Rules of Procedure

Temporary COVID-19 Restrictions

Last revised July 30, 2021, by Andrew van der Stock.


OWASP is responsible for providing its community and staff with a safe environment, promoting chapter, project, and committee mission-related activity, while being financially responsible. The following restrictions are in place until they are all lifted.

During July 2021, the overall COVID situation has changed dramatically in many countries, with widespread community transmission, severe illness and death amongst the unvaccinated from the delta variant. Vaccine availability and rates in many parts of the world still far behind where it needs to be.

This month, we tighten our requirements for physical meetings, with a strong recommendation that you cancel existing and make no plans to hold physical events for the time being. We go back to requiring masks, social distancing, and so on for all events. We also prohibit holding events in jurisdictions that prohibit mandatory masking, checking or requiring proof of vaccination, or a recent negative COVID test. This is due to unbounded risk to OWASP, and high risk to attendees who might contract COVID, fall severely ill or die.

Depending on your country or region, please don’t assume that something can’t happen. Please talk to us about your region’s COVID situation and apply for an exemption if you need one.

On a personal note, if you’re not yet vaccinated, please get vaccinated if or as soon as you can. I want everyone to stop becoming unnecessarily deathly ill or dying, and for the world to get going again. The world can only go back to normal once the overwhelming majority of us are fully vaccinated. We’re in this together. ^ajv.


Safety is paramount, with activity and financial health as secondary concerns. The following regularly reviewed restrictions apply until further notice.

  • Virtual events remain the preferred method of meeting OWASP provides free access to virtual meeting rooms, training, and webinar facilities for up to 1000 attendees. Virtual meetings have no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at
  • Physical events should be postponed or not held at this time. If you are still holding a physical event, you must get pre-approval and follow the requirements set out below.
  • Meetings, activities, and events are not permitted without pre-approval in jurisdictions with prohibitions against mandatory masking, or prohibitions against businesses requiring vaccination status checks, prohibition against the use of vaccine passports, or proof of a recent negative COVID test.
  • Chapter-related expenses over $250 require pre-approval and will only be approved for chapter, project, committee, or event-related expenses. The Grants policy or applying for a regional event is likely to be better choices for larger expenses.
  • No monthly, software, periodic, or subscription event space, or other recurring payments are permitted as OWASP’s income is down over 80% compared to 2019
  • Travel expenses require pre-approval. Travel is extraordinarily unlikely to be approved due to OWASP’s financial position. See below for more details if you want to travel.

Physical Events

Sadly, it seems that the delta variant is ravaging unvaccinated populations. This new surge means a return to virtual events for the time being. However, as no one rule fits all, there are always exceptions.

As of August 1, 2021, if you want to hold an in-person meeting, OWASP requires all approved physical events to follow WHO COVID small event guidelines, which means:

  • Always check local guidelines before planning your event.
  • Brief guests about precautions before the event starts; during the event, remind guests of these precautions and ensure they are followed.
  • Choose outdoor venues over indoor spaces – if indoors, ensure the area is well-ventilated.
  • Minimize crowding by staggering arrivals and departures, numbering entries, designating seats/places, and marking the floor to ensure physical distancing between people of at least one meter (three feet).
  • Provide all necessary supplies – hand hygiene stations, hand sanitizer or soap and water, tissues, closed-lid bins, distance markers, masks.


  • Continue to live stream (hybrid) meetings online so that people who do not wish to attend, or cannot attend in person, can still participate.
  • If you feel unsafe, feel uncomfortable screening attendees, worry about confrontations, or being around folks who may be COVID positive, do not hold in-person events.
  • Stay home if you feel unwell. Include in the RSVP that attendees stay home if they are unwell.

Physical Event RSVP waiver question

Please add the following text as an RSVP question in Meetup: “If attending in person, I acknowledge that I do so at my own risk. OWASP recommends all participants be fully vaccinated before attending in-person events to reduce the risk of severe illness or death.”

Physical Event Entrance Screening

As of August 1, 2021, delta variant infection of fully vaccinated individuals is not well understood, so we return to mandatory masking and social distancing requirements.

  • MANDATORY Please continue to screen for temperature and ask symptom questions. Require unwell people to go home. Stay home if you cannot pass this test. Please print the first page and familiarize yourself with the rest of the document. Use the checklist to ask attendees to attest that they haven’t had those symptoms. Require unwell people to go home and seek medical care.

OWASP Temperature Screening Checklist

  • MANDATORY: Masking and social distancing. Resuming August 1, 2021, physical events must follow all WHO COVID small event guidelines. Attendance at OWASP events includes mandatory masking, social distancing, well-ventilated rooms, markings, even in regions with high vaccination rates or low COVID transmission, hospitalizations, or deaths.
  • MANDATORY Do not record or store any medical data. OWASP cannot securely or compliantly hold medical records or status.
  • RECOMMENDED: Vaccination status checks. Where local regulations permit or mandate, you may ask or be required to see vaccination status or a recent negative COVID test at the entrance. If you are mandated or require either fully vaccinated or a recent negative COVID test, put these requirements in the RSVP, so attendees can bring the appropriate information with them.

NB: If your region, state, or country prohibits mandatory masking, verifying vaccine passports, or viewing vaccination records or recent negative COVID tests to attend meetings or events, starting August 1, 2021, OWASP prohibits holding in-person meetings without pre-approval. No one can obtain COVID insurance. Therefore, OWASP cannot hold events in these jurisdictions as the health risks are too great for leaders and participants, and the liability, financial, and legal risks to OWASP are too risky for a non-profit organization.

Under no circumstances do not get into confrontations. If you feel unsafe, please call law enforcement immediately, or ask the location’s staff to call the police for trespass.

We will continue to review the situation and adjust accordingly.

What is OWASP’s position on vaccination?

OWASP strongly recommends that all event organizers, volunteers, and participants are fully vaccinated against COVID-19 to protect against severe illness or death.

As a global organization, we understand that obtaining vaccination may not be possible at this time. However, we encourage everyone to get vaccinated as soon as they can or are eligible.

Expense Approval criteria

Once the new expenses policy is approved, many of these bullet points go away as they become the standard way of processing expenses.

  • Expenses under $250 do not require pre-approval. A single leader may submit them for any valid chapter, project, committee, or event expense with a valid receipt.
  • Expenses above USD 250 require pre-approval, dual leader approval (or leader + relevant committee if only one leader), and a valid receipt. OWASP will not pay unapproved expenses above USD 250
  • Expenses must have a short explanation of why the expenses are relevant to your chapter, project, or event. Good: “Food & beverage for February 2021 OWASP Sunnydale chapter meeting.” Bad: “Catering”
  • During COVID, PPE such as disposable masks, no-touch thermometers, sanitization, and cleaning supplies are fair and reasonable expenses when holding physical events.
  • Physical gathering event spaces must be per meeting or event only and be related to a chapter, event, committee, or project.
  • Shared working spaces will not be reimbursed without pre-approval
  • Physical gathering expenses must have occurred to be paid.
  • Donations, sponsorships, or funding to external organizations require pre-approval and are unlikely to be approved.
  • Periodic subscriptions, software subscriptions, physical space subscriptions, or recurring monthly or annual fees of any type are not permitted without pre-approval
  • Expenses relating to shared services that the Foundation already provides to leaders, chapters, events, and projects for free cannot be reimbursed, such as Meetup Pro, Github Pro, GSuite Apps, Zoom, and similar
  • Expenses relating to vaccination, testing, or quarantine will not be reimbursed and are at your own expense.
  • If you do not have pre-approval for a physical gathering, no expenses will be paid, including PPE.

Travel is unnecessary and discouraged

Do not make plans to travel, as travel in 2021 and most of 2022 is unlikely to be approved. Pre-approval will require that you demonstrate the following:

  • You have obtained sponsorship for all travel and incidental costs (if any)
  • You have demonstrated that your travel plans and destination have no travel restrictions. For example, driving to an event in a COVID-free country, domestic travel with no travel restrictions or differences in COVID status, or that there’s a travel bubble between your departure location and destination.
  • You agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvency, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death, or similar are explicitly excluded and will not be pre-approved or paid.
  • Many countries require vaccination or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements.
  • You must obtain sufficient travel insurance to cover typical travel insurance cover, including medical evacuation or death. Travel insurance will only be reimbursed if covered by sponsorship.

Monthly Review of Restrictions

The OWASP Executive Director will review these restrictions monthly in concert with the community and the OWASP Board. We will communicate these restrictions and any changes via OWASP’s social media, website, leaders list, and the OWASP Community Slack in the #leaders channel and pin.

We welcome comments from the community and the OWASP Board on the detail of these restrictions and any improvements. Please log a GitHub issue to suggest a change for the next month.

If this temporary restriction has not been updated in the last 90 days, it is no longer in effect, and standard policies apply.

If you have any questions, please get in touch with Andrew van der Stock to discuss. Office Hours are available in several time zones.