Adopted by the Board on 20-Oct-2020
The OWASP Foundation is a community-led organization where some leadership roles are filled with individuals elected by Membership. While the following policy is specifically written for Board of Directors Elections, it should be used as a model for other OWASP elections. Generally, elections should be conducted in a fair and transparent manner which include:
- Sufficient notice period for nominations and voting
- Concise candidate and electorate qualifications
- Publicly available timelines on the OWASP website
- Open process for community to meet candidates
- Private method of voting
- Publication of full voting results
No later than two months prior to an election, a timeline will be publicly available that is minimally shared on the OWASP website. On the nearest business day, the timeline will include notices, important dates, and milestones to be gazetted on the OWASP website prior to the election process starting.
For the OWASP Board of Directors those annual milestones are:
- Call for Candidates, August 15
- Candidate Registration Deadline, August 31
- Candidates announced to the community, September 10
- “Membership Day,” September 30
- Election Voting Opens, October 15
- Election Voting Closes, October 30
- Results announced to the community, November 1
Elections shall include a method for the electorate to get to know the candidates and their position on topical matters. For the Board of Directors election, this method will minimally include a (1) two week call for questions from the community where a final list sorted by popularity for up to six questions will be provided to candidates, and (2) each candidate will post an online video linked on the Foundation’s website to a candidate community page.
Email sent to Members shall be the official and primary communication method to engage candidates and Members for OWASP elections. Members shall receive no less than three (3) email notices for the following: (1) call for candidates, (2) call for questions, (3) notice that in order to vote you must be a Member, and (4) notice to vote. Timelines for elections may include courtesy notices through other channels including social media and mailing lists; however, they are not required and should not be expected for official communications from the OWASP Foundation to Members and the community at large.
The OWASP Foundation sources its leadership from the community in a democratic process. There are no specific qualifications other than Membership and a strong commitment to the mission of the Foundation. Diversity candidates are strongly encouraged to participate in the leadership of the OWASP Foundation.
Membership Day, September 30th of each year, is the primary deadline for Board of Director election qualifications. It is the day of that year’s election for which Membership is required to be an eligible elector, and it is the day the previous year for which candidates must have maintained continuous Membership in good standing to be a qualified candidate.
As an example for the 2020 Board Elections:
- Members continuously in good standing since September 30, 2019 are qualified to run for Board of Directors seat
- Members in good standing on September 30, 2020 are eligible to vote
In the case of the Board of Directors, Members are elected for a two-year term which starts January 1 of the calendar year following the election. It is the responsibility of each Director on the Board to continuously maintain Membership in good standing while serving the Foundation.
Additionally, some leadership positions may additionally require winning candidates to execute various agreement(s) prior to assuming office. Failure to execute those agreement(s) will result in the censor and removal from the position.
Voting in elections shall be of secret ballot of Members. Balloting shall be open for no less than fourteen (14) and no more than (20) days. Voting closes at 11:59pm US-Pacific Time on the election voting end date. In the case of Board Elections, staff will ensure current Members of the Foundation receive a serialized ballot. Members can vote only once in each election per election cycle. Fraudulent behavior and efforts to either suppress or influence votes shall not be tolerated.
In situations where an election will be selecting more than one candidate, such is the case when Directors are elected to the Board, ballots will be designed to allow electors to cast as many votes as are allowed on one ballot. Electors are not required to cast the full number of votes allowed and can only vote for a single candidate once.
All OWASP elections shall fully report the results of balloting in no more than three (3) days following the close of voting. Each candidate with each individual vote total, and in the case where the electorate can cast more than one vote the cumulative total of all ballots cast, will be listed in a publicly available manner that is minimally shared on the OWASP website.
The Executive Director or their designee shall certify an election result. Member voting history is private, so no one other than the Member shall know their vote.
Sole Election Policy
Regardless of the information presented throughout the OWASP website or conveyed by its Leaders, members, staff or Directors, this page while also being subject to the OWASP Foundation By-Laws and Articles of Incorporation, is the sole and authoritative Election policy of the OWASP Foundation, Inc.