Travel and policies are avaialble for public review
12 views
Skip to first unread message
Andrew van der Stock
Apr 28, 2025, 12:50:01 AMApr 28
to Global-board
Hi Board,
I've created and published two policies for a potential May approval:
Working Groups - incorporates an informative note in the Committees policy, as well as a small bylaws change
Travel policy - incorporates much of the review by our community already
Additionally, it's more than time we passed the Privacy Policy. I will ask folks to write comments on that policy, and hopefully it can also come to be voted on in May.
Please review and comment. I'll convene the Policy Review Committee for the last week of May to incorporate all feedback.
Thanks,
Andrew
ashwini siddhi
May 8, 2025, 3:09:59 PMMay 8
to Andrew van der Stock, Global-board
Do we also need a 'Responsible use of AI' policy? I do not see anything related and hence the ask.
Regards
Ashwini
--
You received this message because you are subscribed to the Google Groups "Global-board" group.
To unsubscribe from this group and stop receiving emails from it, send an email to global-board...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/global-board/281df1fb-2704-4a4e-be45-4c09be6ea134n%40owasp.org.
Andrew van der Stock
May 13, 2025, 12:48:10 AMMay 13
to Global-board, ashwini siddhi, Global-board, Andrew van der Stock
We need a more comprehensive project policy to deal with generative AI creations. In particular, we need to ensure that, in consultation with our project leader community, we look at:
- CRA-related changes about secure software development and a carve out for training projects, like Juice Shop or others that are deliberately insecure
- CRA-related ensures that OWASP can pass repos to new project leadership or push changes to the repo in case of security issues and non-responsive leadership
- a Developer Certificate of Origin (DCO) or Contributor License Agreement (CLA) that ensures that the contributor has the authority to contribute code to us and/or under what terms
- Canonical CLA - https://ubuntu.com/legal/contributors
- Apache CLA - https://www.apache.org/licenses/contributor-agreements.html#clas
- Django CLA - https://www.djangoproject.com/foundation/cla/
- Django CLA - https://www.djangoproject.com/foundation/cla/
- Linux Foundation easyCLA (software for managing CLAs) https://github.com/communitybridge/easycla
- Linux Foundation DCO https://developercertificate.org/
- A review of our preferred licenses and ensure that OSI licenses and CC-by-SA etc, are still the best choices (I think they are, but still worth checking from time to time)
- Linux Foundation DCO https://developercertificate.org/
- A review of our preferred licenses and ensure that OSI licenses and CC-by-SA etc, are still the best choices (I think they are, but still worth checking from time to time)
- Contributors must carefully review code or documentation generated by AI for plagiarism, hallucinations, and falsehoods before being committed or released.
- OWASP does not allow AI agents or assistants that might create a copyright claim, especially if there's no attribution to the original content that the AI agent/assistant was trained on
This doesn't affect the member, events, or chapter community, so the project policy is the right place to do this.
thanks,
Andrew
On Friday, May 9, 2025 at 5:09:59 AM UTC+10 ashwini siddhi wrote:
Do we also need a 'Responsible use of AI' policy? I do not see anything related and hence the ask.RegardsAshwiniOn Mon, Apr 28, 2025 at 10:20 AM 'Andrew van der Stock' via Global-board <global...@owasp.org> wrote:Hi Board,I've created and published two policies for a potential May approval:Working Groups - incorporates an informative note in the Committees policy, as well as a small bylaws changeTravel policy - incorporates much of the review by our community alreadyAdditionally, it's more than time we passed the Privacy Policy. I will ask folks to write comments on that policy, and hopefully it can also come to be voted on in May.Please review and comment. I'll convene the Policy Review Committee for the last week of May to incorporate all feedback.Thanks,Andrew
--
You received this message because you are subscribed to the Google Groups "Global-board" group.
To unsubscribe from this group and stop receiving emails from it, send an email to global-board+unsubscribe@owasp.org.
ashwini siddhi
May 14, 2025, 2:14:53 PMMay 14
to Andrew van der Stock, Global-board
Good points and onboard with the idea as long as we have some guidance around use of AI within our projects.
Regards
Ashwini
To unsubscribe from this group and stop receiving emails from it, send an email to global-board...@owasp.org.
Reply all
Reply to author
Forward
0 new messages