OWASP 2014 Project Handbook Project Leader Expectations

Project Leader Expectations
All OWASP Project Leaders are expected to act with integrity, openness, and abide by the OWASP Core Values and OWASP Code of Ethics. All Project Leaders should treat everyone within and outside the OWASP community with respect, and this includes board members and employees. Leaders should work towards collaborating in a professional manner with all involved in the face of conﬂict. Please remember we are all here to make the world a better place through software security by making it more visible to the world. The majority of the OWASP community is made up of volunteers, and we must all respect each other’s contributions and opinions even if we disagree. Aside from the behavioral expectations OWASP has of its Leader, there are a handful of operational OWASP Project policies and guidelines that Leaders must abide by. You can ﬁnd a brief summary of each, below.

OWASP Project Spending Policy
The project spending policy is a series of guidelines aimed at assisting OWASP Project Leaders with OWASP Project spending related questions. Generally, it is perfectly ﬁne to spend project funds on things such as stickers, swag, marketing or other support services. It becomes tricky when looking at whether you can spend your project's funds on another project though - technically, those are not a Project Leader’s personal funds for his/her projects. A Project Leader is a steward for the funds of the project that he/she is the leader of. If a Project Leader ﬁnds that their project funds would be of better use in another project, then we recommend those funds get donated back to the general project fund. This way, anyone can request reimbursement for expenditures for other projects from the general project budget. This shows a fairness toward all projects and more transparency in the allocation of funds. In order to avoid any problems or misunderstandings in the future, we have developed the project spending guidelines. The aim is to provide clear expectations of how OWASP Projects should spend project funds, and what are appropriate project expenses. Please see Appendix 8.6 for a full list of the guidelines.

OWASP Grant Spending Policy
OWASP has grown considerably over the past few years, and this means that our project inventory has grown as well. We currently manage over 100 open source projects under the OWASP brand umbrella. OWASP prides itself on being able to spend resources in the pursuit of potential grant funding opportunities for our projects. However, our recent successful grant proposals have added several restrictions in the way we can spend grant awarded funds as an organization. Any funds that come into OWASP have an obligation to be spent in support of the mission. Additionally, there are speciﬁc guidelines that the IRS has on expenditures that fall into the category of grants. Grants are deﬁned as any funds that OWASP gives (for travel or other items ) without receiving anything in return. For example, when we pay for travel for Project Leaders or community members to speak at our events, this is not a grant because we are receiving a service in exchange for covering the costs of travel. In contrast, if we pay for a Project Leader to attend an AppSec conference where we are allowing one individual from the industry to come to our event for free, and we cover the cost with no expectation of performance or work, this is a grant. We need to then show that we have criteria that were used to determine who received the funding and the amount they received, in this case. In order to avoid any problems or mis-understandings, we have developed a few guidelines to provide clear expectations of how grant awarded funds are to be managed and spent by all OWASP Projects. Please see Appendix 8.5 for a full list of the guidelines.

OWASP Project Sponsorship Operational Guidelines
The Project Sponsorship Operational Guidelines aim to inform project sponsors of what they can expect if they donate funds, or other resources, to an OWASP Project. Additionally, they outline what Project Leaders can offer sponsors in exchange for donating funds to their OWASP Project. In order to avoid future misunderstandings, we have developed these guidelines to provide clear expectations of how sponsors and projects are expected to interact when funds are given to a project for product development. Please see Appendix 8.7 for the guidelines.