This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Chapter Handbook: FAQ

From OWASP
Revision as of 06:19, 6 July 2017 by Tiffany.Long (talk | contribs) (save social media)

Jump to: navigation, search


How to Start a Chapter

Finding an OWASP Chapter

Before applying go an OWASP Chapter, please check the OWASP Chapter page.

How do you choose where to start another Chapter?

OWASP Chapters are started by volunteers passionate about helping to develop a security inclusive culture within their geographic area. When a potential Leader asks to start a new chapter, we first evaluate the location to make sure that it is not too close to an existing Chapter.

The evaluation takes the size of the local tech scene and travel time to existing Chapters into account. While what is considered reasonable travel times changes with each local area, a handy basic understanding is that anything under 2 hours travel time between areas will result in us looking closer and contacting the existing local Chapter Leaders to ensure that we will not strangle existing Chapters by spreading their membership too thin.

Okay, There are no Chapters near me, how do I get started?

Once you are ready to get started, you should read the Chapter Leader's Handbook and create a case using the OWASP Chapter Request Form.

The next step is that you will be invited to an orientation to help you plan your Chapter's beginning.

I was told my proposed Chapter was too close to an existing Chapter?

If your proposed Chapter is too close to an existing chapter, we will not be able to create it. However, you will be introduced to all of the nearest Chapter Leaders so that you can work to volunteer in the most applicable chapter.

I want a nation/regional/state/province wide Chapter

OWASP had a history of giving the first chapter in a nation the same of that country, however, as we are growing rapidly we have discontinued this and now name Chapters after the local city.

OWASP also maintains a policy of allowing Chapters to start small and grow or combine to cover larger areas. This means that Chapters cannot start by covering larger areas unless they show stable growth for their existing Chapter and show a plan to cover the different areas in their expanded geographic territory.

Getting Started

Choosing your Chapter's Audience

Most chapters choose to aim their content at a combination of security professionals and developers. Some choose to aim specifically at one or the other. Some chapters reach out to new AppSec Departments and managers to offer training to their teams. Many chapters work with their local universities to train students in AppSec with the aim of either bringing students directly into AppSec or to ensure the next generation includes security throughout the entire SDLC and encouraging DevSecOps mentality.

It is important to note that when starting a chapter it is best tailor your content to the audience that exists and grow that audience in the direction that is both best for the Chapter and most interesting to you.

Your Chapter's wiki page

Your Chapter's wiki is the record of all chapter activities. If you host a meeting or event that is not on the Chapter it never happened. If your Chapter grows large enough to need self governance, you must develop those rules in concert with your membership and post them on the Chapter wiki page. If this information is not on the Chapter wiki page it cannot be taken into account should a complaint be made.

What types of meetings should my Chapter have?

Common meeting types include:

    • Having 1-3 speakers with slide decks, Q&A, and light networking afterwards. This is the most common type of meeting and often considered the best for frequent use.

Supplementary meeting types include:

  • Social
    • Often used to supplement other meetings during months when another type of meeting is not happening, during a celebration, or in conjunction with other meetings
    • Capture the flag and other competitive events
    • Mentoring programs or sessions
    • Hackathon (you can look at helping local not-for-profits or OWASP projects)
    • Study groups
    • Training
    • Panels No matter what type of meetings you host they must be free unless special arrangements are made ahead of time with the foundation staff. Many chapters find it helpful to encourage new people by inviting them to report interesting news bites or seek help from a committee to perfect presentations.

My Chapter wants to host an event. How do we get started?

The purpose of chapters is to create a local community that  can support and evangelize Application Security.  We suggest that the best way to do this is to focus on growing a thriving community rather than focusing on hosting a large event in the first year.

That said, you can find all of the information you need about hosting an event on the How to Host a Conference page.

I want to grow my Chapter larger, do you have ideas that can help me?

Coming Soon

Basic Meeting Rules

How many meetings per year do we need to host?

To be considered active, all chapters must host at least 4 meetings per year. All of the meeting types listed above, plus many more are considered meetings in this count. Additionally, one regional or local event per year will also count as a meeting. In the case of National Chapters, local meetings also count towards the 4.

The reason we chose 4 meetings per year as the minimum number of meetings is that it takes this number of meetings to help create regular attendees who are attached to the Chapter's success. Having fewer meetings is both a sign of a failing chapter and often a cause of a failing chapter. Because of this, chapters who host fewer meetings will be counselled to help them find the best way of addressing their needs.

So after our 4 meetings can we charge to raise money for funds?

NO. Chapters can only charge for very specific reasons that are based on the content of the event. You can charge for training events, conferences, and particularly expensive speakers. If you have any questions you can send them to the staff using the Contact Us form.

Why do I need to post information on my wiki?

OWASP is an open organization. All information about your chapter must be put on the wiki. Furthermore, it is important to remember that for many people, the OWASP wiki is the first way they will encounter your Chapter. Most of the requests for chapters are actually for chapters that currently exist, but have no updates on the wiki.

Furthermore, more people would be interested and willing to devote time and energy to your Chapter if they can see a history of successful meetings, events, and governance.

What do you mean by "Free and Open?"

Being free and open means that meetings and resources must be free, and open to all who wish to come. Being open means that information about meetings and other events or resources must accessible. Maximum accessibility means having all of the information on the wiki early enough that people can plan to access the meetings.

What is Vendor Neutrality?

OWASP is vendor neutral, that means nothing we do can appear to support a particular vendor and nothing vendors do can claim that we support them.

  • You can ask people to speak about what they do, but they cannot:
    • Present a sales pitch
    • Discuss paid products in a way that is only valuable to their customers
    • Brand their talk
    • Request our mailing lists
  • They can speak about
    • Technical challenges and how they solved them
    • Security processes and how they developed them
    • Open source tools and how they used them
    • Learning, Educational, best practices, industry trends, etc.
  • If a speaker would like to offer a business card drawing or other method to get emails, it must be clear that participation is optional
  • The speaker can have their company’s logo on the first slide, but every other slide must be either unbranded or OWASP branded.

My chapter would like to sign this contract/accept this donation, how do I do it?

Chapters are not their own organizations and therefore are not allowed to accept money on their own.  Funds must be submitted first to the foundation and will then be set aside for your chapter.

Similarly chapters are not legal entities and cannot sign contracts.  All contracts must be signed by the foundation.

Social Media for Chapters

MeetUp

If you already have a meetup account

Invite the OWASP Foundation join your group.  You will need to follow these steps to move the meetup over to the main OWASP Account.  Do not worry, while you will be replacing yourself as the main organizer, according to our representative you will still have access to the account as an organizer and as per OWASP rules the account will still be managed by you as a chapter asset.

If you do not have a meetup account

Please send me a short statement describing who should come to your events and the city that most of your events will be taking place in.  Examples or the statement include:  

The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. 

and

OWASP is a thriving global community that drives visibility and evolution in the safety and security of the world’s software.  We hold meetings for like-minded security and development professionals to discuss discuss security from a range of perspectives. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. 

and

This is the meetup headquarters for the Bay Area chapter of the Open Web Application Security Project (OWASP). This group is dedicated to bringing together the massive amount of Bay Area web application security talent and interest in the form of presentations, talks, conferences, and any other kind of get-together we want to come up with.
We're looking to facilitate all types of meetings between members, from formal conferences to little meetups at a Bay Area coffee shop. The key advantage of meetup.com is that we can benefit from the shared calendar, which is available via iCal, Google Calendar, etc.
We encourage you to get involved in every way possible. Recommend events, put together a local meetup at a coffee shop, restaurant, or bar, or put together a talk to present at one of these venues.
We look forward to hearing from you and seeing you at a local event!

I want to host an event, how do I set up registration?

All registration systems that accept funds must be set up on the OWASP Foundation's account. Just remember that your chapter is not a legal entity in its own right, but rather it is more like a department.

Twitter

Coming Soon

Facebook

Coming Soon

Social Media Contract

Coming Soon

Funding

What is this Seed Money I learned of?

I heard that I could get grants?

How do memberships work for Chapters?

I saw some Chapters use sponsorships, what is this?

Who writes the sponsorship document?

What can I offer in return for sponsorships?

Wait, I thought I could not send my own contracts?

Who do I send Sponsorship contracts to?

The Reimbursement Process

What can I spend money on?

How long does it take to be paid?

How does my money come in?

Basics of the Wiki

How can I get a wiki account?

What should I post on the wiki?

Why should I post on the wiki?

Wiki tutorial

How to search the wiki