Rules of Procedure

COVID-19 Restrictions (Draft WIP)

This is a DRAFT or SUBSTANTIALLY MODIFIED existing policy currently in an open review period.

Members are invited to provide feedback on this draft policy until August 18, 2022. The Policy Review Team will respond to comments mailed from your email address to this address.


The OWASP Foundation is responsible for providing its community and staff with a safe environment, promoting chapter, project, and committee mission-related activity, while being financially responsible.

As a global society, we need to start living with COVID as an endemic issue in our community. This means implementing basic health precautions at events, such as recommending masks, symptom screening, social distancing, or adhering to local health authority requirements or recommendations.


  • Fully virtual or hybrid events remain the preferred method of meeting.

  • Physical events do not require pre-approval if you follow basic health guidance or your local jurisdiction’s requirements if they are stronger.

  • Physical events require pre-approval in jurisdictions that prohibit private businesses from following health precautions.

  • You have to enforce proof of vaccination if required in your jurisdiction. Chapter and Event leaders are permitted to require proof of vaccination.

  • Standard expense policy applies, except for periodic payments and subscriptions which are prohibited.

  • All travel expenses require pre-approval.

Virtual Events

OWASP provides free access to virtual meeting rooms, training, and webinar facilities for up to 1000 attendees. Virtual meetings have no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at

Physical Events

You must follow either the WHO COVID small event guidelines or your local health authority’s requirements, whichever is the stronger. For example, if your local health authority does not permit meeting, you cannot meet, or if they limit attendance, you can only have that amount of attendees. If the opposite is true, where local regulations try to prohibit these basic requirements, please see the pre-approval process below.

Summarizing this advice:

“Make your event as safe as possible for guests. Keep it small and short. Encourage people to wear masks and ensure enough space for each guest to maintain at least a 1-metre distance from others. Help your guests follow COVID-19 prevention measures: provide masks, alcohol-based hand sanitizer or access to soap and water, tissues and bins with lids that close. Consider hosting your event in a well-ventilated outdoor space. The virus that causes COVID-19 spreads easily indoors, especially in poorly ventilated settings. Outdoor venues are safer than indoor spaces.”

Additionally, on the invite/registration and at the door, please ask attendees to:

  • Socially distance;
  • Recommend wearing masks;
  • Avoid crowded or poorly ventilated areas;
  • Cover coughs and sneezes with bent elbow or tissues; and
  • Clean your hands frequently

Ask attendees to adhere to the safety measures or requirements at the meeting. Continue to live stream (hybrid) meetings online so that people who do not wish or cannot attend in person can still participate.

Do I have to enforce vaccine mandates, or can I require vaccinations at my meeting or event?

OWASP supports fully vaccinated events. They increase attendance and reduce the risk to attendees, participants, and sponsors.

  • If your country or jurisdiction requires proof of vaccination upon entry, you have to do so. OWASP cannot eliminate that requirement.
  • Chapter and Event Leaders are permitted to require proof of vaccination elsewhere. At this time, it is strongly recommended but not required.

OWASP still recommends masking and social distancing at fully vaccinated events, but we do not require it if you are permitted by local health authorities to relax these controls.

Pre-approval required where COVID controls are prohibited

OWASP cannot obtain insurance coverage for COVID-related illness, injury, or death, so we cannot permit meetings or events where we cannot require basic health measures, such as masking or social distancing. Attending meetings is entirely at the attendees own risk, but we need to minimize that known risk by taking recognized and necessary precautions.

If your local jurisdiction attempts to prevent private businesses such as OWASP from requiring the WHO small gathering guidelines, you must apply for annual pre-approval. Pre-approval will be given only if you agree to uphold the basic health measures as detailed above.

NB: OWASP is a Delaware, USA and Belgian/EU not for profit entity, and therefore most of these local laws or regulations do not apply to OWASP as a private organization.

If attendees have agreed on the registration form that they will abide by these rules and do not at the event, do not get into physical confrontations. Please ask them to leave, and if necessary work with the venue to have them removed by local authorities for trespass. Physical safety, including from COVID, must come first.


Expenses are governed by the approved Expenses policy. During the pandemic, PPE such as masks and sanitizer are permitted.

Pre-approval for periodic payments will not be approved for any monthly subscription, software, event or meeting space, or any other recurring payments.


Do not make plans to travel.

Travel pre-approval is required, and will require that you demonstrate the following:

  • You have obtained sponsorship for all travel and incidental costs (if any)
  • You have demonstrated that your travel plans and destination have no travel restrictions, or that you have complied with them (such as being fully vaccinated)
  • You agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvency, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death, or similar are explicitly excluded and will not be pre-approved or paid.
  • Many countries require vaccination or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements or pay for testing or vaccination.
  • You must obtain sufficient travel insurance to cover typical travel insurance coverage, including medical evacuation or death. Travel insurance will only be reimbursed if covered by sponsorship.