that a committee has taken actions outside of its scope, has abused the committee’s scope, or would like to adjust the scope of a committee, then they may state their rationale and desired response via the OWASP Leaders List. After a community discussion, the community or staff member will request that the OWASP Board of Directors establish the validity of the scope disagreement or proposed scope amendment. A majority vote of the Board is required to modify the scope of any OWASP committee.
 +
 
 +
If there is a conflict within the committee, the conflict should be brought to the OWASP Compliance Committee who will rule on the conflict based on available evidence and where necessary interviews with the relevant personnel.
  
 
Committee members are required to report any infractions of OWASP Foundation policies and procedures to the OWASP Board of Directors.
 
Committee members are required to report any infractions of OWASP Foundation policies and procedures to the OWASP Board of Directors.
  
== VI. OWASP Staff Participation ==
+
== '''V. Committee Membership''' ==
 
+
Any OWASP community member is welcome to participate in and provide feedback to an OWASP committee. Committee membership (voting privileges and leadership responsibilities), however, is limited to those who meet the following criteria:
The OWASP Foundation will provide a designated staff member to support each active committee from an operational perspective.  The staff member may participate in the committee as a community member, but will not serve as a voting member of the leadership team due to a potential conflict of interest.  Participating staff are required to report any infractions of OWASP Foundation policies and procedures, by the committee, to the OWASP Board of Directors.  The committee leadership team will be invited to provide feedback for the assessment of their assigned staff member by being invited to provide an annual evaluation of their committee related activities, capability and professionalism.
+
# Individual must be an OWASP member in good standing; or
 
+
# Individual must have the written endorsement of either a current committee member or an OWASP Board member; or
== VII. OWASP Board Participation ==
+
# Individual must demonstrate a history of at least three months participation in the committee for which they are applying for membership.
 
+
Any person who satisfies the above criteria may, by way of the public committee communication medium outlined in section VIII below, request to be granted membership to the committee. The committee will then conduct a vote on the applicant, via the same medium, and if the majority of members agree, they will be granted committee membership as well.
Members of the OWASP Board of Directors are allowed to become committee members, but participate as normal committee members with no special powers either expressed or implied.  While Board member participation in committees is encouraged, Board members must refrain from taking an active leadership role for the committee.
 
 
 
== VIII. Committee Communication ==
 
 
 
All committees are required to hold their discussions in the open in order to enable participation by any member of the community.  All official committee discussions (written and verbal) must be archived in a publicly accessible location so that the community may observe committee actions at any point in time.  Use of the OWASP Force Portal for Committees is strongly encouraged as it provides logical conversation grouping, an archive of conversations, document attachment capability, participation metrics, and more, but other technologies may be used as long as it is agreed upon by all committee members and all relevant information is linked from the respective Committee wiki page. Committees that wish to solicit assistance from outside participants for committee activities are strongly encouraged to do so using the OWASP Initiatives framework.
 
 
 
Committees are required to notify the OWASP Community, via the OWASP Leaders List, in writing of any official votes and provide a written summary of actions taken on a minimum of a monthly basis.  Committee decisions are considered official once a record has been published to the community.  The Board is responsible for reviewing committee actions and ensuring that the committee is acting within it’s pre-defined scope and in accordance with the OWASP Foundation Bylaws as well as all other applicable policies and procedures.
 
 
 
== IX. Committee Organization ==
 
 
 
All committees are responsible for being self-organized.  The includes determining their own leadership structure, coordinating committee meeting schedules at least monthly, taking and publishing notes of committee meetings, assembling monthly action summaries, culling inactive committee members, and ensuring compliance within the defined scope and various OWASP policies and procedures.
 
 
 
== X. Committee Removal ==
 
  
If at any point in time an OWASP Leader believes that a committee is no longer necessary or that the scope of one committee conflicts with the scope of another, they may bring up this concern via the OWASP Leaders List. After a community discussion, the OWASP Board of Directors will hold a vote on the committee removal.  A ⅔ majority vote of the Board is required for the removal of a committee.
+
Active committees are responsible for conducting a poll of members, at least every six months, by the committee staff liaison, asking each if they would like to continue to serve on the committee. Committee members who respond “No” or who do not respond at all during a two-week time window will be removed from membership by the committee.
  
== XI. Empowerment ==
+
A member of a committee leadership team may have their membership removed for reasons of inactivity over a period of at least six months or misconduct as determined by a unanimous vote of the remaining members of the committee. If the committee feels that they do not have the required capability to deal with this misconduct, they may submit the case and all relevant documentation to the compliance committee for review.
  
As the goal of this proposal is the empower our leaders to be able to take action on behalf of the organization, no Board vote is necessary for any initiative of the committee provided that the following is true:
+
=== '''Lack of Participation''' ===
 +
If at any point in time, for any reason, committee membership is less than five people, then the committee leadership must initiate a public call for OWASP members interested in committee membership with a four-week time window. All qualified applicants must be accepted to join the committee as committee members. If there are not at least five committee members at the end of the four-week time window, the committee will lose its authoritative function, and will function only as in an advisory capacity. All related decision-making will automatically be re-assumed by the OWASP Board of Directors. Committee members are required to report any infractions of OWASP Foundation policies and procedures to the OWASP Board of Directors.
  
1) The action is within the stated scope of the committee.
+
== '''VI. OWASP Staff Participation''' ==
 +
The OWASP Foundation will provide a designated staff member to support each active committee from an operational perspective. The staff member may participate in the committee as a community member, but will not serve as a voting member of the leadership team due to a potential conflict of interest. Participating staff are required to report any infractions of OWASP Foundation policies and procedures, by the committee, to the OWASP Board of Directors. The committee leadership team will be invited to provide feedback for the assessment of their assigned staff member by being invited to provide an annual evaluation of their committee related activities, capability and professionalism.
  
2) If money is required, the action follows the guidelines set forth in the Community Engagement Funding document.
+
== '''VII. OWASP Board Participation''' ==
 +
Members of the OWASP Board of Directors are allowed to become committee members, but participate as normal committee members with no special powers either expressed or implied. While Board member participation in committees is encouraged, Board members must refrain from taking an active leadership role for the committee.
  
3) No contracts are being executed by the committee on behalf of the OWASP Foundation.
+
== '''VIII. Committee Communication''' ==
 +
All committees are required to hold their discussions in the open in order to enable participation by any member of the community. All committee discussions (written and verbal) must be archived in a publicly accessible location so that the community may observe committee actions at any point in time. Use of the OWASP Force Portal for Committees is strongly encouraged as it provides logical conversation grouping, an archive of conversations, document attachment capability, participation metrics, and more, but other technologies may be used as long as it is agreed upon by all committee members and all relevant information is linked from the respective Committee wiki page. Committees that wish to solicit assistance from outside participants for committee activities are strongly encouraged to do so using the OWASP Initiatives framework.
  
4) The action is in line with the OWASP Foundation Code of Ethics and is pursuant to OWASP’s mission.
+
Committees are required to notify the OWASP Community, via OWASP mailing lists including other mediums such as slack to ensure greater community coverage, in writing of any official votes and provide a written summary of actions taken on a minimum of a monthly basis or as necessary. Committee decisions are considered official once a record has been published to the community. The BoD is responsible for reviewing committee actions and ensuring that the committee is acting within its predefined scope and in accordance with the OWASP Foundation Bylaws as well as all other applicable policies and procedures.
  
If any of these is not true, then the OWASP Board of Directors should be consulted for approval prior to the committees execution.
+
== '''IX. Committee Organization''' ==
 +
All committees are responsible for being self-organized. This includes determining their own leadership structure, coordinating committee meeting schedules at least monthly, taking and publishing minutes of committee meetings, assembling monthly action summaries, culling inactive committee members, and ensuring compliance within the defined scope and various OWASP policies and procedures.
  
== XII. Accountability ==
+
== '''X. Committee Removal''' ==
 +
If at any point in time an OWASP Leader believes that a committee is no longer necessary or that the scope of one committee conflicts with the scope of another, they may bring up this concern via the OWASP Leaders List. After a community discussion, the OWASP BoD will hold a vote on the committee removal. A ⅔ majority vote of the Board is required for the removal of a committee.
  
Because the committee is acting on behalf of the OWASP Foundation, but as a separate entity from the OWASP Board, the committee members are expected to conduct their actions with regard to the OWASP Mission, the OWASP Code of Ethics, and the Board’s annual strategic goals. The committee and it’s members will ultimately be held accountable for any actions that are not in line with these key principles or that are outside of the pre-determined scope of the committee.  Perceived violations should be brought to the attention of the OWASP Leaders List along with all substantiating evidence.  After a community discussion, the Board may veto the actions of the committee by a majority vote of the Board of Directors.
+
== '''XI. Empowerment''' ==
 +
As the goal of this proposal is to empower the community to make decisions for the betterment of the Foundation, no Board vote is necessary for any initiative,  provided that the following is true:
 +
# The action is within the predetermined scope of the committee;
 +
# The action does not directly affect other OWASP functions such as projects
 +
# If money is required, the action follows the guidelines set forth in the Community Engagement Funding document;
 +
# No contracts are being executed by the committee on behalf of the OWASP Foundation; and
 +
# The action is in line with the OWASP Foundation Code of Ethics and is pursuant to OWASP’s mission.
 +
# If any of these is not true, then the OWASP BoD should be consulted for approval prior to the committee’s execution.
  
== XIII. Conclusion ==
+
== '''XII. Accountability''' ==
 +
Because the committee is acting on behalf of the OWASP Foundation, but as a separate entity from the OWASP BoD, the committee members are expected to conduct their actions with regard to the OWASP Mission, the OWASP Code of Ethics, and the BoD’s annual strategic goals. The committee and it’s members will ultimately be held accountable for any actions that are not in line with these key principles or that are outside of the predetermined scope of the committee. Alleged violations should be brought to the attention of the OWASP Leaders List along with all substantiating evidence. After a community discussion, the Board may veto the actions of the committee by a majority vote of the BoD.
  
We believe that empowering our volunteers to take action is core to the execution of OWASP’s mission. With the above committee structure, we believe that the right pieces will be in place to provide the organization with effective governance as well as checks and balances to ensure unbiased operation. We hope that you will agree that executing on this is in the bests interests of the future of the OWASP Foundation.
+
== '''XIII. Conclusion''' ==
 +
We believe that empowering our volunteers to take action is core to OWASP’s mission. With the above committee structure, we believe that the right pieces will be in place to provide the Foundation with effective governance as well as checks and balances to ensure unbiased operation. We hope that you will agree that executing on this is in the best interests of the future of the OWASP Foundation.

Latest revision as of 18:56, 5 August 2019

OWASP Global Committees 2.0 Operational Model

Passed by a vote of the OWASP Board of Directors on December 19, 2018.

Summary

If an OWASP member wants to create a new OWASP committee the process for that is as follows: 

1.    The member must circulate the proposed committee, firstly through the OWASP mailing list. Optionally the member can use other mediums such as Slack so that more community members can lend support to the proposal. This proposal must state the rationale and the desired scope for the creation of the new committee. 

2.     The proposal must get majority support from those who responded to any communications about it and no major arguments against it. 

3.     If the previous requirement is met the OWASP Board of Directors will determine whether the committee and its scope is in line with OWASP’s goals and if any conflicts exist with other committees.

4.    If no conflict exists, the proposal will be discussed at the next Board of Directors meeting. This will involve community discussion and a vote on its formation. 

Process Flow Committee 2.0

5.     If a majority vote is established, the Board of Directors will put out a public call for any OWASP members interesting in committee membership, with a 4 week time period. 

6.    If the committee gets three applications to join the new committee and creates a board to head up the new committee, then its proposal will be deemed successful and the committee is created. The required roles for a committee board are: 

  • Chair:  
  • Vice-Chair; and  
  • Secretary.   

Other roles that a committee board can be made up of, but are not limited to, PR/Marketing, Web, Membership, Finance & Meetings/Conferences 




I. Introduction

The OWASP Global Committees empower members of the community to help shape OWASP and make the best decisions for the Foundation. The goal of the Global Committees 2.0 plan is to streamline the process for any member of the OWASP community who has an idea to improve the Foundation, to have a vehicle to act upon the idea and successfully implement it.

II. High-Level Proposal

OWASP’s committees participate in key aspects of our Foundation. This may include Chapters, Projects, Conferences, Governance, and other topics to be determined later. The key difference between the proposed committees and those of OWASP past will be in the empowerment to take action. OWASP believes that Committees should be empowered to vote on change , at any time, that is within the stated scope of the committee. If a committee wishes to change their scope, the committee should add the proposed change to the next BoD meeting for discussion. Once the BoD approves this change, the committee should bring the proposed change to the OWASP Community for feedback.

III. Committee Creation

At any point in time, a community member may propose a new committee via the OWASP mailing lists including other mediums such as slack to ensure greater community coverage,stating their rationale and the desired scope for creating a new committee. After this discussion, with majority support from those who responded on these communications and no major arguments against, the OWASP Board of Directors (BoD) will determine whether there is a conflict of interest with any existing committees and whether the formation of that committee and its desired scope is in line with OWASP’s goals.

If no conflict is determined to exist, the Board, at the next BoD meeting will invite community discussion and vote on its formation.  Once a majority vote is established, the BoD will initiate a public call for OWASP members interested in committee membership, via the OWASP Community mailing list, with a four-week time window. At this point, the committee will be formed once it receives at least five OWASP member applicants. These OWASP member applicants will be granted committee membership on successful completion of the proposed committee.

A committee should have also a board with at least 5 members, each one having a specific role. Common roles:

  • Organization: Secretary, PR/Marketing, Web, Membership, Finance & Meetings/Conferences, although specific roles can be created at the discretion of the committee

IV. Committee Scope

The scope of an OWASP committee is established during the initial proposal for the new committee. This scope should be submitted as a draft to the BoD for discussion purposes prior to the committee formation. The Board will assess if this scope is in line with OWASP’s goals and may seek alterations where necessary.

Conflict

In the event that a community or staff member believes that a committee has taken actions outside of its scope, has abused the committee’s scope, or would like to adjust the scope of a committee, then they may state their rationale and desired response via the OWASP Leaders List. After a community discussion, the community or staff member will request that the OWASP Board of Directors establish the validity of the scope disagreement or proposed scope amendment. A majority vote of the Board is required to modify the scope of any OWASP committee.

If there is a conflict within the committee, the conflict should be brought to the OWASP Compliance Committee who will rule on the conflict based on available evidence and where necessary interviews with the relevant personnel.

Committee members are required to report any infractions of OWASP Foundation policies and procedures to the OWASP Board of Directors.

V. Committee Membership

Any OWASP community member is welcome to participate in and provide feedback to an OWASP committee. Committee membership (voting privileges and leadership responsibilities), however, is limited to those who meet the following criteria:

  1. Individual must be an OWASP member in good standing; or
  2. Individual must have the written endorsement of either a current committee member or an OWASP Board member; or
  3. Individual must demonstrate a history of at least three months participation in the committee for which they are applying for membership.

Any person who satisfies the above criteria may, by way of the public committee communication medium outlined in section VIII below, request to be granted membership to the committee. The committee will then conduct a vote on the applicant, via the same medium, and if the majority of members agree, they will be granted committee membership as well.

Active committees are responsible for conducting a poll of members, at least every six months, by the committee staff liaison, asking each if they would like to continue to serve on the committee. Committee members who respond “No” or who do not respond at all during a two-week time window will be removed from membership by the committee.

A member of a committee leadership team may have their membership removed for reasons of inactivity over a period of at least six months or misconduct as determined by a unanimous vote of the remaining members of the committee. If the committee feels that they do not have the required capability to deal with this misconduct, they may submit the case and all relevant documentation to the compliance committee for review.

Lack of Participation

If at any point in time, for any reason, committee membership is less than five people, then the committee leadership must initiate a public call for OWASP members interested in committee membership with a four-week time window. All qualified applicants must be accepted to join the committee as committee members. If there are not at least five committee members at the end of the four-week time window, the committee will lose its authoritative function, and will function only as in an advisory capacity. All related decision-making will automatically be re-assumed by the OWASP Board of Directors. Committee members are required to report any infractions of OWASP Foundation policies and procedures to the OWASP Board of Directors.

VI. OWASP Staff Participation

The OWASP Foundation will provide a designated staff member to support each active committee from an operational perspective. The staff member may participate in the committee as a community member, but will not serve as a voting member of the leadership team due to a potential conflict of interest. Participating staff are required to report any infractions of OWASP Foundation policies and procedures, by the committee, to the OWASP Board of Directors. The committee leadership team will be invited to provide feedback for the assessment of their assigned staff member by being invited to provide an annual evaluation of their committee related activities, capability and professionalism.

VII. OWASP Board Participation

Members of the OWASP Board of Directors are allowed to become committee members, but participate as normal committee members with no special powers either expressed or implied. While Board member participation in committees is encouraged, Board members must refrain from taking an active leadership role for the committee.

VIII. Committee Communication

All committees are required to hold their discussions in the open in order to enable participation by any member of the community. All committee discussions (written and verbal) must be archived in a publicly accessible location so that the community may observe committee actions at any point in time. Use of the OWASP Force Portal for Committees is strongly encouraged as it provides logical conversation grouping, an archive of conversations, document attachment capability, participation metrics, and more, but other technologies may be used as long as it is agreed upon by all committee members and all relevant information is linked from the respective Committee wiki page. Committees that wish to solicit assistance from outside participants for committee activities are strongly encouraged to do so using the OWASP Initiatives framework.

Committees are required to notify the OWASP Community, via OWASP mailing lists including other mediums such as slack to ensure greater community coverage, in writing of any official votes and provide a written summary of actions taken on a minimum of a monthly basis or as necessary. Committee decisions are considered official once a record has been published to the community. The BoD is responsible for reviewing committee actions and ensuring that the committee is acting within its predefined scope and in accordance with the OWASP Foundation Bylaws as well as all other applicable policies and procedures.

IX. Committee Organization

All committees are responsible for being self-organized. This includes determining their own leadership structure, coordinating committee meeting schedules at least monthly, taking and publishing minutes of committee meetings, assembling monthly action summaries, culling inactive committee members, and ensuring compliance within the defined scope and various OWASP policies and procedures.

X. Committee Removal

If at any point in time an OWASP Leader believes that a committee is no longer necessary or that the scope of one committee conflicts with the scope of another, they may bring up this concern via the OWASP Leaders List. After a community discussion, the OWASP BoD will hold a vote on the committee removal. A ⅔ majority vote of the Board is required for the removal of a committee.

XI. Empowerment

As the goal of this proposal is to empower the community to make decisions for the betterment of the Foundation, no Board vote is necessary for any initiative,  provided that the following is true:

  1. The action is within the predetermined scope of the committee;
  2. The action does not directly affect other OWASP functions such as projects
  3. If money is required, the action follows the guidelines set forth in the Community Engagement Funding document;
  4. No contracts are being executed by the committee on behalf of the OWASP Foundation; and
  5. The action is in line with the OWASP Foundation Code of Ethics and is pursuant to OWASP’s mission.
  6. If any of these is not true, then the OWASP BoD should be consulted for approval prior to the committee’s execution.

XII. Accountability

Because the committee is acting on behalf of the OWASP Foundation, but as a separate entity from the OWASP BoD, the committee members are expected to conduct their actions with regard to the OWASP Mission, the OWASP Code of Ethics, and the BoD’s annual strategic goals. The committee and it’s members will ultimately be held accountable for any actions that are not in line with these key principles or that are outside of the predetermined scope of the committee. Alleged violations should be brought to the attention of the OWASP Leaders List along with all substantiating evidence. After a community discussion, the Board may veto the actions of the committee by a majority vote of the BoD.

XIII. Conclusion

We believe that empowering our volunteers to take action is core to OWASP’s mission. With the above committee structure, we believe that the right pieces will be in place to provide the Foundation with effective governance as well as checks and balances to ensure unbiased operation. We hope that you will agree that executing on this is in the best interests of the future of the OWASP Foundation.