Below is the current version of the OWASP ByLaws and prior versions linked as PDF files. If you would like to suggest a change to the OWASP ByLaws, please make those suggestions on the OWASP ByLaws Git repository either with a pull request or opening up an issue in that repo. All changes must be approved by a vote of the OWASP Board of Directors. An unofficial PDF version of the OWASP ByLaws below is also available.

Current

OWASP FOUNDATION Bylaws

ARTICLE I OFFICES

ARTICLE II AUTHORITY AND DUTIES OF OFFICERS

ARTICLE III BOARD OF DIRECTORS

ARTICLE IV MEMBERS

ARTICLE V ADVISORY BOARDS, COMMITTEES AND LOCAL CHAPTERS

ARTICLE VI INDEMNITY

ARTICLE VII CONFLICTS OF INTEREST

ARTICLE VIII CONTRACTS AND FINANCIAL ADMINISTRATION

ARTICLE IX BOOKS AND RECORDS

ARTICLE X AMENDMENT OF BYLAWS

ARTICLE I ­ OFFICES

Section 1.01 Offices

The principal office of the Foundation in the State of Maryland, shall be located in County of Howard. The Foundation may have such other offices, either within or without the State of Maryland, as the Board of Directors may designate or as the business of the Foundation may require from time to time.

Section 1.02 Purpose

The OWASP Foundation will be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.

Section 1.03 Values

OPEN: Everything at OWASP is radically transparent from our finances to our code.
INNOVATION: OWASP encourages and supports innovation/experiments for solutions to software security challenges.
GLOBAL: Anyone around the world is encouraged to participate in the OWASP community.
INTEGRITY: OWASP is an honest and truthful, vendor agnostic, global community.

ARTICLE II ­ AUTHORITY AND DUTIES OF OFFICERS

SECTION 2.01 Roles

Each Board Member will be assigned one of the following roles: Board Chair, Vice Chair, Secretary, Treasurer, or Board Member at large. These roles will carry the following responsibilities:

1. Board Chair ­ The Chairman of the Board shall serve as the principal executive officer of the Foundation.

• Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business and affairs of the Foundation. He/She will monitor financial planning and financial reports He/She or he may sign, with the Secretary or any other proper officer of the Foundation thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or other instruments which the Board of Directors has authorized to be executed, except in cases where the signing and execution thereof shall be expressly delegated by the Board of Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be required by law to be otherwise signed or executed;
• Leadership and Direction: provides leadership to the Board of Directors with regards to policy setting and strategic planning. He/She helps guide and mediate board actions with respect to organizational priorities and governance concerns, and in general shall perform all duties incident to the office of Chairman of the Board subject to the control of the Board of Directors.
• Organizational Responsibilities: He/She plays a leading role in fundraising activities, formally evaluate the performance of the Foundation Director and informally evaluate the effectiveness of the board members. An annual, overall evaluation of the performance of the organization in achieving its mission will be accomplished. He or she shall, when present, preside at all meetings of the Board of Directors, unless otherwise delegated, and such other duties as may be prescribed by the Board of Directors from time to time.

2. Vice Chair ­performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.
   
3. Secretary ­maintains records of the board and ensures effective management of organization’s records, manages minutes of board meetings, ensures minutes are distributed shortly after each meeting, is sufficiently familiar with legal documents (articles, by­laws, IRS letters, etc.) to note applicability during meetings; is the custodian of the corporate records and of the seal of the Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office address of each Director which shall be furnished to the Secretary by such Director; and, in general perform all duties incident to the office of the Secretary and such other duties as from time to time may be assigned to him by the Chairman of the Board or by the Board.
   
4. Treasurer ­manages finances of the organization, administers fiscal matters of the organization, provides annual budget to the board for member’s approval, ensures development and board review of financial policies and procedures.
   
5. Board Member at large regularly attends board meetings and important related meetings, volunteers for and willingly accepts assignments and completes them thoroughly and on time, stays informed about committee matters, prepares themselves well for meetings, and reviews and comments on minutes and reports, gets to know other committee members and builds a collegial working relationship that contributes to consensus, is an active participant in the committee’s annual evaluating and planning efforts, participates in fundraising for the organization.

SECTION 2.02 Election and Term of Office.

Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

SECTION 2.03 Resignation.

Resignations are effective upon receipt by the Secretary of the Board of a written notification.

SECTION 2.04 Removal.

Any officer, contractor, member, or director may be removed by a unanimous vote of the Board of Directors whenever, in its judgment, the best interests of the Foundation will be served thereby, but such removal shall be without prejudice to the contract rights, if any, of the person so removed. Election or appointment of an officer, agent, or director shall not of itself create contract rights, and such appointment shall be terminable at will.

SECTION 2.05 Vacancies.

A vacancy in any office because of death, resignation, removal, disqualification or otherwise, may be filled by the Board of Directors for the unexpired portion of the term.

SECTION 2.06 ­ INTENTIONALLY LEFT BLANK

SECTION 2.07 Secretary.

The Secretary shall:

1. Keep the minutes of the proceedings of the Board of Directors in one or more minute books provided for that purpose;
   

1. See that all notices are duly given in accordance with the provisions of these Bylaws or as required by law;
   

1. Be custodian of the corporate records and of the seal of the Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which on behalf of the Foundation under its seal is duly authorized;
   

1. Keep a register of the post office address of each Director which shall be furnished to the Secretary by such Director; and
   

1. In general perform all duties incident to the office of the Secretary and such other duties as from time to time may be assigned to him by the Chairman of the Board or by the Board.

ARTICLE III ­ BOARD OF DIRECTORS

SECTION 3.01 General Powers and Authority.

The business and affairs of the Foundation shall be managed by its Board of Directors

SECTION 3.02 Number, Tenure, and Qualifications.

The number of directors of the Foundation shall be no less than five and no more than seven. Each director shall hold office for two years unless duly removed. An individual is limited to four (4) consecutive two (2) year terms effective January 1, 2014. Each director must be elected as prescribed in the election policy and procedure.

SECTION 3.03 Regular Meetings.

The Board of Directors shall have regular meetings as needed. A link to the board meeting agenda’s and the historical minutes is here: https://www.owasp.org/index.php/OWASP_Board_Meetings. Meetings shall be at such dates, times, and places as the Board shall determine in December of the preceding year and as amended by the Board. In no event will there be less than one meeting per quarter. These meetings will be open to public attendance, however, certain portions of the meeting may be closed to board members and their delegates when required for legal reasons, or to shield liability, or to handle personnel issues, or similar.

Attendance in person or virtually by board members is required at no less than 75% of the total meetings each year and shall be highly encouraged to meet in person at least once annually at a date to be announced and agreed upon. To be considered as "attended", the board member must attend at least 90% of the meeting, starting at the published scheduled time until the published end time or the meeting is adjourned (whichever is earlier). Attendance is tabulated by the Executive Director or delegate within seven days after every scheduled meeting for the purpose of determining if the 75% attendance requirement has been met, and the tabulation is based upon the entire calendar year. Cancelled meetings are considered attended for the purposes of the tabulation. Failure by a board member to meet the 75% attendance requirement after any tabulation will cause a mandatory vote of confidence by the remaining board members, whose votes will be publicly recorded. The vote of confidence is to take place within 21 days, but not sooner than 7 days, of notification by the Executive Director or delegate that a board member has not met the attendance threshold. During the first seven days, the board member in question will have an opportunity to make their case to their fellow board members. The vote of confidence will take place on the OWASP Board of Directors email list, unless the Board votes to review the matter at their next meeting, so long as the next meeting occurs within the 21­day window. An overall vote of "no confidence" is recorded if more than half of the board members vote for it, which causes the board member in question to be instantly removed from their seat on the board. Vacancies on the board are handled as per Section 3.10.

SECTION 3.04 Special Meetings.

Special meetings of the Board of Directors may be called by or at the request of the Chairman or any two (2) directors. The person or persons authorized to call special meetings of the Board of Directors may fix the place for holding any special meeting of the Board of Directors called by them.

SECTION 3.05 Notice of Special Meetings.

A special meeting may be called by the Chairman or at the request of any two (2) Board members by notice emailed, telephone, or telegraphed to each Board member not less one week before such meetings. Any directors may waive notice of any meeting. The attendance of a director at a meeting shall constitute a waiver of notice of such meeting, except where a director attends a meeting for the express purpose of objecting to the transaction of any business because the meeting is not lawfully called or convened.

SECTION 3.06 Quorum.

A majority of the number of Directors fixed by Section 2 of this Article shall constitute a quorum for the transaction of business at any meeting of the Board of Directors. If less than such majority is present at a meeting, a majority of the Directors present may adjourn the meeting from time to time without further notice. All decisions will be made by majority vote of those present at a meeting at which a quorum is present. If a board of Directors vote results in a split decision, the Chairman of the Board, if present at the meeting, can decide the issue.

SECTION 3.07 Participation in Meeting by Conference Telephone.

Members of the Board may participate in a meeting through use of conference telephone or similar communication equipment, so long as members participating in such meeting can hear one another. A quorum must be maintained at all times during the meeting or the meeting will not continue.

SECTION 3.08 Manner of Acting.

The act of the majority of the directors present at a meeting at which a quorum is present shall be the act of the Board of Directors.

SECTION 3.09 Action Without a Meeting.

Any action that may be taken by the Board of Directors at a meeting may be taken without a meeting if consent in writing, setting forth the action so to be taken, shall be agreed to before such action by a majority of the directors. Such consent can be provided by email.

SECTION 3.10 Vacancies.

Any vacancy occurring in the Board of Directors may be filled by the affirmative vote of a majority of the remaining directors though less than a quorum of the Board of Directors, unless otherwise provided by law. If there is an equal number of affirmative and negative votes then the ultimate determination shall be made by the then­ sitting Chairman of the Board. A director elected to fill a vacancy shall be elected for the unexpired term of his predecessor in office. Any directorship to be filled by reason of an increase in the number of directors may be filled by election by the Board of Directors for a term of office continuing only until the next election of directors by the Directors.

SECTION 3.11 Employment.

No paid employee can serve on the Board of Directors or in the role of Officer while they are employed in a paid position by the Foundation.

SECTION 3.12 Reimbursement.

Directors shall serve without compensation with the exception that expenses incurred in the furtherance of he Foundation's business are allowed to be reimbursed with documentation and prior approval according to the Reimbursement Policy.

SECTION 3.13 Presumption of Assent

A Director of the Foundation who is present at a meeting of the Board of Directors at which action on any corporate matter is taken shall be presumed to have assented to the action taken unless his or her dissent shall be entered in the minutes of the meeting or unless s/he shall file his or her written dissent to such action with the person acting as the Secretary of the meeting before the adjournment thereof, or shall forward such dissent to the Secretary of the Foundation immediately after the adjournment of the meeting. Such right to dissent shall not apply to any director who voted in favor of such action.

ARTICLE IV ­ MEMBERS

SECTION 4.01 Membership Classes.

There shall be three classes of OWASP members: Corporate, Individual, and Educational.

SECTION 4.02 Qualifications.

Membership may be granted to any individual or organization that supports the mission and purposes of the Foundation, is in good standing subject to our Code of Ethics, and who pays the annual dues as set by the Board of Directors or is approved by the Board of Directors as having provided a benefit to the organization deserving of membership.

SECTION 4.03 Termination of Membership.

The Board of Directors, by affirmative vote of two thirds of all members of the Board, may suspend or expel a member, and may, by a majority vote of those present at any regularly constituted meeting, terminate, suspend or expel the membership of any member who becomes ineligible for membership.

SECTION 4.04 Resignation.

Any member may resign by filing a written resignation with the Secretary; however, such resignation shall not relieve the member so resigning of the obligation to pay any dues or other charges theretofore accrued and unpaid.

SECTION 4.05 Dues.

Dues for members shall be established by the Board of Directors.

SECTION 4.06 Voting.

Each member shall be entitled to vote on designated matters. The affirmative vote of a majority of the members or by proxy shall be the act of the members as a whole unless a greater number of members is required by law or stated otherwise in these Bylaws.

SECTION 4.07 Participation.

Participation in OWASP activities (conferences, meetings, mailings lists, projects, etc.) does not require membership, but is subject to adherence to the OWASP Code of Ethics, and OWASP leaders may revoke the privilege of participation to those who choose not to abide by that code. Notification of such a revocation must be made to the individual in writing, with the OWASP Board of Directors CC’d for inclusion in the Foundation records. If an individual believes that this revocation is unjustified, then they have the option to appeal the decision by notifying the OWASP Board of Directors in writing within 14 days of the original notification.

ARTICLE V ­ ADVISORY BOARDS, COMMITTEES AND LOCAL CHAPTERS

SECTION 5.01

Establishment. The Board of Directors may, by resolution adopted by a majority of the Directors in office, establish one or more Advisory Boards or Committees. Committees will be held to the core purpose and core values as outlined in Sections 1.02 and 1.03. Committees will be structured according to the guidelines in Policy and Procedure.

SECTION 5.02 Local Chapters

A local OWASP chapter may establish smaller, local chapters within the geographical boundary of a chapter, such as country or a city. The bylaws of a chapter must not contain anything that is at variance with the expressed purposes of the OWASP Foundation or with the OWASP Foundation Bylaws, and must be approved as specified by the OWASP Foundation Board of Directors before becoming effective. A chapter may not change its bylaws, its name, or its boundaries without approval as specified by the OWASP Foundation. Chapter Bylaws may be produced in the native language of a nation, but must be translated into English for submission to the OWASP Foundation.

The chapter leader and local chapter board has to manage the local chapter according to the guidance and rules defined in the Chapter Leader Handbook. The OWASP Foundation may, by affirmative vote of a majority of the Board of Directors, suspend or annul a chapter if, in the judgment of the Board of Directors, such action is in the best interests of the OWASP Foundation.

ARTICLE VI ­ INDEMNITY

SECTION 6.01 Indemnity.

The Foundation shall indemnify the Officers of the Foundation including International Board Members and Employees, or agents as follows:

1. Every Officer, Board Member, and employee of the Foundation shall be indemnified by the Foundation against all expenses and liabilities, including counsel fees, reasonably incurred by or imposed upon him or her in connection with any proceeding to which he or she may be made a party, or in which he or she may become involved, by reason of being or having been a director, officer, employee or agent of the Foundation or is or was serving at the request of the Foundation as a director, officer, employee or agent of the Foundation, partnership, joint venture, trust or enterprise, or any settlement thereof, whether or not he is a director, officer, employee or agent at the time such expenses are incurred, except in such cases wherein the director, officer, employee or agent is adjudged guilty of willful misfeasance or malfeasance in the performance of his or her duties; provided that in the event of a settlement the indemnification herein shall apply only when the Board of Directors approves such settlement and reimbursement as being in the best interests of the Foundation.
2. The Foundation shall provide to any person who is or was an officer, board member, or employee, or agent of the Foundation or is or was serving at the request of the Foundation as a director, officer, employee or agent of the Foundation, partnership, joint venture, trust or enterprise, the indemnity against expenses of suit, litigation or other proceedings which is specifically permissible under applicable law.
3. The Board of Directors may, in its discretion, direct the purchase of liability insurance by way of implementing the provisions of this Article VI.

ARTICLE VII ­ CONFLICTS OF INTEREST

SECTION 7.01 Conflict defined.

A conflict of interest may exist when any director, officer, or staff member may be seen as having interests which are adverse to the interests of the Foundation. Prior to any vote of the Board of Directors, a conflict of interest statement shall be made by any Board Member who is aware of any potential conflicts of interest to ensure that all parties are aware of any such conflicts.

SECTION 7.02 Disclosure required.

Any conflict of interest shall be disclosed to the Board of Directors by the person concerned. When any conflict of interest is relevant to a matter requiring action by the Board of Directors, the interested person shall call it to the attention of the Board of Directors or its appropriate committee and such person shall not vote on the matter; provided however, any Director disclosing a possible conflict of interest may be counted in determining the presence of a quorum at a meeting of the Board of Directors or a committee thereof.

SECTION 7.03 Absence from discussion.

The person having the conflict shall not participate in the decision regarding the matter under consideration.

SECTION 7.04 Minutes.

The minutes of the meeting of the Board or committee shall reflect that the conflict of interest was disclosed and that the interested person did not vote. When there is doubt as to whether a conflict of interest exists, the matter shall be resolved by a vote of the Board of Directors or its committee, excluding the vote of the person concerning whose situation the doubt has arisen.

SECTION 7.05 Annual review.

A copy of this conflict of interest statement shall be furnished to each director, officer, and staff member who is presently serving the Foundation, or who may hereafter become associated with the Foundation. This policy shall be reviewed periodically for the information and guidance of directors, officers, and staff members. Any new directors, officers, or staff members shall be advised of this policy upon undertaking the duties of such office.

ARTICLE VIII ­ CONTRACTS AND FINANCIAL ADMINISTRATION

SECTION 8.01 Fiscal Year.

The fiscal year of the Foundation shall be January 1­ ­December 31, but may be changed by resolution of the Board of Directors.

SECTION 8.02 Contracts.

The Board of Directors may authorize any officer or officers, agent or agents, to enter into any contract or execute and deliver any instrument in the name of and on behalf of the Foundation, and such authority may be general or confined to specific instances. This authorization must be in writing (electronic communication is acceptable) in the minutes of any meeting that provides such limited authority.

SECTION 8.03 Loans.

No loans shall be contracted on behalf of the Foundation and no evidences of indebtedness shall be issued in its name unless authorized by a resolution of the Board of Directors. Such authority may be general or confined to specific instances.

SECTION 8.04 Checks, Drafts, etc.

All checks, drafts or other orders for the payment of money, notes or other evidences of indebtedness issued in the name of the Foundation, shall be signed by such officer or officers, agent or agents of the Foundation and in such manner as shall from time to time be determined by resolution of the Board of Directors.

SECTION 8.05 Deposits.

All funds of the Foundation not otherwise employed shall be deposited from time to time to the credit of the Foundation in such banks, trust companies or other depositories as the Board of Directors may select.

ARTICLE IX ­ BOOKS AND RECORDS

SECTION 9.01 Books.

Correct books of account of the activities and transactions of the Foundation shall be kept at the office of the Foundation and are available on demand in hard or electronic copy.

SECTION 9.02 Audit.

A complete financial audit will be performed every 3 years by a third party, independent auditor.

ARTICLE X ­ AMENDMENT OF BYLAWS

SECTION 10.01 Amendments.

These Bylaws may be amended by a majority vote of the Board of Directors, provided prior notice is given of the proposed amendment in the notice of the meeting at which such action is taken, or provided all members of the Board waive such notice, or by unanimous consent in writing without a meeting.

APPENDIX

DOCUMENT HISTORY

Approved: June 23, 2012
Revised: March 4, 2013
Revised: June 10, 2013
Revised: August 19, 2013
Revised: February 24, 2014
Revised: April 4, 2014
Revised: May 2015 & September 2015
Converted to Markdown: March 7, 2017

AMENDMENT TRACKING

2011-08-23 Section 2.02 containted the following as a footnote after the first sentence of that sentence "Amendment to bylaws passed August 23, 2011"

2013-­03-­14
Removed references to 5.5.03 and 5.04 from 3.02; consolidated sections 2.06 and 2.01a and sections 2.01c and 2.07; subsequently deleted sections 2.06 and 2.07; Added link to board meeting agenda page in section 3.03; added link to election timeline to section 3.02; added the following sentence to sections 2.02 and 3.02 KH

2013-­06-­10
Removed reference to chapter committee in 5.02, modified section 3.03 to drop in person meeting requirement. SB

2013­-08-­13
Modified section 3.03 to quarterly board meetings, and attendance requirement to 3 of 4 meetings. SB

2014­-02-­24
Modified section 4.02 to include “is in good standing subject to our code of ethics”. SB

2014­-04-­07
Added section 4.07, approved by the Board of Directors on March 31, 2014. SB

2015-­05-­05
Section 3.03 Regular Meetings was expanded to include 1 board meeting per quarter, and a Board attendance requirement of 75%, with a mechanism for measurement. Removed footnote #2 re: meetings. Approved via unanimous email vote May 5, 2015. P.Ritchie

2015­-09-­25
Section 3.03 Regular Meetings text was expanded to clarify measurement & voting timeline.

If you have comments on this document please email owasp[at]owasp.org.

Historical Versions

Starting in March 2017, the OWASP ByLaws have been moved to a git repository to track all future changes. Prior to that transition, new PDF versions were created upon every update. Those historical version are listed below.

• March 7, 2017
• September 25, 2015
• May 5, 2015
• April 7, 2014
• February 24, 2014
• August 19, 2013
• June 10, 2013
• March 3, 2013
• June 23, 2011
• March 15, 2004