Rules of Procedure

Project Sponsorship

This policy has been deprecated and replaced with updates in the Rules of Procedure.

Project Sponsorship

The set of guidelines below aim to inform project sponsors of what they can expect if they donate funds, or other resources, to an OWASP Project. Additionally, they outline what project leaders can offer sponsors in exchange for donating funds to their OWASP Project.

In order to avoid any problems or misunderstandings, we have developed these guidelines to provide clear expectations of how sponsors and projects are expected to interact when funds are given to a project for product development.


  1. Any company or individual can donate funds to a project in exchange for the placement of one sponsorship logo on the OWASP project page and product they have sponsored.
  2. Donations or project sponsorship funds will be allocated with 10% going to the Foundation and 90% going to the Projects.
  3. There is no limit or minimum amount that a company or individual can give in funds to an OWASP Project. However, the minimum amount required to have a company logo on the OWASP Project wiki page and product is $1000 USD.
  4. Sponsors that donate less than $1000 USD will have their company name, and website url, added to the project wiki page and product. No logo will be placed for donations below this amount.
  5. A sponsor can choose to donate to the overall OWASP Projects budget. If the sponsor chooses to donate to the overall Projects budget, then one logo of their choosing will be placed on the OWASP Projects wiki page under the ‘Sponsors’ tab. The minimum amount required to have your company logo on the OWASP Projects page is $1000 USD.
  6. If a sponsor is donating funds to a specific project, then the logo must be placed in the ‘Acknowledgments’ tab under the ‘Project Sponsors’ heading using the new OWASP Projects wiki template.
  7. Sponsor logos must NEVER be placed anywhere other than within the ‘Acknowledgments’ tab under the ‘Project Sponsors’ heading on the project wiki page.
  8. Logos must be created using the following specifications for placement on the wiki page:
    • Resolution: 72dpi
    • File Type: .PNG or .JPEG
    • Size: No larger than 300 x 300 px
  9. Sponsor logos on the product: All sponsor logos must be placed on a page/section/location that is separate from the content of the product. They must contain the company logo, their name, and their website url. The aim is to have a separate section on the product that clearly lists sponsor information. Template acknowledgement copy: “OWASP does not endorse vendors, but we would like to acknowledge the following contributions….”
  10. Logos must be created using the following specifications for placement on the product:
    • Resolution: 300dpi
    • File Type: .EPS
    • Size: No smaller than 5in x 5in
  11. All sponsorship logos will be placed on the project product and wiki page for one year or until the next major release. All legacy projects will be given one year to comply with these guidelines starting on January 01, 2014.
  12. Logos must be sent to the OWASP Project Leader for inclusion on the OWASP Project wiki page and product. It is the responsibility of the Project Leader to make sure all of their project sponsors are properly represented on the OWASP Project wiki page and product.
  13. All additional contributors get their name, email address, company name (if desired), and a link to one external website (no logo). No logos should be added for individuals who only contribute time, or for any other sort of contribution.
  14. Project Sponsorship Rejection: A Project Leader can decide to accept sponsorships or not, but this must be across the board. In essence, a Project Leader must agree to accept all sponsors, or they must agree to deny all sponsorship support. However, if a Project Leader wants to reject a specific sponsor (not across the board) then an exception will have to be requested from the Board of Directors.
  15. If a Project Leader fails to follow these guidelines, the OWASP Projects Manager will notify the Project Leader of the infringement. If the infringement continues, the Project Leader may face the removal of all Project Leader privileges until further notice.