OWASP's assistance to those affected by the Ukraine War, and an update on sanctions


Andrew van der Stock

Tuesday, March 15, 2022

OWASP’s mission is to improve the state of appsec throughout the world. The war in Ukraine has made us realize that OWASP hasn’t sufficiently defined how we can best assist countries affected by force majeure events, such as wars, riots, disasters, or extreme weather.

We encourage everyone to assist our Ukrainian members and donate to non-political aid organizations, such as the International Red Cross. We ask our community to assist in any way, including donating and volunteering to provide assistance asked by our Ukrainian leaders and members. Please tune into #owasp-community on Slack if you can help.

OWASP is mandated by US 501 (c)(3) non-profit regulations to be non-political. Despite many of us in our community rightly having strong personal feelings about the war, OWASP is not permitted to make political statements.

OWASP is adopting an apolitical approach that provides relief and assistance for the duration of a force majeure event. As force majeure and sanctions apply to all operations, leaders, events, activities, and members, we need a unified policy. OWASP is moving and updating the sanctions policy from the Chapter policy to be a standalone Force Majeure and Sanctions Policy, one that is more nuanced and empathetic to OWASP Members who are likely not at fault, but will suffer as a result of sanctions.

OWASP Members have at least 30 days to comment on the new policy and offer advice and improvements:

Draft Force Majeure and Sanctions Policy

Force Majeure Implementation

For the duration of any Force Majeure event, including the war in Ukraine, the following assistance measures will come into effect:

  • Personal safety. As it’s incredibly unsafe to meet, even virtually, chapter, event, committee, and project leaders are exempt from all activity policy requirements.
  • Membership fee relief. Membership renewal fees are waived. We support our leaders and members; they should not be worried about keeping their membership current when their lives are at risk. We will be looking at joining fee waivers soon.
  • Employment assistance. The OWASP Foundation will assist member refugees in connecting with new employers if they need a new job. Members living in or formerly from a Force Majeure country can ask in #amplify on Slack or via logging a ticket (https://contact.owasp.org) to have their Linked In profiles shared.
  • Connecting Members with Employers. Many OWASP members do not want to leave Ukraine, some are not permitted to leave, and others have become refugees in other countries. If OWASP members need new employment, we will help connect employers with OWASP members to discuss remote and refugee hiring options. If any employers can assist, don’t hesitate to get in touch with Kelly Santalucia to organize meetings or a specific career fair. Assistance will be provided at zero cost to employers and members alike.
  • Immigration assistance. The OWASP Foundation will offer immigration letters of support so that our members can resettle in new countries if required. Letters of support have been given in the past to OWASP Members. We will need to connect with a Chapter, Event, or Project Leader to find out more, as we are not permitted to make false or misleading statements, so if a member needs this, please contact a local leader.
  • Professional references. The OWASP Foundation will provide OWASP letterhead templates to OWASP Chapter, Project, Event, and Committee Leaders with some suggested text to be translated and used for professional references. OWASP will be extending this to all Leaders shortly.
  • Standing provisions. If in the future, when things are safe, if anyone was or is affected by a membership lapse due to Force Majeure, we will work to ensure that standing is restored so they can stand for the Board.

OWASP has to prioritize OWASP Leaders and Members as we are a small organization with limited funding and resources. However, everyone is affected by Force Majeure. On a case-by-case basis, Leaders can introduce us to their chapter, event, committee, or project participants on the same basis as members, and we will try our best to assist. OWASP may perform a donation drive to affray costs if they exceed our available finances.

Economic Sanctions Update

The current economic sanctions against Russia and Belarus need a more nuanced response that reflects the fact that affected OWASP chapters and members did not personally cause the sanctions. As a non-political organization, we must respond equally to all Force Majeure events and sanctions of all types, noting the considerable variation and continuing changes in sanctions.

OWASP is not currently required to withdraw from Russia and Belarus, but how we operate will change. For economically sanctioned countries, our Members are not the reason for the crisis. They will be harmed by OWASP and our financial institutions implementing sanctions through no fault of their own. We will continue to evaluate the ever-changing sanctions.

With immediate effect:

  • We cannot process new or renewing memberships. Existing one and two-year memberships are valid until expiry. Lifetime memberships are not affected. We don’t believe there are any, but this updated policy will be applied in the future for all other economic-only sanctioned countries.
  • We cannot process any grants, sponsorships, chapter meetings, projects, or event expenses. Russian Federation and Belarus chapters, and in the future any economically sanctioned country, can continue to virtually meet if they can access our virtual meeting platforms. No new in-person meetings, activities, or events can be approved.
  • We cannot obtain insurance for meetings or events. No meetings or events can be held in person.

OWASP has been forced to withdraw from some sanctioned countries. The community must be aware that the current situation with Russia and Belarus may result in the same outcome. For more information on sanctions, please consult the policy linked above.