OWASP FOUNDATION Bylaws
Last amendment approval Oct 20, 2020. Text to take effect November 1, 2020.
- ARTICLE I OFFICES
- ARTICLE II AUTHORITY AND DUTIES OF OFFICERS
- ARTICLE III BOARD OF DIRECTORS
- ARTICLE IV MEMBERS
- ARTICLE V ADVISORY BOARDS, COMMITTEES AND LOCAL CHAPTERS
- ARTICLE VI INDEMNITY
- ARTICLE VII CONFLICTS OF INTEREST
- ARTICLE VIII CONTRACTS AND FINANCIAL ADMINISTRATION
- ARTICLE IX BOOKS AND RECORDS
- ARTICLE X AMENDMENT OF BYLAWS
ARTICLE I - OFFICES
SECTION 1.01 Offices
The principal office of the Foundation in the State of Maryland, shall be located in County of Howard. The Foundation may have such other offices, either within or without the State of Maryland, as the Board of Directors may designate or as the business of the Foundation may require from time to time.
SECTION 1.02 Purpose
The OWASP Foundation will be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.
SECTION 1.03 Values
- OPEN: Everything at OWASP is radically transparent from our finances to our code.
- INNOVATION: OWASP encourages and supports innovation/experiments for solutions to software security challenges.
- GLOBAL: Anyone around the world is encouraged to participate in the OWASP community.
- INTEGRITY: OWASP is an honest and truthful, vendor agnostic, global community.
ARTICLE II - AUTHORITY AND DUTIES OF OFFICERS
SECTION 2.01 Roles
Each Board Member will be assigned one of the following roles: Board Chair, Vice Chair, Secretary, Treasurer, or Board Member at large. These roles will carry the following responsibilities:
Board Chair - The Chairman of the Board shall serve as the principal executive officer of the Foundation.
- Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business and affairs of the Foundation. He/She will monitor financial planning and financial reports He/She or he may sign, with the Secretary or any other proper officer of the Foundation thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or other instruments which the Board of Directors has authorized to be executed, except in cases where the signing and execution thereof shall be expressly delegated by the Board of Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be required by law to be otherwise signed or executed;
- Leadership and Direction: provides leadership to the Board of Directors with regards to policy setting and strategic planning. He/She helps guide and mediate board actions with respect to organizational priorities and governance concerns, and in general shall perform all duties incident to the office of Chairman of the Board subject to the control of the Board of Directors.
- Organizational Responsibilities: He/She plays a leading role in fundraising activities, formally evaluate the performance of the Foundation Director and informally evaluate the effectiveness of the board members. An annual, overall evaluation of the performance of the organization in achieving its mission will be accomplished. He or she shall, when present, preside at all meetings of the Board of Directors, unless otherwise delegated, and such other duties as may be prescribed by the Board of Directors from time to time.
Vice Chair - performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.
Secretary - maintains records of the board and ensures effective management of organization’s records, manages minutes of board meetings, ensures minutes are distributed shortly after each meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note applicability during meetings; is the custodian of the corporate records and of the seal of the Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office address of each Director which shall be furnished to the Secretary by such Director; and, in general perform all duties incident to the office of the Secretary and such other duties as from time to time may be assigned to him by the Chairman of the Board or by the Board.
Treasurer - manages finances of the organization, administers fiscal matters of the organization, provides annual budget to the board for member’s approval, ensures development and board review of financial policies and procedures.
Board Member at large regularly attends board meetings and important related meetings, volunteers for and willingly accepts assignments and completes them thoroughly and on time, stays informed about committee matters, prepares themselves well for meetings, and reviews and comments on minutes and reports, gets to know other committee members and builds a collegial working relationship that contributes to consensus, is an active participant in the committee’s annual evaluating and planning efforts, participates in fundraising for the organization
SECTION 2.02 Election and Term of Office
Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. An individual is limited to four (4) elected two-year (2) terms. Each director must be elected as prescribed in the election policy and procedure. An individual is limited to no more than two (2) two-year (2) terms in a ten (10) year period.
The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.
SECTION 2.03 Resignation
Resignations are effective upon receipt by the Secretary of the Board of a written notification.
SECTION 2.04 Removal
Any officer, contractor, member, or director may be removed by a two thirds vote of the Board of Directors whenever, in its judgment, the best interests of the Foundation will be served thereby, but such removal shall be without prejudice to the contract rights, if any, of the person so removed. Election or appointment of an officer, agent, or director shall not of itself create contract rights, and such appointment shall be terminable at will.
SECTION 2.05 Vacancies
A vacancy in any office because of death, resignation, removal, disqualification or otherwise, may be filled by the Board of Directors for the unexpired portion of the term.
If a Director creates a Vacancy, such as being removed or resigned, the entire term is considered served for that Member for the purposes of term limits.
SECTION 2.06 INTENTIONALLY LEFT BLANK
SECTION 2.07 Secretary
The Secretary shall:
- Keep the minutes of the proceedings of the Board of Directors in one or more minute books provided for that purpose;
- See that all notices are duly given in accordance with the provisions of these Bylaws or as required by law;
- Be custodian of the corporate records and of the seal of the Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which on behalf of the Foundation under its seal is duly authorized;
- Keep a register of the post office address of each Director which shall be furnished to the Secretary by such Director; and
- In general perform all duties incident to the office of the Secretary and such other duties as from time to time may be assigned to him by the Chairman of the Board or by the Board.
ARTICLE III - BOARD OF DIRECTORS
SECTION 3.01 General Powers and Authority
The business and affairs of the Foundation shall be managed by its Board of Directors
SECTION 3.02 Number, Tenure, and Qualifications
The number of directors of the Foundation shall be no less than five and no more than seven. Each director shall hold office for two years unless duly removed. An individual is limited to four (4) elected two-year (2) terms effective January 1, 2014. Each director must be elected as prescribed in the election policy and procedure. An individual is limited to no more than two (2) two-year (2) terms in a ten (10) year period.
Directors are responsible for maintaining their membership in good standing for the duration of their term.
A Director or Candidate for the Board shall have maintained continuous membership in good standing over the previous 12 months, notwithstanding any grace periods established in these bylaws.
At the time of their election, to qualify to stand, candidates must hold an Individual membership, Lifetime membership, or hold a valid Honorary Membership. This membership must have been in place for a 12 month period prior to the date of the election.
Foundation funds should not be used to pay for membership. Foundation paid memberships of any class, from any funding source including conferences, chapters, projects, donations, etc, shall not constitute paid membership nor possess voting rights.
SECTION 3.03 Regular Meetings
The Board of Directors shall have regular meetings as needed. A link to the board meeting agenda’s and the historical minutes is here: https://owasp.org/www-board/. Meetings shall be at such dates, times, and places as the Board shall determine in December of the preceding year and as amended by the Board. In no event will there be less than one meeting per quarter. These meetings will be open to public attendance, however, certain portions of the meeting may be closed to board members and their delegates when required for legal reasons, or to shield liability, or to handle personnel issues, or similar.
Attendance in person or virtually by board members is required at no less than 75% of the total meetings each year and shall be highly encouraged to meet in person at least once annually at a date to be announced and agreed upon. To be considered as “attended” the board member must attend at least 90% of the meeting, starting at the published scheduled time until the published end time or the meeting is adjourned (whichever is earlier). Attendance is tabulated by the Executive Director or delegate within seven days after every scheduled meeting for the purpose of determining if the 75% attendance requirement has been met, and the tabulation is based upon the entire calendar year. Cancelled meetings are considered attended for the purposes of the tabulation. Failure by a board member to meet the 75% attendance requirement after any tabulation will cause a mandatory vote of confidence by the remaining board members, whose votes will be publicly recorded. The vote of confidence is to take place within 21 days, but not sooner than 7 days, of notification by the Executive Director or delegate that a board member has not met the attendance threshold. During the first seven days, the board member in question will have an opportunity to make their case to their fellow board members. The vote of confidence will take place on the OWASP Board of Directors email list, unless the Board votes to review the matter at their next meeting, so long as the next meeting occurs within the 21day window. An overall vote of “no confidence” is recorded if more than half of the board members vote for it, which causes the board member in question to be instantly removed from their seat on the board. Vacancies on the board are handled as per SECTION 3.10.
SECTION 3.04 Special Meetings
Special meetings of the Board of Directors may be called by or at the request of the Chairman or any two (2) directors. The person or persons authorized to call special meetings of the Board of Directors may fix the place for holding any special meeting of the Board of Directors called by them.
SECTION 3.05 Notice of Special Meetings
A special meeting may be called by the Chairman or at the request of any two (2) Board members by notice emailed, telephone, or telegraphed to each Board member not less one week before such meetings. Any directors may waive notice of any meeting. The attendance of a director at a meeting shall constitute a waiver of notice of such meeting, except where a director attends a meeting for the express purpose of objecting to the transaction of any business because the meeting is not lawfully called or convened.
SECTION 3.06 Quorum
A majority of the number of Directors fixed by ### SECTION 2 of this Article shall constitute a quorum for the transaction of business at any meeting of the Board of Directors. If less than such majority is present at a meeting, a majority of the Directors present may adjourn the meeting from time to time without further notice. All decisions will be made by majority vote of those present at a meeting at which a quorum is present. If a board of Directors vote results in a split decision, the Chairman of the Board, if present at the meeting, can decide the issue.
SECTION 3.07 Participation in Meeting by Conference Telephone
Members of the Board may participate in a meeting through use of conference telephone or similar communication equipment, so long as members participating in such meeting can hear one another. A quorum must be maintained at all times during the meeting or the meeting will not continue.
SECTION 3.08 Manner of Acting
The act of the majority of the directors present at a meeting at which a quorum is present shall be the act of the Board of Directors.
SECTION 3.09 Action Without a Meeting
Any action that may be taken by the Board of Directors at a meeting may be taken without a meeting if consent in writing, setting forth the action so to be taken, shall be agreed to before such action by a majority of the directors. Such consent can be provided by email.
SECTION 3.10 Vacancies
Any vacancy occurring in the Board of Directors may be filled by the affirmative vote of a majority of the remaining directors though less than a quorum of the Board of Directors unless otherwise provided by law. If there is an equal number of affirmative and negative votes then the ultimate determination shall be made by the then sitting Chairman of the Board. A director elected to fill a vacancy shall be elected for the unexpired term of his predecessor in office. Any directorship to be filled by reason of an increase in the number of directors may be filled by election by the Board of Directors for a term of office continuing only until the next election of directors by the Directors.
Appointed Directors filling a vacancy shall not have this partial term counted against term limits. Members can only be appointed to fill a vacancy once every ten years to prevent bypassing term limits.
SECTION 3.11 Employment
No paid employee can serve on the Board of Directors or in the role of Officer while they are employed in a paid position by the Foundation.
SECTION 3.12 Reimbursement
Directors shall serve without compensation with the exception that expenses incurred in the furtherance of he Foundation’s business are allowed to be reimbursed with documentation and prior approval according to the Reimbursement Policy.
SECTION 3.13 Presumption of Assent
A Director of the Foundation who is present at a meeting of the Board of Directors at which action on any corporate matter is taken shall be presumed to have assented to the action taken unless his or her dissent shall be entered in the minutes of the meeting or unless s/he shall file his or her written dissent to such action with the person acting as the Secretary of the meeting before the adjournment thereof, or shall forward such dissent to the Secretary of the Foundation immediately after the adjournment of the meeting. Such right to dissent shall not apply to any director who voted in favor of such action.
SECTION 3.14 Good standing exemption due to Foundation membership system failure
Any member whose membership lapsed due to technical or procedural problems with the membership management system should be granted exemption from the “paid” component of the “in good standing” clause for eligibility. The exempted member must satisfy all of the following conditions:
- The member fulfills all requirements to stand for the Board; and
- The member can demonstrate evidence of having made a reasonable attempt to maintain continuous membership.
Evidence of having made a reasonable attempt to maintain continuous membership requires one or more of the following:
- An email trail between the member and the Foundation’s staff showing an honest effort to pay for one’s membership through acceptable means; or
- Evidence of a failed transaction to the OWASP account; or
- Evidence of a credit to the member’s membership belatedly applied by the Foundation.
Should there be any doubt about the validity of the claim, a majority vote of the Board will decide the outcome on a case-by-case basis.
SECTION 3.15 Good standing grace period
Directors and Candidates for the Board who have lapses in good standing have a grace period of 7 days to renew their membership. Directors or Candidates who fail to obtain paid individual or lifetime membership, honorary membership, or renew their previous membership within the permitted grace period will not have maintained good standing for the purposes of election eligibility. Directors may continue to vote on the Board during the grace period.
Section 3.16 ADOPTION OF ROBERTS RULES OF ORDER
The rules contained in the current edition of Robert’s Rules of Order Newly Revised (12th ed.) shall govern the OWASP Foundation Board and special meetings in all cases to which they are applicable and in which they are not inconsistent with the bylaws, and any special rules of order the Board may adopt.
ARTICLE IV - MEMBERS
SECTION 4.01 Membership Classes
There shall be the following classes of OWASP members: Corporate, Individual, Complementary, Honorary, and Student.
SECTION 4.02 Qualifications
Individual, Corporate, and Student Membership may be granted to any individual or organization that supports the Foundation’s mission and purpose, is in good standing subject to our Code of Ethics, and pays the dues as set by the Board of Directors. The Foundation may, at its discretion, offer monthly, annual, two-year, and Lifetime memberships. Regional pricing is available to all paid membership classes.
Complimentary Membership may be offered on an opt-in and automated basis to the top 5 active leaders of any chapter, project, event, or committee that supports the Foundation’s mission and purpose, is in good standing subject to our Code of Ethics, and has been in the top 5 position continuously for six months prior to applying for complimentary membership. Complimentary Membership is valid for one year. Leaders do not need to accept any offer of complementary leadership. Complementary members in good standing for 12 months may stand for the Board, but if elected, must maintain good standing with paid Membership. Directors who are eligible through the above criteria must not accept Complimentary Membership during their term and maintain good standing with paid Membership.
Honorary Membership is equivalent to Lifetime Individual Membership. Honorary Membership shall be determined and approved solely by a majority vote of the Board of Directors for long-standing and extraordinary services to the OWASP Community.
All membership classes are eligible to vote in elections.
If an individual is a sanctioned individual or resides in a sanctioned country under US Government laws or regulations, the Foundation will either decline to grant membership, or revoke membership and participation if the individual is a member. For more details, please consult the Appendix.
SECTION 4.03 Termination of Membership
The Board of Directors, by affirmative vote of two thirds of all members of the Board, may suspend or expel a member, and may, by a majority vote of those present at any regularly constituted meeting, terminate, suspend or expel the membership of any member who becomes ineligible for membership.
SECTION 4.03a Resumption of Terminated Membership and Activities
The Board of Directors, by the affirmative vote of two-thirds of all members of the Board, may reinstate a Terminated Member to permit full participation in all OWASP activities, chapters, projects, events, committees, and duties, including OWASP Leadership and paid membership.
SECTION 4.04 Resignation
Any member may resign by filing a written resignation with the Secretary; however, such resignation shall not relieve the member so resigning of the obligation to pay any dues or other charges theretofore accrued and unpaid.
SECTION 4.05 Dues
Dues for members shall be established by the Board of Directors.
SECTION 4.06 Voting
Each member shall be entitled to vote on designated matters. The affirmative vote of a majority of the members or by proxy shall be the act of the members as a whole unless a greater number of members is required by law or stated otherwise in these Bylaws.
SECTION 4.07 Participation
Participation in OWASP activities (conferences, meetings, mailings lists, projects, etc.) does not require membership, but is subject to adherence to the OWASP Code of Ethics, and OWASP leaders may revoke the privilege of participation to those who choose not to abide by that code. Notification of such a revocation must be made to the individual in writing, with the OWASP Board of Directors CC’d for inclusion in the Foundation records. If an individual believes that this revocation is unjustified, then they have the option to appeal the decision by notifying the OWASP Board of Directors in writing within 14 days of the original notification.
ARTICLE V - ADVISORY BOARDS, COMMITTEES AND LOCAL CHAPTERS
SECTION 5.01 Committees
Establishment. The Board of Directors may, by resolution adopted by a majority of the Directors in office, establish one or more Board sub-committees (e.g, fundraising, finance, audit, or executive), Advisory Boards, or Committees. These will be held to the core purpose and core values as outlined in Sections 1.02 and 1.03. Committees are formed and governed by the Committees Policy, and are limited the Charter’s purpose and scope. As a Committee Charter might devolve powers currently held by the Board or the Foundation to the Committee, any such devolution to a Committee will require a 2/3rd majority vote.
SECTION 5.02 Local Chapters
A local OWASP chapter may establish smaller, local chapters within the geographical boundary of a chapter, such as country or a city. The bylaws of a chapter must not contain anything that is at variance with the expressed purposes of the OWASP Foundation or with the OWASP Foundation Bylaws, and must be approved as specified by the OWASP Foundation Board of Directors before becoming effective. A chapter may not change its bylaws, its name, or its boundaries without approval as specified by the OWASP Foundation. Chapter Bylaws may be produced in the native language of a nation, but must be translated into English for submission to the OWASP Foundation.
The chapter leader and local chapter board has to manage the local chapter according to the guidance and rules defined in the Chapter Leader Handbook. The OWASP Foundation may, by affirmative vote of a majority of the Board of Directors, suspend or annul a chapter if, in the judgment of the Board of Directors, such action is in the best interests of the OWASP Foundation.
ARTICLE VI - INDEMNITY
SECTION 6.01 Indemnity
The Foundation shall indemnify the Officers of the Foundation including International Board Members and Employees, or agents as follows:
- Every Officer, Board Member, and employee of the Foundation shall be indemnified by the Foundation against all expenses and liabilities, including counsel fees, reasonably incurred by or imposed upon him or her in connection with any proceeding to which he or she may be made a party, or in which he or she may become involved, by reason of being or having been a director, officer, employee or agent of the Foundation or is or was serving at the request of the Foundation as a director, officer, employee or agent of the Foundation, partnership, joint venture, trust or enterprise, or any settlement thereof, whether or not he is a director, officer, employee or agent at the time such expenses are incurred, except in such cases wherein the director, officer, employee or agent is adjudged guilty of willful misfeasance or malfeasance in the performance of his or her duties; provided that in the event of a settlement the indemnification herein shall apply only when the Board of Directors approves such settlement and reimbursement as being in the best interests of the Foundation.
- The Foundation shall provide to any person who is or was an officer, board member, or employee, or agent of the Foundation or is or was serving at the request of the Foundation as a director, officer, employee or agent of the Foundation, partnership, joint venture, trust or enterprise, the indemnity against expenses of suit, litigation or other proceedings which is specifically permissible under applicable law.
- The Board of Directors may, in its discretion, direct the purchase of liability insurance by way of implementing the provisions of this Article VI.
ARTICLE VII - CONFLICTS OF INTEREST
SECTION 7.01 Conflict defined
A conflict of interest may exist when any director, officer, or staff member may be seen as having interests which are adverse to the interests of the Foundation. Prior to any vote of the Board of Directors, a conflict of interest statement shall be made by any Board Member who is aware of any potential conflicts of interest to ensure that all parties are aware of any such conflicts.
SECTION 7.02 Disclosure required
Any conflict of interest shall be disclosed to the Board of Directors by the person concerned. When any conflict of interest is relevant to a matter requiring action by the Board of Directors, the interested person shall call it to the attention of the Board of Directors or its appropriate committee and such person shall not vote on the matter; provided however, any Director disclosing a possible conflict of interest may be counted in determining the presence of a quorum at a meeting of the Board of Directors or a committee thereof.
SECTION 7.03 Absence from discussion
The person having the conflict shall not participate in the decision regarding the matter under consideration.
SECTION 7.04 Minutes
The minutes of the meeting of the Board or committee shall reflect that the conflict of interest was disclosed and that the interested person did not vote. When there is doubt as to whether a conflict of interest exists, the matter shall be resolved by a vote of the Board of Directors or its committee, excluding the vote of the person concerning whose situation the doubt has arisen.
SECTION 7.05 Annual review
A copy of this conflict of interest statement shall be furnished to each director, officer, and staff member who is presently serving the Foundation, or who may hereafter become associated with the Foundation. This policy shall be reviewed periodically for the information and guidance of directors, officers, and staff members. Any new directors, officers, or staff members shall be advised of this policy upon undertaking the duties of such office.
ARTICLE VIII - CONTRACTS AND FINANCIAL ADMINISTRATION
SECTION 8.01 Fiscal Year
The fiscal year of the Foundation shall be January 1 December 31, but may be changed by resolution of the Board of Directors.
SECTION 8.02 Contracts
The Board of Directors may authorize any officer or officers, agent or agents, to enter into any contract or execute and deliver any instrument in the name of and on behalf of the Foundation, and such authority may be general or confined to specific instances. This authorization must be in writing (electronic communication is acceptable) in the minutes of any meeting that provides such limited authority.
SECTION 8.03 Loans
No loans shall be contracted on behalf of the Foundation and no evidences of indebtedness shall be issued in its name unless authorized by a resolution of the Board of Directors. Such authority may be general or confined to specific instances.
SECTION 8.04 Checks, Drafts, etc
All checks, drafts or other orders for the payment of money, notes or other evidences of indebtedness issued in the name of the Foundation, shall be signed by such officer or officers, agent or agents of the Foundation and in such manner as shall from time to time be determined by resolution of the Board of Directors.
SECTION 8.05 Deposits
All funds of the Foundation not otherwise employed shall be deposited from time to time to the credit of the Foundation in such banks, trust companies or other depositories as the Board of Directors may select.
ARTICLE IX - BOOKS AND RECORDS
SECTION 9.01 Books
Correct books of account of the activities and transactions of the Foundation shall be kept at the office of the Foundation and are available on demand in hard or electronic copy.
SECTION 9.02 Audit
A complete financial audit will be performed every 3 years by a third party, independent auditor.
ARTICLE X - AMENDMENT OF BYLAWS
SECTION 10.01 Amendments
OWASP Bylaws and organizational policies may be amended at any regular meeting of the OWASP Board by an affirmative two thirds vote, provided that the amendment has been submitted in writing at the previous regular meeting, or a public notice is given no later than 7 days prior to the meeting.
Amendments to the these bylaws and organizational policies should comply with RONR 12th Edition 57:1-19.
DOCUMENT HISTORY and Historical Versions
Starting in March 2017, the OWASP Bylaws have been moved to a https://owasp.org/www-policy/ git repository to track all future changes. Prior to that transition, new PDF versions were created upon every update. Those historical version can be obtained by using Contact Us.
US Sanctioned Countries
The US Treasury maintains a list of Sanctioned Individuals and Countries, which has different sanctions and scope for each country, and these change constantly. For more information, please visit the OFAC Sanctions Program and Country Information site. This link was correct as of October 30, 2020, but may change over time.
If you have comments on this document please email [email protected].