Rules of Procedure

Temporary COVID-19 Restrictions

Last revised December 17, 2021, by Andrew van der Stock.

Background

The OWASP Foundation is responsible for providing its community and staff with a safe environment, promoting chapter, project, and committee mission-related activity, while being financially responsible. The following restrictions are in place until they are all lifted.

Changes in temporary policy in December 2021. As a direct result of the current global surge in COVID cases and deaths, OWASP will not be approving any physical meetings or events until at least the end of January 2022. Due to the uncertainties of where the pandemic is going, The OWASP Board of Directors, at the Foundation’s urging, cancelled OWASP AppSec Dublin in June 2022. We will be replacing AppSec Dublin with a virtual event in the European timezone. More details will be coming soon.

As of December 17 2021, Omicron has spread to at least 77 countries worldwide, with infections doubling every two days. With preliminary data indicating Omicron spreads around 70 times faster than delta, hospitals are again overflowing with the unvaccinated, and worryingly, even some vaccinated who have high risk pre-existing conditions. Luckily, for the vaccinated, the outcomes of breakthrough infection is far less severe, with a 11x reduction in hospitalizations and 12x reduction in the chances of dying from COVID compared to the unvaccinated.

Scientists and medical researchers are learning more every day about Omicron, but still there are tremendous gaps in our knowledge about Omicron, and Delta is still active and still deadly for the unvaccinated. We do not know for sure the severity of Omicron symptoms, nor the the true efficacy rate of COVID-19 vaccinations against Omicron, so please assume that Omicron is deadly for the unvaccinated, and a more significant risk for the fully vaccinated, including those who have received all available boosters.

In light of the current surge and grim milestones everywhere (such as 800,000 dead in the USA alone), OWASP strongly recommends chapter, activity, and event organizers to cancel all in person events for the forseeable future, and certainly to the end of January 2022. If you choose to run meetings, events, or activities after February 2022, you must adhere to WHO small meeting guidelines (see below), which includes mandatory Meetup RSVP checks, mandatory mask wearing, social distancing, and reduced numbers. If you have a chance to meet outside (such as in the southern hemisphere, where it is now summer), please do so.

On a personal note, if you’re not yet vaccinated or had your boosters, please get vaccinated or boosted as soon as you can (assuming it’s available in your area). I want everyone to have a fantastic and healthy holiday season, and for the entire world to get going again. We can only go back to normal once the overwhelming majority of us are fully vaccinated and boosted. We’re in this together. ^ajv.

tl;dr

Safety is paramount, with activity and financial health as secondary concerns. The following regularly reviewed restrictions apply until further notice:

  • In most cases, physical events should be postponed or not held at this time
  • If you decide to hold a physical meeting, activity, or event, you must get pre-approval, your meeting or event must follow the requirements set out below, and where possible, it should be a hybrid (physical/online) meeting. If you had a pre-approved meeting during December - January 2022, we will be contacting you to see if you can postpone.
  • Fully virtual events remain the preferred method of meeting OWASP provides free access to virtual meeting rooms, training, and webinar facilities for up to 1000 attendees. Virtual meetings have no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at https://contact.owasp.org
  • OWASP continues to prohibit meetings, activities, or events in jurisdictions that prohibit mandatory masking, prohibit checking or requiring proof of vaccination, or providing a recent negative COVID test.
  • Expenses are now governed by the approved Expenses policy, with the following exception to periodic payments. Pre-approval for periodic paymenst will not be approved for any monthly subscription, software, event or meeting space, or any other recurring payments. We don’t have recurring income to support recurring payments.
  • All travel expenses require pre-approval. Travel is extraordinarily unlikely to be approved due to the pandemic or OWASP’s financial position. See below for more details if you want to travel.

Depending on your country or region, please don’t assume that something can’t happen. Please talk to us about your region’s COVID situation and apply for an exemption if you need one.

Physical Events

December 2021: Any in person meetings, activities, or events planned for December 2021 or January 2022 should be cancelled. Please work with us to reschedule your meeting, activity, or event.

If you are permitted by local regulations, and your local regulations don’t prohibit our mandatory meeting safety requirements, and you feel safe to hold an in-person meeting, OWASP requires all approved physical events to follow WHO COVID small event guidelines, which means:

  • Always check local guidelines before planning your event.
  • Brief guests about precautions before the event starts; during the event, remind guests of these precautions and ensure they are followed
  • Choose outdoor venues over indoor spaces. If indoors, ensure the area is well-ventilated and social distancing is required
  • Minimize crowding by staggering arrivals and departures, numbering entries, designating seats/places, and marking the floor to ensure physical distancing between people of at least one meter (three feet).
  • Provide all necessary supplies – hand hygiene stations, hand sanitizer or soap and water, tissues, closed-lid bins, distance markers, masks. Hygeine and PPE are pre-approved expense types below $250.

Additionally:

  • If you feel unsafe, feel uncomfortable screening attendees, worry about confrontations, or being around folks who may be COVID positive, do not hold in-person events
  • Stay home if you feel unwell. Include in the RSVP that attendees stay home if they are unwell.
  • Continue to live stream (hybrid) meetings online so that people who do not wish or cannot attend in person can still participate

Physical Event RSVP Questions

The OWASP Foundation requires all attendees to pass temperature screening and COVID symptom check before entrance, and to wear masks and follow social distancing at all times during the event.

Please use the new Meetup COVID screening functionality to require registrants to agree to mask and symptom checks. You may be required by your local jurisdiction to enforce vaccination status, so enable that feature if so, or if you wish to require all attendees be vaccinated. OWASP strongly urges all organizers to require organizers and participants be fully vaccinated to attend in person events, but does not currently require it.

Meetup COVID Screening

Please select:

  • Masks required (mandatory)
  • COVID-19 Vaccination Required (optional, but strongly recommended)
  • Indoor or outdoor per your meeting location (mandatory)

If you do not use Meetup, you will need to do something similar in your chosen platform or manually within the event RSVP itself.

Physical Event Entrance Screening

  • MANDATORY You must screen attendees for fever temperatures (above 38 C, 100 F) and ask symptom questions prior to entry. Require unwell people to go home or seek medical care. Stay home if you cannot pass this test. Please print the first page and familiarize yourself with the rest of the document. Use the checklist to ask attendees to attest that they haven’t had those symptoms.

OWASP Temperature Screening Checklist

  • MANDATORY: Masking and social distancing. Physical events must follow all WHO COVID small event guidelines. Attendance at OWASP events includes mandatory masking, social distancing, well-ventilated rooms, markings, even in regions with high vaccination rates or low COVID transmission, hospitalizations, or deaths.
  • MANDATORY Do not record or store any medical data. OWASP cannot securely or compliantly hold medical records or status.
  • RECOMMENDED: Vaccination status checks. Where local regulations permit or mandate, you may ask or be required to see vaccination status or a recent negative COVID test at the entrance. If you are mandated or require either fully vaccinated or a recent negative COVID test, put these requirements in the RSVP, so attendees can bring the appropriate information with them. It is strongly recommended that all organizers require fully vaccinated status to RSVP, but for now, this is not required.

Under no circumstances do not get into confrontations. If you feel unsafe, please call law enforcement immediately, or ask the location’s staff to call the police for trespass.

No meetings permitted where COVID controls are prohibited

You are NOT permitted to hold meetings, activities, or events in jurisdictions that prohibit private organizations from:

  • enforcing entrance screening requirements; or
  • requiring masks; or
  • requiring social distancing in indoor venues; or
  • prohibit checking vaccination status or a COVID negative test within the last 72 hours.

This is due to escalating violence when trying to enforce mask mandates or vaccination requirements, which represents unbounded risk to OWASP, high risk to organizers who might be injuried or worse, or attendees who might contract COVID, and fall severely ill or die. Previously, we permitted pre-approval exemptions. As of November 1, 2021, there will be no exceptions to this policy, and it may become a permanent part of OWASP’s chapter or event policies.

Exactly like the virus, OWASP is non-political. We urge affected OWASP leaders and members to reach out to their law makers to rescind any such laws or regulations that stops local meetings, events, or activities. We need to get back to normal, and these laws do not help in any way. These regulations or laws have lead to violence, and may lead to disease and death for those who are just trying to organize or attend a local meeting, activity, or event.

NB: OWASP is a Delaware, USA and Belgian/EU not for profit entity, and therefore most of these local laws or regulations do not apply to OWASP as a private organization. Talk to us before assuming you cannot hold a meeting. However, your safety comes first.

What is OWASP’s position on vaccination?

OWASP strongly recommends that all event organizers, volunteers, and participants are fully vaccinated against COVID-19 to protect against severe illness or death.

As a global organization, we understand that obtaining vaccination may not be possible at this time. However, we encourage everyone to get vaccinated as soon as they can or are eligible.

Travel is strongly discouraged

Do not make plans to travel, as travel in 2021 and most of 2022 is unlikely to be approved.

Travel pre-approval is required, and will require that you demonstrate the following:

  • You have obtained sponsorship for all travel and incidental costs (if any)
  • You have demonstrated that your travel plans and destination have no travel restrictions. For example, driving to an event in a COVID-free country, domestic travel with no travel restrictions or differences in COVID status, or that there’s a travel bubble between your departure location and destination.
  • You agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvency, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death, or similar are explicitly excluded and will not be pre-approved or paid.
  • Many countries require vaccination or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements.
  • You must obtain sufficient travel insurance to cover typical travel insurance cover, including medical evacuation or death. Travel insurance will only be reimbursed if covered by sponsorship.

Monthly Review of Restrictions

The OWASP Executive Director will review these restrictions monthly in concert with the community and the OWASP Board. We will communicate these restrictions and any changes via OWASP’s social media, website, leaders list, and the OWASP Community Slack in the #leaders channel and pin.

We welcome comments from the community and the OWASP Board on the detail of these restrictions and any improvements. Please log a GitHub issue to suggest a change for the next month.

If this temporary restriction has not been updated in the last 90 days, it is no longer in effect, and standard policies apply.

If you have any questions, please get in touch with Andrew van der Stock to discuss. Office Hours are available in several time zones.