Flagship status for two AI projects

[Steve Springett]

Project Committee Members,


I hope this message finds you well. As the Vice Chair of the OWASP Global Board of Directors, I would like to request your formal review of the following OWASP projects for consideration of Flagship status:


OWASP Top 10 for LLM (Lab)
https://owasp.org/www-project-top-10-for-large-language-model-applications/


OWASP AI Security and Privacy Guide (aka OWASP AI Exchange) (Incubator)
https://owasp.org/www-project-ai-security-and-privacy-guide/


These projects have shown significant progress, community engagement, and alignment with OWASP’s mission. I kindly ask that you evaluate both and, if you find them to meet the criteria, recommend them for Flagship status to the Global Board of Directors.

Please let me or the project leads know if you require additional information or documentation. Thank you for your time and attention, and I look forward to your recommendations.

—

Steve Springett Leader, OWASP CycloneDX and Dependency-Track Leader and Co-author, OWASP SCVS Chair, OWASP CycloneDX and Ecma TC54 Vice Chair, OWASP Global Board of Directors

[Starr Brown]

Hi Steve - 

We will add the review of the AI Exchange and I will share the standardization / legislative reasons why this project is going to gain attention in the immediate future.

The Top 10 for LLM project is going to be rebranded, per the core team's initiative, under the GenAI Security Project umbrella. They have a year long co-branding plan to not lose recognition in the market. This is a work in progress and will be live in the beginning of March to coincide with their release schedule and promotion of it.

Thank you.

Best,

Starr Brown

Director of Projects

OWASP Foundation

404.353.5666

OWASP 2025 Global AppSec EU - Barcelona - May 26-30, 2025

[scott clinton]

Steve, Project Committee,

Please let me know if you would like me to share an updated project business review. We have brought on 5 new sponsors this last month, seen our total community #s exceed 10,000 (slack/LI/newsletter) growing Q/Q @ 38%, see 1K+ daily downloads across multiple resources with the recent Red Teaming and Agentic Security Guides each exceeding the initial impressions of the Top 10 list.

As a reminder we are taking steps over the next couple of weeks to address the committee's previous feedback, and renaming the project to the OWASP Gen AI Security Project while repositioning the Top 10 List as an initiative alongside the other project initiatives to maintain the integrity of the "Top 10 list" as an individual project/deliverable.

Again, please let me know if you have any questions.

Best Regards,

- Scott
 

[Björn Kimminich]

Hi everyone,

we discussed the Flagship promotion proposals yesterday in the committee meeting. For details see the minutes, here's just the TL;DR:

The Flagship title is decoupled from Incubator>Lab>Production maturity levels and does not need committee endorsement. This is a board decision exclusively, and exactly for the reason of strategic or political factors being in play that the project committee lacks insight into.

---

Personally I just want to add, that I appreciate the fact that LLM Top 10 now implements the previously proposed name change to make it more obvious as an umbrella-style project. 👍

Cheers,
Björn

[Steve Springett]

Thanks Björn,


I wanted to bring it to the project committee as the committee charter (promotions tab) states:

Requests to promotion to Flagship will be evaluated by the Project Committee and a recommendation brought to the OWASP Global Board.

If the "project committee lacks insight into” board strategy as you mentioned, then the charter should be modified to remove the above statement.


I will bring a motion forward for promotion of these two projects to Flagship.

— Steve