Formal reviews of the project were undertaken by Fabio Cerullo and Sebastien Deleersnyder, with the help of Larry Conklin.
The Codes of Conduct define a set of minimal requirements for six types of organizations active in the application security space, specifying what OWASP believes to be the most effective way to support its mission. These requirements are called a "code of conduct" to imply that these are normative standards, in that they represent a minimum baseline, and are not difficult to achieve.
As mentioned previously, I have largely been the custodian of these documents, which were mainly conceived and generated during OWASP Summit 2011 in Portugal. The primary authors and contributors to each document are:
- Jeff Williams for creating the following three documents, together with and all the participants in the working sessions on Outreach to Educational Institutions, and Minimal AppSec Program for Universities, Governments and Standards Bodies at the OWASP Summit 2011 in Portugal for their ideas and contributions to this effort. Reviewed by Dinis Cruz, Dave Wichers and myself for:
- Myself for:
- OWASP Purple Book - The OWASP Application Security Code of Conduct for Trade Organizations
- Jason Taylor, Jason Li , Martin Knobloch, Matthew Chalmers, and Justin Searle for creating the document, and all the participants in the working session on Certification at the OWASP Summit 2011 in Portugal:
- OWASP Red Book - The OWASP Application Security Code of Conduct for Certifying Bodies
- Jeff Williams and myself for:
- OWASP Gray Book - The OWASP Application Security Code of Conduct for Development Organizations
Please use the project mailing list to correspond ideas, suggestions and questions about these.