Consulting Agreement Template

v. June 2019


This CONSULTING AGREEMENT is made and entered into the “Effective Date” between the “Consultant” both as outlined in Exhibit A and The OWASP Foundation (the “Company”) a 501c(3) charity with its principal place of business at 1200-C Agora Drive #232, Bel Air, MD 21014. The OWASP Foundation and Consultant desire to enter into a relationship whereunder Consultant will provide certain services to, and perform certain work for, OWASP. The parties hereto agree as follows:


1.1. “Agreement” means this Consulting Agreement.

1.2. “Confidential Information” means any information that concerns OWASP’s business, plans, partners, customers, technology or products and is proprietary and/or confidential in nature, including without limitation Confidential Information provided as part of this Agreement..

1.3. “Consultant” means the individual or independent business entity specified above and, individually and collectively, the agents, employees, officers, partners, principals and contractors of such individual or business entity.

1.4. “Services” means, collectively and individually, as the context requires, the services to be performed by Consultant hereunder as described on Exhibit A attached hereto.


2.1. Compensation. OWASP agrees to pay to Consultant for the Services performed by Consultant the compensation set forth on Exhibit A. Consultant shall be responsible for all costs and expenses incidental to the performance of the Services, except as otherwise expressly set forth in Exhibit A.

2.2. Independent Contractor Status. The parties hereto acknowledge and agree that Consultant is an independent contractor to OWASP and not an employee, agent, joint venturer or partner of OWASP. Neither Consultant nor Consultant’s employees nor agents (including independent contractors, consultants and subcontractors) shall have the status or any rights of being an employee of OWASP and none of them shall participate in or receive any employee benefits pursuant to plans, group insurance, programs or arrangement (including, but not limited to, those providing for salary, vacation, bonus or incentive compensation, stock option/purchase, retirement, pension, deferred savings, disability, medical and dental) (together, “Benefits”) that OWASP provides or makes available to its employees, regardless of whether Consultant or its employees or agents (including independent contractors, consultants and subcontractors) otherwise are or should become eligible to participate in such Benefits. At all times, Consultant is responsible for providing benefits to and for itself and to its own employees and agents (including independent contractors, consultants and subcontractors) including, but not limited to, those mandated by applicable laws and those voluntarily provided by employers to their employees. Consultant further acknowledges and agrees that, as an independent contractor, Consultant will not be entitled to (i) make a claim for unemployment, worker’s compensation or disability pursuant to this Agreement or Consultant’s relationship with OWASP, or (ii) receive any vacation, health, retirement or other benefits pursuant to this Agreement or Consultant’s relationship with OWASP. OWASP will not (a) withhold FICA (Social Security) from its payments to Consultant, (b) make state or federal unemployment insurance contributions on behalf of Consultant, or (c) withhold state and federal income taxes from its payments to Consultant. Consultant hereby represents and warrants to OWASP that, except as otherwise expressly provided herein, all activities and work performed by Consultant under this Agreement shall be at Consultant’s own risk and liability. Consultant agrees to indemnify and hold harmless the OWASP and its directors, officers and employees from and against all taxes, losses, damages, liabilities, costs and expenses, including attorneys’ fees and other legal expenses, arising directly or indirectly from or in connection with a determination by a court or agency that the Consultant is not an independent Consultant and any obligation imposed on OWASP to pay withholding taxes or similar items in respect of Consultant.

2.3. Non-exclusive Relationship. This Agreement is non-exclusive. Consultant shall retain the right to perform work for others during the term of this Agreement. OWASP may cause work of the same or a different kind to be performed by its own personnel or other contractors or consultants during the term of this Agreement.


3.1. Services. Consultant agrees to provide the Services set forth on Exhibit A to OWASP with all due care, skill and ability and shall use its best efforts to promote the interests of OWASP. OWASP may change the scope of the Services, provided that any change requiring additional services shall be subject to the parties’ mutual agreement regarding Consultant’s compensation in connection therewith. Any such agreement regarding additional compensation shall be set forth in a signed, written amendment to this Agreement.

3.2. Method of Performing Services; Supervision. Consultant will generally determine the method, details and means of performing the Services provided, however, that Consultant is required to comply with OWASP’s reasonable instructions and co-operate with OWASP in all matters relating to the Services. Consultant shall observe OWASP’s security, safety and any other work-related policies at all times. In addition, OWASP shall be entitled to exercise a broad, general right of supervision and control over the results of the Services performed by Consultant to ensure satisfactory performance thereof. This power of supervision shall include the right to inspect, stop work, make suggestions or recommendations as to the details of the work, and request modifications to the scope of the Services.

3.3. Scheduling and Reporting. Consultant will use its best efforts to accommodate OWASP’s work schedule requests. If Consultant is unable to perform the scheduled Services because of illness or other causes beyond Consultant’s reasonable control, Consultant will attempt to perform such Services as soon as is reasonably practicable. For clarity, no fee shall be payable in accordance with Exhibit A in respect of any period during which Services are not provided. During the term of the provision of the Services, the Consultant shall, on a monthly basis, submit written reports to OWASP’s executive management in connection with matters relating to the provision of the Services. Such report shall detail the activities performed by Consultant in the prior month in relation to the Services including, without limitation, progress reports on each aspect of the Services detailed in Exhibit A and all such information reasonably requested by OWASP. 3.4. Place of Work. Consultant will use reasonable efforts to be available on reasonable notice to attend meetings and provide assistance or information as OWASP may require. Consultant will perform the Services off-site in a distraction-free place and also at OWASP’s premises if requested by OWASP. OWASP agrees to provide such working space and facilities as may be reasonably necessary for Consultant to perform the Services at OWASP’s premises. OWASP may also require Consultant to travel occasionally to perform the Services.

3.5 Individuals Providing Services. Each and every individual performing the Services on behalf of Consultant hereunder shall be listed on Exhibit C attached hereto. Exhibit C may be amended from time to time by a written update of the Exhibit signed by the parties.


4.1. Confidential Information. Consultant shall maintain in strict confidence, and shall use and disclose only as authorized by OWASP, all Confidential Information that Consultant receives in connection with its relationship with OWASP and its efforts to provide the Services. Consultant shall only disclose Confidential Information to its employees who have a direct need to obtain access thereto in connection with the performance of services under the Agreement. Consultant shall inform all such employees of its obligations hereunder.

4.2. Exclusions. The restrictions in Section 4.1 above shall not apply to information (i) generally available to the public; (ii) released by OWASP generally without restriction; or (iii) independently developed by Consultant without reliance in any way on Confidential Information. Consultant may disclose any Confidential Information to the extent required by an order of any court or other governmental authority of competent jurisdiction, but only after Consultant has notified OWASP of its intention to disclose such Confidential Information and OWASP has had an opportunity to seek a protective order to prevent such disclosure.

4.3. Residual Rights of Consultant. Notwithstanding anything to the contrary herein, Consultant shall be free to use and employ its general skills, know-how and expertise, and to use, disclose and employ any generalized ideas, concepts, know-how, methods, techniques or skills gained or learned during the course of the performance of any Services, so long as Consultant acquires and applies such information without disclosure of any Confidential Information and without any unauthorized use or disclosure of any Work Product.


Consultant agrees that, in consideration for OWASP’s payment to Consultant hereunder, all work product created or delivered by Consultant in connection with the performance of services, including, without limitation, ideas, concepts, techniques, works of authorship, programs, inventions, processes, copyrights, patents or trade secrets (“Work Product”) shall be and remain the property of OWASP. In no way limiting the foregoing, Consultant hereby grants, transfers, assigns, conveys and relinquishes, and agrees to grant, transfer, assign, convey and relinquish from time to time, on an exclusive basis, all of Consultant’s right, title and interest in and to the Work Product to OWASP in perpetuity or for the longest period otherwise permitted by law. Consistent with Consultant’s recognition of OWASP’s absolute ownership of all Work Product, Consultant agrees that it shall (i) not use any Work Product for the benefit of any party other than OWASP, and (ii) perform such other acts and execute such other documents and instruments as OWASP may now or hereafter deem reasonably necessary or desirable to evidence the transfer of absolute ownership of all Work Product to OWASP. If, by operation of law, Consultant is deemed to retain any rights in and to any intellectual property created hereunder, Consultant, to the extent that any such rights conflict with any assignment of rights made by Consultant to OWASP hereunder, hereby waives all such rights and assigns to OWASP the rights set forth in this Section 5 above.


Consultant represents and warrants to OWASP that (i) all Services will be performed by Consultant in a good and workmanlike manner, in accordance with the best practices of Consultant’s industry, (ii) Consultant has no knowledge of any claims that would adversely affect Consultant’s ability to assign all right, title and interest in and to the Work Product to OWASP, (iii) Consultant has all requisite right and authority to enter into this Agreement with OWASP, (iv) to the best of Consultant’s knowledge, the Work Product does not violate any patent, copyright or other proprietary right of any third party, and (v) Consultant has the legal right to grant OWASP the assignment of Consultant’s interest in the Work Product as set forth in this Agreement. THE FOREGOING WARRANTIES ARE EXCLUSIVE, AND CONSULTANT DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


7.1 Insurance. Intentionally left blank.

7.2 Indemnity. To the fullest extent permitted by law, Consultant shall indemnify, defend and hold OWASP harmless from and against any and all claims, demands, actions, suits, proceedings, losses, damages, penalties, obligations, liabilities, costs and expenses (including, without limitation, reasonable attorneys’ fees) arising directly or indirectly, in whole or in part, from the performance of the Services, the negligence or willful misconduct of Consultant or the breach by Consultant of its obligations under this Agreement (including, without limitation, the breach of any warranty set forth in Section 6 above), except to the extent arising from the sole negligence or willful misconduct of OWASP. Consultant hereby acknowledges and agrees that the foregoing indemnity shall apply to the acts and omissions of its agents, employees, officers, partners, principals, contractors and subcontractors.


8.1. Term. This Agreement will become effective on the date first set forth in Exhibit A and will continue in effect through the earlier of the completion of the Services or the expiration date set forth on Exhibit A, unless earlier terminated in accordance with this Section 8.

8.2. Termination of Services and/or Agreement for Convenience by OWASP. OWASP may, at its sole option, for any reason terminate this Agreement and/or all or any portion of the Services immediately upon giving at least thirty (30) days prior written notice to Consultant. Upon receipt of such notice, Consultant shall cease providing further Services, advise OWASP of the extent to which Consultant has completed the Services through such date, and collect and deliver to OWASP whatever Work Product then exists, and any physical embodiment thereof, in the manner requested by OWASP. Following OWASP’s receipt of such Work Product, OWASP shall make a final settlement payment to Consultant for all work performed through the date of such termination within thirty (30) days. The Consultant may, at its sole option, for any reason terminate this Agreement immediately upon giving at least thirty (30) days prior written notice to OWASP. Provided that Consultant delivers to OWASP whatever Work Product then exists, and any physical embodiment thereof, in the manner requested by OWASP no later than seven (7) days following the expiration of the thirty (30) day period, OWASP shall make a final settlement payment to Consultant for all unpaid work performed by Consultant through the date of such termination within thirty (30) days of its receipt of such Work Product.

8.3. Termination of Agreement for Default. If either party fails to cure any breach of its obligations hereunder within ten (10) days following written notice thereof from the other party, then such other party may terminate this Agreement, effective immediately, by providing the defaulting party with written notice of termination.

8.4. Delivery Of Materials Upon Termination. Consultant agrees that, in the event of termination or expiration of this Agreement for any reason, Consultant will promptly and without request surrender and deliver to OWASP all materials containing, embodying or otherwise evidencing any Confidential Information, regardless of whether any such item or the information contained therein or thereon was prepared, produced or authored by Consultant, except that Consultant may retain a copy of this Agreement for its records.

8.5. Survival. Sections 2.2, 4, 5, 6, 7.2, 8.4, 8.5, 9.1 and 9.7 hereof shall survive the expiration or earlier termination of this Agreement.


9.1. Governing Law; Venue, Waiver of Jury Trial. This Agreement shall be governed by and interpreted in accordance with the laws of the State of Maryland, excluding its choice of law rules. Any dispute regarding the interpretation or validity of, or otherwise arising out of, this Agreement, or relating to Services provided under this Agreement, shall be subject to the exclusive jurisdiction of the Maryland state courts, and OWASP and Consultant agree to submit to the personal and exclusive jurisdiction and venue of these courts. The parties hereto expressly waive any right they may have to a jury trial and agree that any proceeding under this Agreement shall be tried by a judge without a jury. Consultant acknowledges and agrees that in the event of breach by Consultant of this Agreement, OWASP will not have an adequate remedy at law and that such breach will cause OWASP great and irreparable injury and damage. Therefore, Consultant agrees that OWASP shall be entitled to injunctive or other equitable relief, without waiving any additional rights or remedies otherwise available to OWASP.

9.2. Representation by Counsel. Consultant hereby certifies and represents that it (i) has been, or had the opportunity to be, represented by counsel in the negotiation of this Agreement, and (ii) understands and accepts its rights, duties and obligations under this Agreement.

9.3. Unenforceable Provisions. In the event that any of the provisions of this Agreement shall be held by a court or other tribunal of competent jurisdiction to be unenforceable, the remaining portions of this Agreement shall remain in full force and effect. The failure of either party to enforce at any time, or for any period of time, the provisions hereof shall not be construed to be a waiver of such provisions or of the right of such party to enforce each such provision.

9.4. Assignment. No portion of this Agreement or any of Consultant’s rights (including, without limitation, the right to payment for Services) or obligations hereunder may be assigned and/or delegated by Consultant without OWASP’s prior written consent, which consent may be granted or withheld in OWASP’s sole and absolute discretion.

9.5. Modifications. Any modifications of this Agreement shall be in writing and signed by both OWASP and Consultant.

9.6. Headings. Section and/or paragraph headings used in this Agreement are for reference purposes only and will not be used in the interpretation of this Agreement.

9.7. Complete Agreement. This Agreement, including all exhibits attached hereto, constitutes the complete and exclusive statement of the agreement between OWASP and Consultant, and it supersedes all proposals, oral or written, and all other communications between OWASP and Consultant relating to the subject matter of this Agreement.

9.8. Notices. Any notice required or permitted by this Agreement must be in writing and may be sent by facsimile by recognized commercial overnight courier or mailed. Any such notice will be effective as of the date of receipt. Each party may change its address by giving notice in accordance with this Section 9.8. Notices shall be addressed as set forth above.

9.9. Export Law Compliance. Consultant agrees to comply with applicable export laws and regulations carried out in OWASP’s discretion, including (a) signing written letters of assurance promising compliance with applicable export laws and regulations, and (b) consenting to background checks. Consultant further understands and agrees that OWASP may deny Consultant the use or access to any information or materials which in OWASP’s discretion may constitute items or products controlled under U.S. or other applicable export laws and regulations. Consultant’s failure to abide by this Section 9.9 is grounds for immediate disciplinary action or termination.

By OWASP Foundation

Name, Title, Date




_________ (the “Consultant”) and the OWASP Foundation have entered into a Consulting Agreement (the “Agreement”) as of _____ (the “Effective Date”) herewith pursuant to which Consultant has agreed to provide Services and/or create certain Work Product for OWASP. Unless otherwise defined herein, the defined terms used in this Exhibit shall have the same meanings as set forth in the Agreement.

A. Services to be provided by Consultant to OWASP shall be:

B. Compensation: Consultant shall be compensated for the Services and Work Product as follows:

Consultant shall submit a monthly invoice with net 30 terms to OWASP for Services performed by Consultant under this agreement.

==== End of Agreement ==