BY-LAWS OF
SOFTWARE ASSURANCE FORUM FOR EXCELLENCE IN CODE
NAME AND OFFICE
1.01 Name. This Corporation shall be known as the Software Assurance Forum for Excellence in Code and abbreviated as "SAFECode".
1.02 Office. The principal office of the Corporation shall be located in such place as the Board of Directors may from time to time appoint or as the purposes of the Corporation may require.
PURPOSE
2.01 Purpose of the Software Assurance Forum for Excellence in Code: The SAFECode is a center of industry expertise on software assurance and integrity controls related to hardware, software, and services and its mission includes working to improve practices within and among IT vendors and raising awareness among governments and critical infrastructure providers and large enterprises. SAFECode is organized and shall be operated exclusively for educational and charitable purposes within the meaning of Section 501(c)(3) of the Internal Revenue Code. SAFECode functions shall include but not be limited to:
| a) | Identifying and sharing knowledge regarding software development and product integrity best practices, techniques and tools, as appropriate. |
| b) | Evangelizing and promoting secure development methods and integrity controls within and among IT vendors. |
| c) | Educating owner and operators of large enterprises about the software development methods and integrity controls used in designing, developing and delivering IT products and services. |
| d) | Providing information technology associations with technical materials and guides that can raise awareness about IT vendor efforts and enhance government and enterprise security and risk management efforts. |
| e) | Developing and recommending improvements in educational curricula. |
| f) | Identifying and promoting relevant metrics. |
| g) | Such additional purposes as the SAFECode Board of Directors may from time to time approve consistent with the foregoing purposes. |
MEMBERS AND DIRECTORS AND MEETINGS THEREOF
3.01 Membership. The SAFECode will accept for membership information technology vendors with (a) significant global business activity in IT products such as hardware, software, and services; and (b) dedicated resources to product/service assurance and integrity controls.
3.02 Evaluation of Eligibility for Membership. A prospective member shall complete a membership application and submit it to the Secretary of SAFECode. The application shall be placed on the agenda of the next occurring Board of Directors meeting, or if none is scheduled within sixty (60) days, the Secretary shall call a special meeting of the Board of Directors for the purpose of evaluating the application. The Board of Directors may recommend membership, in which event the application shall be placed before the next scheduled meeting of the SAFECode, or if none is scheduled within ninety (90) days, shall declare a special meeting of SAFECode for the purpose of considering the application, or shall order an electronic ballot. If the Board of Directors declines to recommend approval of the prospective member, the application shall be returned to the prospective member with an explanation of the basis for the Board's action. The prospect will become a full Member of SAFECode upon approval by a majority of the existing Members.
3.03 Qualification. An IT Vendor which has been approved for a membership in SAFECode in the manner specified by the Board of Directors and paid the necessary dues will become a voting member of the corporation and shall be entitled to all the privileges and courtesies of the corporation.
3.04 Rights and Privileges. Each voting member shall be entitled to one vote on all matters submitted to the voting members of the corporation.
3.05 Obligations of Membership. Members shall be obligated to abide by these Bylaws and any other rules or policies adopted by the Board of Directors, as well as remain current in all dues and any other financial obligations. In addition, Members shall enter into a confidentiality and non-disclosure agreement with respect to information provided by other Members and information developed by or through SAFECode.
MEETINGS OF MEMBERS
4.01 Annual Meeting. An annual meeting of the members shall be held at such time and place as determined by the Board of Directors.
4.02 Special Meetings. Special Meetings of the members may be called by the Chair, the Board of Directors, or one-third (1/3) of the members.
4.03 Place of Meeting. The Board of Directors may designate any place, either within or without the District of Columbia, as the place of meeting for any special meeting called.
4.04 Notice of Meeting. Written notice stating the place, day, hour and purpose of any meeting of members shall be delivered, either personally, by U.S. mail, or electronic communication to each member entitled to vote at such meeting, not less than ten (10) nor more than sixty (60) days before the date of such meeting to each member of record entitled to vote at the meeting. Notice of a meeting need not be given to any member who signs a waiver of the notice, in person or by proxy, whether before or after the meeting.
4.05 Quorum. Presence in person or by proxy of a majority of the members shall be necessary to constitute a quorum for the transaction of business
4.06 Manner of Acting. A majority of the votes entitled to be voted on any given matter by the members present or represented by proxy at a meeting at which a quorum is present shall be necessary for the adoption thereof unless a greater proportion is required by law or by these by-laws.
BOARD OF DIRECTORS
5.01 Directors. The corporation shall be governed by a Board of Directors, sometimes hereinafter referred to in these by-laws as “the Board”. The number of Directors shall not be less than three (3) nor more than thirty (30) persons. The number of Directors, within the limits prescribed by this Article, may be increased or decreased at any meeting of the Board of Directors provided that no decrease in number shall be valid to the extent that it would operate to eliminate an incumbent Director whose term extends beyond that meeting.
5.02 Powers. All the corporate powers, except such as are otherwise provided for or limited in these by-laws or in the laws of the District of Columbia, shall be and are hereby vested in and shall be exercised by the Directors serving as a Board of Directors.
5.03 Term and Election of Directors. The Directors shall be elected by vote of the membership and shall hold office for two years and until their successors have qualified, unless prior thereto, they shall die, resign or be removed from office. Elections shall be held at the annual membership meeting or by electronic or mail ballot, as determined by the Board of Directors. Any Director may resign by delivering a written resignation to the Chair or Secretary of the Corporation.
5.04 Vacancies. Any vacancy occurring in the Board of Directors and any trusteeship to be filled by reason of an increase in the number of Directors may be filled by the affirmative vote of a majority of the remaining Directors, although said majority may be less than a quorum of the Board of Directors. A Director elected to fill a vacancy shall be elected for the unexpired term of his predecessor in office.
5.05 Removal of Directors. Directors may not be removed from the board except by a majority vote of the remaining members of the Board. Members who are being voted on for removal shall be given 30 days notice and opportunity to appeal the decision prior to the vote by the Board. In the event of removal of a Director, the remaining unexpired term of such Director shall be filled in accordance with the provisions of these by-laws.
5.06 Regular Meetings. Regular meetings of the Directors of the Corporation shall be held annually at the principal office of the Corporation or at such other place within or outside the District of Columbia, on such dates and at such times as the Board shall from time to time designate by resolution.
5.07 Special Meetings. Special meetings of the Board other than those required by statute, may be called at any time by the Chair. Additionally, the Chair upon the receipt of the request of any three Directors shall call a special meeting. Meetings shall be held at the principal office of the Corporation or at such other place within or outside of the District of Columbia as the Chair shall designate, including by means of telephone conference.
5.08 Meeting by Telephone. Any or all Directors may participate in any meeting of the Board by means of conference telephone or any means of communication by which all persons participating in the meeting are able to hear each other.
5.09 Notice of Meetings. Notice of the time, place, and purpose or purposes of regular or special meetings shall be given or served, either personally, by U.S. mail, or electronic communication upon each person who appears upon the books of this Corporation as a Director. Notice of any regular or special meeting of the Board shall be given not less than three (3) nor more than thirty (30) days prior to the date of such meeting. Such notice, if mailed, shall be directed to the Director at his address as it appears on the books of the Corporation, unless he shall have filed with the Secretary of the Corporation a written request that notices intended for him be mailed to some other address, in which case it shall be mailed to the address designated in such request.
5.10 Waiver of Notice. Whenever, under the provisions of any law or under the provisions of the Certificate of Incorporation or by-laws of this Corporation, the Board or any committee thereof is authorized to take any action after notice to the Board or to the members of a committee or after the lapse of a prescribed period of time, such action may be taken without notice and without the lapse of any period of time, if any time before or after such action be completed, provided, however, that such requirement be waived in writing by the person or persons entitled to such notice or entitled to participate in the action to be taken.
5.11 Quorum. At any meeting of the Board or a committee, the presence of a majority of the Directors of the Board or committee members shall be necessary to constitute a quorum for all purposes, except as otherwise provided by law or in these by-laws, and the act of a majority of those present at any meeting at which there is a quorum shall be the act of such body, except as may be otherwise specifically provided by statute or by these by-laws. In the absence of a quorum, or when a quorum is present, a meeting may be adjourned from time to time by vote of the majority of those present in person, without notice to those not in attendance other than by announcement at the meeting. At least twenty-four (24) hours notice of the date of the adjourned meeting shall be given to any absent member. At any adjourned meeting at which a quorum shall be present, any business may be transacted which might have been transacted at the meeting as originally called.
5.12 Board Voting. At every meeting of Directors, each Director shall be entitled to one (1) vote.
5.13 Action by Consent. Any action required or permitted to be taken at any meeting of the Board may be taken without a meeting, if written consent thereto is signed by the Directors of the Board.
COMMITTEES OF THE BOARD OF DIRECTORS
6.01 Committees. The Board, by resolution adopted by a majority of the entire board, may appoint from among the Directors an Executive Committee and one or more other committees, each of which shall have at least two members. To the extent provided in the resolution, each committee shall have and may exercise all the authority of the Board, except the authority specifically and exclusively reserved to the Board by law. However, no such committee shall have the authority of the Board to amend, alter or repeal the Articles of Incorporation or Bylaws; elect, appoint or remove any director or officer of SAFECode; authorize or effect the merger, consolidation, or dissolution of SAFECode or revoke proceedings therefor; transfer the assets of SAFECode not in the ordinary course of business; or amend, alter or repeal any resolution of the Board of Directors which by its terms provides that it shall not be amended, altered or repealed by such committee. A Chair of the Executive Committee or any other committee may be elected by a majority vote of the members of such committee(s). Any member of a committee may be removed by the Board of Directors.
6.02 Standing Committees. SAFECode is supported by two permanent standing committees: the policy committee, and the technical committee.
(A) The Policy Committee will be responsible for identifying, evaluating, and analyzing the legal, regulatory and policy issues related to the assurance of IT products such as hardware, software and services. The Committee will also make recommendations to the board on the sequencing of SAFECode deliverables and promoting the completed deliverables with the public, governments, critical infrastructures and large enterprises.
(B) The Technical Committee, in coordination with the Policy Committee, will lead the development of SAFECode deliverables such as white papers, leading practices, procurement guides, and other such materials as deemed appropriate by the committee and the Board.
6.03 Advisory Committees. The Board may establish advisory committees to engage with important stakeholders groups including government, critical infrastructure owners and operators, academia, relevant trade associations, and other groups as appropriate. Among other functions, these committees would help SAFECode determine requirements and refine materials to better address IT ecosystem needs. Committee recommendations would not be binding on SAFECode.
OFFICERS
7.01 Number. The Board shall elect annually a Chair, a Vice Chair, a Secretary and a Treasurer, and such other officers with such powers and duties not inconsistent with these by-laws, as may be determined by the Board. The officers shall serve for one (1) year terms or until earlier periods occasioned by the death, resignation or removal of him, her or them as provided herein.
7.02 Vacancies. In case any office of the Corporation becomes vacant by death, resignation, retirement, disqualification, or any other cause, the Board may elect an officer to fill such vacancy, and the officer so elected shall hold office and serve until the election and qualification of his successor.
7.03 Chair. The Chair shall be the chief elected officer of the Corporation. He shall preside at all meetings of the Board and the Corporation and shall do and perform such other duties as may be assigned to him by the Board.
7.04 Vice Chair. At the request of the Chair, or in the event of his absence or disability, the Vice Chair shall perform the duties and possess and exercise the powers of the Chair; and to the extent authorized by law the Vice Chair shall have such other powers as the Board may determine, and shall perform such other duties as may be assigned to him by the Board.
7.05 Secretary. The Secretary shall in general perform all the duties incident to the office of Secretary, subject to the control of the Board, and shall do and perform such other duties as may be assigned to him by the Board.
7.06 Treasurer. The Treasurer shall in general, perform all the duties incident to the office of Treasurer, subject to the control of the Board and shall do and perform such other duties as may be assigned to him by the Board.
7.07 Removal. Any officer may be removed from office without cause by the affirmative vote of two-thirds of all Directors of this Corporation then in office at any regular meeting of the Board or at any special meeting called for that purpose.
AGENTS AND REPRESENTATIVES
8.01 Authority. The Board may appoint such agents and representatives of the Corporation with such powers and authority to perform such acts or duties on behalf of the Corporation as the Board may see fit, so far as may be consistent with these by-laws, and to the extent authorized or permitted by law. Major decisions involving the investment and disbursement of Corporate funds must be made by the Board, unless otherwise delegated by the Board to the Executive Committee or other committee. General administration and execution of funds to run SAFECode can be made by the Executive Director.
8.02 Executive Director. The Board of Directors may appoint an Executive Director who shall be the chief staff officer of SAFECode. The specific functions of the position shall include, but not be limited to, working closely with board and policy committees to (a) implement board directions, (b) facilitate member consensus, (c) identify and manage the full lifecycle of SAFECode deliverables, (d) act as SAFECode spokesperson including talking to press or testifying, (e) recruit new members, (f) foster relations with key stakeholders(government, industry and associations) and (g) oversee SAFECode administrative functions including managing budgets and contractors.
ANTITRUST COMPLIANCE
9.01 General. It shall be the practice of SAFECode to conduct all of its activities in strict conformance to all Federal and State antitrust laws. In furtherance thereof, the Board of Directors of SAFECode shall adopt an antitrust policy which shall be published to the Membership and to which all Officers, Directors, and Members shall adhere.
CONTRACTS AND ADMINISTRATION OF FUNDS
10.01 Agency. The Board, except as otherwise provided in these by-laws, may authorize any officer or the Executive Director to enter into any contract or execute and deliver any instrument in the name of and on behalf of the Corporation, and such authority may be general or confined to a specific instance; provided, however, that any and all such actions shall at all times be consistent with policies and procedures adopted from time to time by the Board.
FISCAL YEAR
11.01 The fiscal year of the Corporation shall be January 1 to December 31.
INDEMNIFICATION
12.01 Indemnification by the Corporation. Each person who was or is a defendant or respondent, or is threatened to be made a defendant or respondent, in any action, suit or proceeding, whether civil, criminal, administrative or investigative and whether formal or informal, by reason of the fact that he or she is or was a director or officer of the Corporation, shall be indemnified and held harmless by the Corporation for the defense of such action, suit or proceeding, against all costs, charges, expenses, liabilities and losses (including reasonable attorneys' fees, judgments, fines, taxes, or penalties and amounts paid or to be paid in settlement) reasonably incurred or suffered by such person in connection therewith, except in the event of willful misconduct or a knowing violation of criminal law, and such indemnification shall continue as to a person who has ceased to be a Director, officer, or employee and shall inure to the benefit of his or her heirs, executors and administrators. However, in the event of a settlement, the indemnification herein shall apply only when the Board of Directors approves such settlement and reimbursement as being for the best interests of the Corporation. Further, this indemnification obligation of SAFECode is limited to the amount of available insurance proceeds under any liability policy held by SAFECode.
12.02 Not in Restriction of Other Privilege. Such right of indemnification shall be in addition to, and not in restriction or limitation of, any other privilege or power which the Corporation may have with respect to the indemnification or reimbursement of members of the Board, officers, agents or employees.
AMENDMENTS
13.01 Amendments to By-Laws. These by-laws may be altered or amended by a majority vote of those present at any meeting of the Board held for this purpose provided, however, that notice in writing be given by the Secretary to each member of the Board at least ten (10) days in advance of the meeting; and further provided that any such action shall not be effective until it is ratified by the voting members.
DUES
14.01 Annual Dues. The Board of Directors may determine from time to time the amount of initiation fee, if any, and annual dues payable to the corporation by members of each class.
14.02 Payment of Dues. Annual dues for each member shall be determined by the Board and shall be payable in advance on the first day of January in each fiscal year. Annual dues of a new member shall be payable on the first day of the month after such new member is elected to membership.
14.03 Default and Termination of Membership. When any member of any class shall be in default of the payment of dues for a period of two months from the beginning of the fiscal year or a period for which such dues become payable, his membership may thereupon be terminated by the Board of Directors.