This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Codes of Conduct"

From OWASP
Jump to: navigation, search
(Main tab layout)
Line 1: Line 1:
 
==== Main  ====
 
==== Main  ====
 
===Project's Purpose ===
 
===Project's Purpose ===
This project envisages to create and maintain OWASP Codes of Conduct. In order to achieve our mission, OWASP needs to take advantage of every opportunity to affect software development everywhere. At the [[:Summit 2011 Working Sessions/Session255|OWASP Summit 2011]] in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve. In this context the following codes will be produced:
+
OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks"
*The OWASP "Green Book" - '''The OWASP Application Security Code of Conduct for Government Bodies''',
+
 
*The OWASP "Blue Book" - '''The OWASP Application Security Code of Conduct for Educational Institutions''',
+
At the [[Summit 2011]] in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve.
*The OWASP "Yellow Book" - '''The OWASP Application Security Code of Conduct for Standards Groups''',
+
 
*The OWASP "Purple Book" - '''The OWASP Application Security Code of Conduct for Trade Organizations''',
+
This project develops and maintains OWASP Codes of Conduct, and began with those initially created at the working sessions on [[:Summit 2011 Working Sessions/Session255|Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies]] and [[:Summit 2011 Working Sessions/Session039|Certification]] at the 2011 OWASP Summit in Portugal.
*The OWASP "Red Book" - '''The OWASP Application Security Code of Conduct for Certifying Bodies'''.
+
 
 +
 
 +
===The Codes of Practice===
 +
 
 +
{| width="100%" cellspacing="20" cellpadding="10"
 +
|- valign="top"
 +
| width="33%" style="background:#e6f5e9" |
 +
== OWASP Green Book ==
 +
 
 +
''The OWASP Application Security Code of Conduct for Government Bodies''
 +
 
 +
'''Download the current release'''
 +
 
 +
v1.0 draft:
 +
 
 +
* English version PDF
 +
* English version MS Word
 +
 
 +
'''Translations'''
 +
 
 +
None are currently available.
 +
 
 +
 
 +
| width="33%" style="background:#e6eef6" |
 +
== OWASP Blue Book ==
 +
 
 +
''The OWASP Application Security Code of Conduct for Educational Institutions''
 +
 
 +
'''Download the current release'''
 +
 
 +
v1.0 draft:
 +
 
 +
* English version PDF
 +
* English version MS Word
 +
 
 +
'''Translations'''
 +
 
 +
None are currently available.
 +
 
 +
 
 +
| width="33%" style="background:#fafcdb" |
 +
== OWASP Yellow Book ==
 +
 
 +
''The OWASP Application Security Code of Conduct for Standards Groups''
 +
 
 +
'''Download the current release'''
 +
 
 +
v1.0 draft:
 +
 
 +
* English version PDF
 +
* English version MS Word
 +
 
 +
'''Translations'''
 +
 
 +
None are currently available.
 +
 
 +
 
 +
|- valign="top"
 +
| style="background:#ecdcfd" |
 +
== OWASP Purple Book ==
 +
 
 +
''The OWASP Application Security Code of Conduct for Trade Organizations''
 +
 
 +
'''Download the current release'''
 +
 
 +
v1.0 draft:
 +
 
 +
* English version PDF
 +
* English version MS Word
 +
 
 +
'''Translations'''
 +
 
 +
None are currently available.
 +
 
 +
 
 +
| style="background:#f1d8d7" |
 +
== OWASP Red Book ==
 +
 
 +
''The OWASP Application Security Code of Conduct for Certifying Bodies''
 +
 
 +
'''Download the current release'''
 +
 
 +
v1.0 draft:
 +
 
 +
* English version PDF
 +
* English version MS Word
 +
 
 +
'''Translations'''
 +
 
 +
None are currently available.
 +
 
 +
| style="background:#ffffff" |
 +
==  What's missing? ==
 +
 
 +
What other types of organization might be able to support OWASP's mission?  What are the most important things they should do?
 +
 
 +
Join in the [https://lists.owasp.org/mailman/listinfo/owasp-codes-of-conduct OWASP Codes of Conduct Mailing List] with your suggestions and feedback.
 +
 
 +
|}
 +
 
 +
The Codes of Conduct are all licensed with a [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution ShareAlike 3.0 license].
 +
 
 +
 
 +
===Project Details===
 +
 
 +
Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions.  All the Codes are discussed on a single shared mailing list.  It is free and open.
 +
 
  
 
====  Government Bodies ====
 
====  Government Bodies ====

Revision as of 17:29, 15 June 2011

Main

Project's Purpose

OWASP needs to take advantage of every opportunity to affect software development everywhere to achieve our mission "to make application security visible so that people and organizations can make informed decisions about application security risks"

At the Summit 2011 in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a “code of conduct” to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achieve.

This project develops and maintains OWASP Codes of Conduct, and began with those initially created at the working sessions on Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies and Certification at the 2011 OWASP Summit in Portugal.


The Codes of Practice

OWASP Green Book

The OWASP Application Security Code of Conduct for Government Bodies

Download the current release

v1.0 draft:

  • English version PDF
  • English version MS Word

Translations

None are currently available.


OWASP Blue Book

The OWASP Application Security Code of Conduct for Educational Institutions

Download the current release

v1.0 draft:

  • English version PDF
  • English version MS Word

Translations

None are currently available.


OWASP Yellow Book

The OWASP Application Security Code of Conduct for Standards Groups

Download the current release

v1.0 draft:

  • English version PDF
  • English version MS Word

Translations

None are currently available.


OWASP Purple Book

The OWASP Application Security Code of Conduct for Trade Organizations

Download the current release

v1.0 draft:

  • English version PDF
  • English version MS Word

Translations

None are currently available.


OWASP Red Book

The OWASP Application Security Code of Conduct for Certifying Bodies

Download the current release

v1.0 draft:

  • English version PDF
  • English version MS Word

Translations

None are currently available.

What's missing?

What other types of organization might be able to support OWASP's mission? What are the most important things they should do?

Join in the OWASP Codes of Conduct Mailing List with your suggestions and feedback.

The Codes of Conduct are all licensed with a Creative Commons Attribution ShareAlike 3.0 license.


Project Details

Click on the other tabs to see project information on each of the codes, including contributors, releases, assessment status and prior versions. All the Codes are discussed on a single shared mailing list. It is free and open.


Government Bodies

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: The OWASP "Green Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
The OWASP "Green Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
last reviewed release
The OWASP "Green Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

  • Formal review
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases

Educational Institutions

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: The OWASP "Blue Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Educational Institutions/The OWASP "Blue Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
The OWASP "Blue Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Educational Institutions/The OWASP "Blue Book", version v1.1.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
last reviewed release
The OWASP "Blue Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

  • Formal review
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases

Standards Groups

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: The OWASP "Yellow Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Standards Groups/The OWASP "Yellow Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
The OWASP "Yellow Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Standards Groups/The OWASP "Yellow Book", version v1.1.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
last reviewed release
The OWASP "Yellow Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

  • Formal review
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases

Trade Organizations

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: The OWASP "Purple Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Trade Organizations/The OWASP "Purple Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
current release
The OWASP "Purple Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Trade Organizations/The OWASP "Purple Book", version v1.1.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
last reviewed release
The OWASP "Purple Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

  • Formal review
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases

Certifying Bodies

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: The OWASP "Red Book" (home page)
Purpose: This effort envisages to create and maintain The OWASP Application Security Code of Conduct for Certifying Bodies/The OWASP "Red Book".
License: Creative Commons Attribution ShareAlike 3.0 license
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
The OWASP "Red Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Certifying Bodies/The OWASP "Red Book", Version v1.1.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
last reviewed release
The OWASP "Red Book" v1.1 - March 27, 2013 - (download)
Release description: This effort publishes a release version of The OWASP Application Security Code of Conduct for Government Bodies/The OWASP "Green Book", version v1.1

This release includes the following significant changes:

  • Formal review
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases