Overview

OWASP Project Leaders (PLs) are directly responsible for promoting, protecting, and managing their projects brand as well as the overall OWASP brand. Project Leader's are also directly responsible for managing all aspects of their OWASP Project. Below, is a quick overview of an OWASP Project Leader's responsibilities both to his/her project, an to the OWASP Foundation as a whole.

Brand Responsibility

All OWASP Project Leaders are directly responsible for ensuring the brand integrity of their project(s), and for protecting the overall OWASP brand. This means that all PLs are responsible for ensuring all project data is up-to-date, all project communications and marketing material are original, and that the project follows the sponsorship guidelines. OWASP PLs are the stewards of their project so it is expected that they will take the lead with all fundamental brand management activities such as management of the name, logo, website, and the overall functionality of the product. PLs need to be aware of their brand, and how this affects the OWASP name. They should work to ensure that their project brand is directly associated with their project, the product, and OWASP. Please see the OWASP Branding Guidelines for more information.

Ensure Project Website Treats Copyright and Trademarks Appropriately

All OWASP Project Leaders must ensure that no content, graphics, or project communications infringe on any third party copyright or trademarks. It is the responsibility of the PL to ensure that all project data is in compliance. PLs must also ensure that their project content is in compliance with the OWASP Brand Guidelines. Please see the OWASP Branding Guidelines for more information. If a PL does use content created by a third party, it is very important that this work be attributed to the original creator.

Maintain Vendor Neutrality

It is paramount that all OWASP Projects maintain vendor neutrality in all of their online communications, marketing, and graphic content. Vendor neutrality is a term that refers to the act of ensuring that all OWASP related activities maintain an absence of bias towards any vendor, commercial entity, or sponsoring organization. Please see the OWASP Branding Guidelines for more information and instruction on how to remain vendor neutral.

Address Improper Third Party Uses of OWASP Brand

PLs are responsible for addressing improper, third party uses of their project brand. The PLs must work to ensure that the issue is resolved, and must contact the third party organization to make sure the matter is resolved. In most cases, a friendly e-mail reminding the third party that OWASP Project names are our trademarks, and that they are important to our community, will be enough to get them to respect our trademarks. However, there are rare occasions when a third party responds with hostility. We recommend that you Contact Us, to ask for assistance. While PLs are expected to manage this process, we understand that assistance will be required if a third party responds in an unfavorable manner.

Report Brand Issues

It is imperative that all PLs ensure that both their project brand, and the overall OWASP brand, is represented appropriately in all communications and materials. We urge all PLs to remain vigilant, and report any inconsistencies or brand guideline violations to the OWASP Ops Team.

Managing Your Project

All OWASP Project Leaders are directly responsible and accountable for managing their project(s). PLs are responsible for keeping all project information up-to-date, ensuring their project materials are in compliance with OWASP Brand Guidelines, and for ensuring their project remains active. It is the PLs responsibility to edit their own wiki page, maintain their project budget up-to-date, keep financial records, recruit contributors, call meetings, and to ensure the project deliverable is produced to specification. The OWASP Projects Infrastructure was designed to incentivize continuous contribution, adherence to OWASP Project policies, and dedication to the OWASP community. Help is readily available if it is needed. Nevertheless, all PLs must keep in mind that the overall management of the project is his/her responsibility.

Maintaining all Project Data Current

Project Leaders must keep all of their project metadata current and up-to-date on their OWASP Project wiki page. This helps increase the brand integrity of each project, and it gives our project consumers piece of mind that they are using updated material that is current and relevant to their needs. A project can be hosted on a different website entirely, but the PL must provide a link to the external website on the project wiki page.

Communicating Major Project Changes to the OWASP PM

All major project changes must be communicated to OWASP - Contact Us. Major changes to a project include: Changes to the roadmap that change the deliverable of the project, changes in project leader or contributor, changes in the status of a project, spending and sponsorships changes, and project completion. We require insight into these changes as it helps us keep our operations records updated, and it helps us allocate appropriate incentives to our dedicated leaders and contributors.

Responding to Foundation Requests

It is imperative that all PLs respond to all foundation and OWASP Ops Team requests and queries. Both the foundation and the OWASP operations team are here to assist all PLs with their projects, but we cannot assist an unresponsive PL and project team. Please make sure that you take the time to reply to messages. Unresponsive projects will be removed from our OWASP Global Projects Infrastructure, and will be labeled as an "Archived" project 6 months after the initial request.

Responsible for All Wiki Edits of the Project

All edits made to the project wiki page should be made the the Project Leader or a Project Contributor. Editing is open to all Leaders, Contributors, and Members; however, it is the responsibility of the PL to ensure all necessary project edits are made and monitored. Some projects have a contributor that is directly responsible for all administrative duties for the project. The role is called a Project Support Administrator. This individual is responsible for updating project content on the wiki, monitoring the mailing lists, ensuring all meta data is accurate, and making sure all questions are answered from the community and the foundation. We recommend a PL assign this role to a contributor if he/she finds that the administrative work is taking away from other responsibilities.

Recruitment of Project Contributors

Project Contributors are a great asset to all of our OWASP Projects. Their contributions ensure that a project has a variety of skills and resources in its talent pool, and it ensures community involvement. Usually, project contributors reach out to the PL to ask where they can pitch in. However, we do understand that at times, a PL might require some assistance in finding project contributors. If a PL is having trouble finding project contributors, then he/she should reach out to the OWASP Project Manager for assistance. The OWASP PM can suggest several options that can assist with project contributor recruitment.

Budget Management

All OWASP Project Leaders are responsible for seeking out funding for their project, and managing the project's budget. PLs are also responsible for submitting reimbursement requests, and keeping adequate financial records if their projects have funds allocated. The OWASP Project Manager can assist with locating potential funding opportunities; however, the PL is ultimately responsible for all admin work associated with funding requests. Please visit this OWASP Project Report page for an example of how to keep track of your spending on the wiki.

Project Status Reporting

All OWASP Projects are required to produce a yearly report that should be both submitted to the OWASP Project Manager, and to the OWASP Technical Advisory Group. The report helps the foundation understand where there are bottle necks in our infrastructure, and how we can further assist the success of our OWASP Projects. For an example of an acceptable report style, please visit this OWASP Project Report page.