Open Security Controller Project Charter

The Linux Foundation

Effective June 28, 2017

 

  • Mission and Scope of Open Security Controller Project.

a.     The mission of Open Security Controller (the “Open Security Controller” or the “Project”) is to develop simplify orchestration of security for cloud infrastructure;

b.     The Project supports an open source, technical community to benefit the ecosystem of Open Security Controller vendor-neutral automation, orchestration and lifecycle management of security functions; across cloud and data center technologies;

c.     The Project promotes participation of leading members of the ecosystem, including ISV providers, security architects, network architects, developers, end users and product and solution providers; and

d.     The Project hosts the infrastructure for the technical community, establishing a neutral home for community infrastructure, meetings, events and collaborative discussions and providing structure around the business and technical governance of Open Security Controller.

  • Membership.

a.     Open Security Controller Project shall be composed of General and Associate Members. All General Members must be current corporate members of The Linux Foundation (at any level) to participate in Open Security Controller Project as a member. Anyone may propose a contribution to Open Security Controller Project’s technical codebase regardless of membership status. All participants in Open Security Controller Project, including Associate Members, enjoy the privileges and undertake the obligations described in this Open Security Controller Project Charter, as from time to time amended by the Governing Board with the approval of The Linux Foundation (“LF”). During the term of their membership, all members will comply with all such policies as the LF Board of Directors and/or Open Security Controller Project may from time to time adopt with notice to members.

b.     The Associate Member category of membership is limited to non-profits, open source projects, and government entities, and requires approval by the Governing Board of Open Security Controller Project (“Governing Board”), or, if the Governing Board sets criteria for joining as an Associate Member, the meeting of such criteria. If the Associate Member is a membership organization, Associate Membership in Open Security Controller Project does not confer any benefits or rights to the members of the Associate Member.

c.     General Members shall be entitled to appoint a representative to the Governing Board, the Marketing Committee and any other committees established by the Governing Board.

d.     General Members  and Associate Members shall be entitled to:

i.     participate in Project general meetings, initiatives, events and any other activities; and

ii.     identify themselves as members of, or participants in, Open Security Controller Project.

  • Governing Board

a.     Composition – the Governing Board voting members shall consist of:

i.     one representative appointed by each General Member; and

ii.     the TSC Chair elected by the TSC, as defined in Section 4 below.

b.     No single Member, company or set of Related Companies (as defined in Section 6) shall (i) appoint or nominate for Membership class election more than one representative for the Governing Board, or (ii) have more than two representatives on the Governing Board. For purposes of clarity, it is acceptable for one Member to appoint a representative and have another employee elected as the TSC Chair to serve on the Governing Board.

c.     Conduct of Meetings

i.     Governing Board meetings shall be limited to the Governing Board representatives (and LF representatives and invited guests) and follow the requirements for quorum and voting outlined in this Charter. The Governing Board may decide whether to allow one named representative to attend as an alternate.

ii.     The Governing Board meetings shall be private unless decided otherwise by the Governing Board. The Governing Board may invite guests to participate in consideration of specific Governing Board topics (but such guest may not participate in any vote on any matter before the Governing Board).

d.     Officers

i.         The Officers of Open Security Controller Project shall be a Chairperson (“Chair”) and a Treasurer.

ii.         The Chair shall preside over meetings of the Governing Board and manage any day-to-day operational decisions and prepare minutes of the meetings of the Governing Board for approval by the Governing Board.

iii.         The Treasurer shall prepare budgets for Board approval, monitor expenses against the budget and authorize expenditures approved in the budget.

e.     Responsibilities – the Governing Board shall be responsible for:

i.     approving the scope of Open Security Controller Project, with input from the TSC  including providing use cases, user stories and priorities to help inform the technical community;

ii.     approving a budget directing the use of funds raised by Open Security Controller Project from all sources of revenue;

iii.     electing Officer;

iv.     overseeing all Project business and marketing matters and work with the Linux Foundation on any legal matters that arise;

v.     adopting and maintaining policies or rules and procedures for Open Security Controller Project (subject to LF approval) including but not limited to a Code of Conduct, a trademark policy and any compliance or certification policies;

vi.     working with the TSC on defining and administering any programs for certification, including any Project certification or processes for Open Security Controller Project;

vii.     approving procedures for the nomination and election of any officer or other positions created by the Governing Board; and

viii.     voting on all decisions or matters coming before the Governing Board.

  • Technical Steering Committee (“TSC”)

a.     Composition

i.     “Startup Period”: During the initial twelve (12) months after project launch, the TSC voting members shall consist of one (1) appointed representative from each General Member.

ii.     “Steady State”: After the Startup Period, there shall be a nomination and election period for electing Contributors or Maintainers to the TSC. The TSC voting members shall consist of  eight (8) elected Contributors or Maintainers chosen by the Active Contributors, as defined herein. An Active Contributor is defined as any Contributor who has had a contribution accepted into the released codebase during the prior twelve (12) months. The TSC shall approve the process and timing for nominations and elections held on an annual basis. If there are fewer than  eight (8) eligible nominees for the TSC, the Governing Board shall approve an appropriate size for the TSC.

iii.     In either Startup Period or Steady State, no Member or group of Related Companies shall have more than three (3) votes on the TSC. In the event a Member or group of Related Companies go over the limit in the Steady State, the Member or group of Related Companies may determine which position(s) on the TSC to resign from. In the event of resignation, the TSC shall approve a process to elect a new representative(s).

b.     The Governing Board shall approve a transition plan (developed with the TSC) to transition the TSC from the Startup Period to Steady State.

c.     Projects approved by the TSC generally involve Maintainers and Contributors:

  1. Contributors: anyone in the technical community that contributes code, documentation or other technical artifacts to Open Security Controller Project codebase.
  2. Maintainers: Contributors who have the ability to commit code and contributions to a project’s main branch on a Open Security Controller Project project. A Contributor may become a Maintainer by a majority approval of the existing Maintainers.
  • The TSC may choose to establish additional roles in the community as appropriate (e.g., a Project Technical Lead or “PTL”).
  1. Participation in Open Security Controller Project as a Contributor and/or Maintainer is open to anyone. The TSC may:
    1. establish work flows and procedures for the submission, approval and closure or archiving of projects,
    2. establish criteria and processes for the promotion of Contributors to Maintainer status, and
  • amend, adjust and refine the roles of Contributors and Maintainers listed in Section 4.c., create, amend, adjust and refine new roles and publicly document responsibilities and expectations for such roles, as it sees fit.
  1. The TSC shall elect a TSC Chair, who shall also serve as a voting member of the Governing Board, and is expected to act as a liaison between the Governing Board and technical leadership of Open Security Controller Project. It is expected the TSC Chair shall be able to dedicate a significant amount of their time to Open Security Controller Project.
  2. Responsibilities: The TSC is responsible for:
  1. coordinating the technical direction of Open Security Controller Project, including selecting the architecture and designation of projects to achieve the Mission and Scope of Open Security Controller Project;
  2. approving project proposals (including, but not limited to, incubation, deprecation and changes to a project’s charter or scope) in accordance with a project lifecycle document to be developed, approved and maintained by the TSC;
  • designating top level projects and facilitating synergy, collaboration and technical coordination (API, data Models etc.) across all projects;
  1. creating sub-committees or working groups to focus on cross-project technical issues or opportunities;
  2. coordinate technical community engagement with the End User (as defined in Section 6 below) community with respect to requirements, high level architecture, implementation experiences, use cases, etc.;
  3. communicating with external and industry organizations concerning Project technical matters;
  • appointing representatives to work with other open source or standards communities;
  • establishing community norms, workflows or policies for releases;
  1. discussing, seeking consensus, and where necessary, voting on technical matters relating to the code base that affect multiple projects; and
  2. establishing election processes for Maintainers or other leadership roles in the technical community, whether within or outside of the scope of any single project.
  • Voting
  1. While it is the goal of Open Security Controller Project to operate as a consensus based community, if any decision requires a vote to move forward, the representatives of the Governing Board or TSC as applicable, shall vote on a one vote per voting representative basis.
  2. Quorum for Governing Board or TSC meetings shall require two-thirds of the voting representatives. If advance notice of the meeting has been given per normal means and timing, the Governing Board or TSC may continue to meet even if quorum is not met, but shall be prevented from making any decisions at the meeting.
  3. Except as provided in Section 12.d and 13.a., decisions by vote at a meeting shall require a majority vote, provided quorum is met. Except as provided in Section 12.d. and 13.a., decisions by electronic vote without a meeting shall require a majority of all voting representatives.
  4. In the event of a tied vote with respect to an action that cannot be resolved by the Governing Board, the chair shall be entitled to refer the matter to the LF for assistance in reaching a decision. For all decisions in the TSC or other committee created by the Governing Board, if there is a tie vote, the matter shall be referred to the Governing Board.
  • Subsidiaries, Etc.
  1. Definitions:
    1. “Subsidiaries” shall mean any entity in which a Member owns, directly or indirectly, more than fifty percent of the voting securities or membership interests of the entity in question;
    2. “Related Company” shall mean any entity which controls or is controlled by a Member or which, together with a Member, is under the common control of a third party, in each case where such control results from ownership, either directly or indirectly, of more than fifty percent of the voting securities or membership interests of the entity in question; and
  • “Related Companies” are entities that are each a Related Company of a Member.
  1. Only the legal entity which has executed a Participation Agreement and its Subsidiaries shall be entitled to enjoy the rights and privileges of such Membership; provided, however, that such Member and its Subsidiaries shall be treated together as a single Member.
  2. Only one Member which is part of a group of Related Companies shall be entitled to appoint, or nominate for a membership class election, a representative on the Governing Board at one time.
  3. If a Member is itself a foundation, consortium, open source project, membership organization, user group or other entity that has members or sponsors, then the rights and privileges granted to such Member shall extend only to the employee-representatives of such Member, and not to its members or sponsors, unless otherwise approved by the Governing Board in a specific case from time to time.
  4. Memberships shall be non-transferable, non-salable and non-assignable, except that any Member may transfer its current Membership benefits and obligations to a successor to substantially all of its business and/or assets, whether by merger, sale or otherwise; provided that the transferee agrees to be bound by this Charter and the Bylaws and policies required by Linux Foundation membership.
  • Antitrust Guidelines
  1. All members shall abide by The Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy.
  2. All members shall encourage open participation from any organization able to meet the membership requirements, regardless of competitive interests. Put another way, the Governing Board shall not seek to exclude any member based on any criteria, requirements or reasons other than those that are reasonable and applied on a non-discriminatory basis to all members.
  • Code of Conduct
    1. The Governing Board shall adopt a specific Project code of conduct, with approval from the LF.
  • Budget
  1. The Governing Board shall approve an annual budget and never commit to spend in excess of funds raised. The budget and the purposes to which it is applied shall be consistent with the non-profit mission of The Linux Foundation.
  2. The Linux Foundation shall provide the Governing Board with regular reports of spend levels against the budget. In no event shall The Linux Foundation have any obligation to undertake any action on behalf of Open Security Controller Project or otherwise related to Open Security Controller Project that is not be covered in full by funds raised by Open Security Controller Project.
  3. In the event any unbudgeted or otherwise unfunded obligation arises related to Open Security Controller Project, The Linux Foundation will coordinate with the Governing Board to address gap funding requirements.
  • General & Administrative Expenses
  1. The Linux Foundation shall have custody of and final authority over the usage of any fees, funds and other cash receipts.
  2. A General & Administrative (G&A) fee will be applied by the Linux Foundation to funds raised to cover Finance, Accounting, and operations. The G&A fee shall equal 9% of Open Security Controller Project’s first $1,000,000 of gross receipts each year and 6% of Open Security Controller Project’s gross receipts each year over $1,000,000.
  3. Under no circumstances shall The Linux Foundation be expected or required to undertake any action on behalf of Open Security Controller Project that is inconsistent with the tax exempt purpose of The Linux Foundation.
  • General Rules and Operations. The Open Security Controller Project project shall be conducted so as to:
  1. engage in the work of the project in a professional manner consistent with maintaining a cohesive community, while also maintaining the goodwill and esteem of The Linux Foundation in the open source software community;
  2. respect the rights of all trademark owners, including any branding and usage guidelines;
  3. engage The Linux Foundation for all Open Security Controller Project press and analyst relations activities;
  4. upon request, provide information regarding Project participation, including information regarding attendance at Project-sponsored events, to The Linux Foundation;
  5. coordinate with The Linux Foundation in relation to any websites created directly for Open Security Controller Project; and
  6. operate under such rules and procedures as may from time to time be approved by the Governing Board and confirmed by The Linux Foundation.
  • Intellectual Property Policy

a.   Inbound Contributions.  Members agree that all new inbound code contributions to Open Security Controller Project shall be made under the Apache License, Version 2.0 (available athttp://www.apache.org/licenses/LICENSE-2.0). All contributions shall be accompanied by a Developer Certificate of Origin sign-off (http://developercertificate.org) that is submitted through a Governing Board and LF-approved contribution process. Such contribution process will include steps to also bind non-Member contributors and, if not self-employed, their employer, to the licenses expressly granted in the Apache License, Version 2.0 with respect to such contribution.

b.   Outbound License.  All outbound code will be made available under the Apache License, Version 2.0.

c.   Documentation.  All documentation will be contributed to and made available by Open Security Controller Project under the Creative Commons Attribution 4.0 International License (available athttp://creativecommons.org/licenses/by/4.0/).

d.   Exceptions.  If an alternative inbound or outbound license is required for compliance with the license for a leveraged open source project or is otherwise required to achieve Open Security Controller Project’s mission, the Governing Board may approve the use of an alternative license for specific inbound or outbound contributions on an exception basis. Any exceptions must be approved by the LF and by a two-thirds vote of the entire Governing Board and must be limited in scope to what is required for such purpose. Please email legal@opensecuritycontroller.org to obtain exception approval.

f.    Trademarks.   Subject to available Project funds, Open Security Controller Project may engage The Linux Foundation to determine the availability of, and to pursue registration of, trademarks, service marks, and certification marks, which shall be owned by the LF.

  • Amendments

This charter may be amended by a two-thirds vote of the entire Governing Board, subject to approval by The Linux Foundation.