Antitrust, Anti Corruption, and Competition Policy (DRAFT WIP)

1. Purpose

The purpose of this policy is to ensure that the OWASP Foundation, Inc. and its Board of Directors conduct all activities in full compliance with applicable anti‑trust, competition, corruption, and anti‑bribery laws. As a global nonprofit stewarding open-source projects and community collaboration, OWASP must uphold the highest standards of fairness, independence, and ethical conduct.

This policy establishes expectations for Board members, volunteers, project leaders, and contributors to prevent anti‑competitive behavior, bribery, corruption, and improper influence.

2. Scope

This policy applies to:

• Members of the Board of Directors
• Officers, employees, contractors, and volunteers
• OWASP leaders, contributors, and maintainers
• Any individual acting on behalf of OWASP
• All OWASP programs, projects, events, partnerships, and community activities

3. Our Commitment

The OWASP Foundation, Inc. and its Board commit to:

3.1 Compliance With Anti‑Trust Laws

Board members must not engage in discussions or agreements—formal or informal—that could influence or distort the competitive marketplace in favor of one or more entities.

This includes avoiding:

• Collusion or coordination between competing organizations
• Discussions of pricing, commercial strategy, or exclusionary practices
• Sharing proprietary or confidential information that could affect competition
• Using OWASP influence to benefit any particular company

3.2 Independent Decision‑Making

All decisions must be made solely in the best interest of OWASP’s mission and community.

3.3 Anti‑Bribery and Anti‑Corruption Standards

OWASP prohibits:

• Offering, giving, soliciting, or accepting bribes
• Providing anything of value to improperly influence decisions
• Kickbacks, facilitation payments, or undisclosed gifts
• Preferential treatment in exchange for favors, donations, or sponsorships

Permitted items include:

• Nominal‑value promotional items
• Disclosed and approved sponsorships
• Transparent, documented contributions that do not influence governance decisions

4. Meeting Conduct

Board meetings must follow the published agenda and avoid anti‑competitive topics. At the start of each meeting the following statement shall be read aloud:

“As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting”

Conflicts of interest must be disclosed, and affected members must recuse themselves.

5. Responsibilities

5.1 Board Members

• Uphold anti‑trust and anti‑bribery laws in all discussions and decisions
• Avoid conflicts of interest and recuse when appropriate
• Ensure OWASP activities remain vendor‑neutral and mission‑aligned
• Maintain confidentiality of sensitive information

5.2 OWASP Leaders and Contributors

• Avoid accepting gifts, payments, or influence from vendors
• Ensure project decisions are transparent and free from improper influence

5.3 Employees, Contractors, and Volunteers

• Report any suspected violations
• Decline gifts or benefits that could influence judgment
• Maintain independence in procurement, partnerships, and program decisions

Where a contract exceeds the Executive Director’s signing authority, a competitive bidding process must be followed, and the contract must be reviewed and approved by the Board of Directors to ensure compliance with this policy.

5.4 Reporting Concerns

Any suspected anti‑trust, anti‑bribery, or ethical violation must be reported promptly to:

• The Whistleblower Program: https://policy.owasp.org/operational/whistleblower
• The Executive Director
• The Board Chair

OWASP prohibits retaliation against anyone who reports concerns in good faith.

6. Annual Review

This policy will be reviewed annually by the Board Governance Committee to ensure:

• Continued compliance with global anti‑trust and anti‑bribery laws
• Alignment with nonprofit best practices
• Updates to reflect regulatory changes, OWASP operational needs, and community expectations

Board members reaffirm their commitment each year through signing the Director’s Commitment Agreement and updating their conflict of interest disclosures as their circumstances change, or annually, whichever comes first.

Existing policy approved by the Board of Directors on 2025-12-16 that remain in effect until amended or replaced:

As members of the Board of Directors of the OWASP Foundation, Inc., we are committed to upholding all applicable antitrust laws and ensuring that our activities promote fair competition and ethical collaboration.

Policy:

• No Collusion: Board members must not engage in discussions or agreements - formal or informal - to impact or sway the competitive marketplace in favor of one or more entities, or to influence OWASP strategy or contracts in favor of any particular entity.
• Independent Decision-Making: All decisions regarding programs, partnerships, and member services must be made independently and in the best interest of OWASP’s mission.
• Meeting Conduct: Board meetings must avoid any topics that could be construed as anti-competitive to the marketplace, including sensitive commercial strategies or exclusionary practices
• Information Sharing: Confidential or proprietary information from OWASP or other organizations must not be shared or used in a way that could violate competition laws.
• Reporting Concerns: Any suspected antitrust violations must be promptly reported to the Chair, Executive Director, or via the whistleblower policy for review and appropriate follow up action.

Acknowledgment:

At the start of each Board meeting, the following statement shall be read aloud:

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

• This Antitrust Policy
• OWASP Conflict of Interest Policy
• Director’s Commitment Agreement

Each board member must review and adhere to this policy, and agrees through signing the Director’s Commitment Agreement that they agree and consent to this policy.

Failure to comply with this policy may result in disciplinary action, including removal from the board.