Rules of Procedure

Temporary Covid Restrictions

Last revised April 30, 2021 by Andrew van der Stock


OWASP is responsible for providing its community and staff with a safe environment, promoting Chapter, project, and committee mission-related activity, whilst being financially responsible. The following restrictions are in place until they are all lifted. Depending on your country or region, please don’t assume that something can’t happen. Please talk to us about your region’s COVID situation and apply for an exemption if you need one.

With the recent availability of various vaccines for COVID, we are starting to see a tremendous drop in hospitalizations and deaths, but a worrying trend in certain countries and with certain populations who are vaccine hesitant delaying substantial return to normality. We look forward to welcoming back in-person physical events, including LASCON later in 2021. However, with some locales and states relaxing necessary health guidance too quickly, hospitalizations and deaths have increased again. In early April 2021, the physical event section was re-written to follow US CDC event guidelines, including event hygeine and COVID pre-screening. This guidance applies globally with only a few exceptions until more countries have COVID levels similar to Australia or New Zealand.


Safety is paramount, with activity and financial health as secondary concerns. The following regularly reviewed restrictions apply until further notice.

  • Virtual events remain the preferred method of meeting OWASP provides free access to virtual meeting rooms, training, and webinar facilities for up to 1000 attendees at no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at
  • Activity Requirements You need to meet at least 3 times between April 1, 2021 and March 31, 2022 to considered active
  • Exemptions Chapters or events being planned in COVID free or high herd immunity countries or regions may apply for long term and broad exemptions to these temporary COVID restrictions
  • Physical gatherings must follow US CDC guidelines We chose the US CDC guidelines to apply globally. Reviewing and requiring 200+ different guidelines is unrealistic, bordering on impossible. Using a single policy is the easiest way to ensure your physical gathering will not create undue risk for yourself, your attendees, and OWASP as a whole. See below if you want to meet physically
  • Chapter-related expenses are $250, over $250 requires pre-approval, and will only be approved for Chapter, project, committee, or event-related expenses. The draft Grants policy might be a better choice for you
  • No monthly, software, periodic, or subscription event space, or other recurring payments are permitted as OWASP’s income is down over 80% compared to 2019
  • Travel expenses require pre-approval. Travel is extraordinarily unlikely to be approved due to OWASP’s financial position. See below for more details if you want to travel.

Pre-approvals in COVID free and low COVID restriction regions

Where your region or country has become either COVID free, has a high vaccination rate, limited COVID cases, or has achieved herd immunity, pre-approvals can be given for either indefinite periods or quarterly pre-approval to avoid having to apply for each and every meeting when the spread of COVID has been successfully curtailed. You must demonstrate that local health authorities have lifted all gathering limits to get indefinite pre-approval.

Chapter Minimum Activity Requirements

After April 1, 2021, Chapters must meet three times a year to be considered active. Any combination of virtual or physical meetings, local activities, local events, social events, or regional events organized by the chapter leadership will be considered activity as long as it appears either on the Chapter’s home page (if not using Meetup) or on their Meetup Pro account.

Expense Approval criteria

  • Expenses under $250 do not require pre-approval and may be submitted by a single leader for any valid chapter, project, committee, or event expense
  • Expenses above $250 USD require pre-approval and dual leader approval (or leader + relevant committee if only one leader). Do not incur expenses over $250 without pre-approval, as it will not be paid
  • Expenses must have a short explanation of why the expenses are relevant to your Chapter, project, or event. Good: “Food & beverage for February 2021 OWASP Sunnydale chapter meeting.” Bad: “Catering
  • Expenses must have a receipt or invoice
  • During COVID, PPE such as disposable masks, no-touch thermometers, sanitization, and cleaning supplies are fair and reasonable expenses when holding physical events
  • Physical gathering event spaces must be per meeting or event only and be related to a chapter, event, committee, or project
  • Shared working spaces will not be reimbursed without pre-approval
  • Physical gathering expenses must have occurred to be paid
  • Donations, sponsorships, or funding to external organizations require pre-approval and are unlikely to be approved
  • Periodic subscriptions, software subscriptions, physical space subscriptions, or recurring monthly or annual fees of any type are not permitted without pre-approval
  • Expenses relating to shared services that the Foundation already provides to leaders, chapters, events, and projects for free cannot be reimbursed, such as Meetup Pro, Github Pro, GSuite Apps, Zoom, and similar
  • Expenses relating to vaccination, testing, or quarantine will not be reimbursed and are at your own expense.

If you do not have pre-approval for a physical gathering, no expenses will be paid, including for PPE.

Running a physical event

We all want to welcome back physical gatherings, such as chapter meetings, local activities or events, and regional conferences. However, OWASP cannot obtain COVID insurance at any price. As such, it cannot offer you coverage if you or someone at your meeting becomes unwell, hospitalized, or dies. Therefore, we must take precautions to prevent a COVID super-spreader event that may lead to many people falling ill or dying.

  • Follow US CDC COVID event guidelines for physical gatherings Some states, regions, and countries have relaxed COVID safe health mandates far too early for non-health / non-science reasons and are seeing a resurgence in COVID cases and deaths and associated hard lockdowns as a direct result. We can safely re-open in 2021 by demonstrating we have a COVID plan, following best practices, and allowing for contact tracing if the worst happens. As a result, OWASP physical gatherings must regularly review and follow the latest US CDC guidelines. These change regularly and rapidly, and so you must review these and apply the latest advice before your event. Do not make assumptions about what they say, as event densities may change day to day depending on what’s happening with surges or improvements in the population.
  • Masks, temperature and symptom checks, social distancing, and PPE provision (masks, sanitizer, wipes, and so on), are mandated at OWASP events Chapter leaders and event organizers should use the OWASP standard screening checklist or similar at the physical entry to screen arriving attendees before allowing them to enter the event. Fully vaccinated individuals at socially distant outdoor activities can choose to not wear a mask, but with the likelihood that many are still unvaccinated and no universal “vaccine passport” as of the time of writing, please reduce the risk by asking all attendees at even outdoor events to wear a mask, vaccinated or not. Please help us return to normal by getting a vaccine if one is available to you.
  • Get protected and stay safe If possible, meeting and event organizers - particularly those screening the attendees - should have no known underlying conditions or be at a higher risk for COVID. OWASP encourages screeners and meeting organizers to get vaccinated as soon as they can, but in the meantime take all necessary precautions. If you feel unsafe, do not organize the event.
  • Contract Tracing You must have a record of attendees to allow contact tracing in case of being notified by an individual that they became unwell during or after the event. RSVPs are required to attend all OWASP physical events for the foreseeable future. It would be best if you did not allow anonymous or unknown individuals to attend. Meetup Pro RSVPs are an acceptable method of tracking attendance. If you do not use Meetup Pro, you are required to demonstrate that you can contact all attendees of your events. You are permitted to privately record the individual’s contact details for official contact tracers. You should destroy these details within 30 days. Do not share this contact information with anyone other than official contact tracers.
  • If someone becomes unwell If someone becomes unwell at an event, seek medical assistance as necessary. At or immediately after the event, inform all RSVP’d attendees that they may have been in contact with an unwell person. Advise everyone to isolate and get tested as soon as possible. It would be best to inform the Foundation of this as we may need to assist local authorities with contact tracing. Please do not include any medical information or symptoms other than that they became unwell, and notification is required.
  • No medical records DO NOT KEEP medical records - OWASP has no method of safely storing sensitive personal health information. You should not seek medical records or information from attendees other than the COVID symptom checklist. Do not record the answers, but instead decide if they can stay or need to go home. If a country has a vaccine passport, you are permitted to verify the vaccine passport per local laws governing their use, but not keep records of the result.
  • COVID vaccination apps/records permitted If your country or region has an official COVID vaccination “passport” app or vaccination record, individuals can choose to show that they’ve been fully vaccinated, which then takes the place of the temperature check/symptoms checklist
  • Regularly clean the event location Although recent scientific results suggests that surfaces are less likely to transmit COVID-19, please still enquire with the event location to ensure they have clear COVID cleanliness protocols or adhere to CDC event guidelines. If the event location does not provide these protocols, particularly around bathrooms, consider choosing a different location. Please follow the CDC guidelines for regular cleaning and disinfecting high-touch surfaces, such as podiums and registration desks. This restriction may be removed if it is also lifted in the main CDC event guidance.
  • Refunds for paid events for failure to screen or are unwell Suppose an attendee has paid to attend a physical event and fails either a temperature check or the screening questions or refuses to comply with the screening or adhere to these restrictions. In that case, they must not enter or attend the event. Please do not let the attendee enter the event and ask the attendee to go home. Please encourage them to isolate and get tested as soon as possible if they have COVID symptoms. If they leave voluntarily, please work with the Foundation to refund their event fee in full. Please respect the individual’s privacy as much as you can in these interactions and emails - do not post to public lists or similar
  • No refund for refusing to screen, refusing to follow these guidelines, or improperly or not wearing a mask If an attendee chooses not to follow guidelines, refuses to screen, or refuses to wear a mask over the mouth and nose, they must be refused entry. Please make this policy clear in the event details and the RSVP for the event. Event organizers must ask attendees who do not follow guidelines or mask mandates to leave, and can do so at any time during the event, for example, if they remove their masks after entry. If attendees refuse to leave, please work with your local authorities to have them removed. In most countries, refusing to leave private property or a private event is considered trespass rather than a mask or health issue, so please report it as such to the local authorities. Stay calm and do not get physically involved with the individual to remove them. Let the authorities handle the situation. If the person will not or cannot be removed, the meeting must end and clarify to all attendees why the event is ending. Work with the Foundation to reschedule or refund the event for the other attendees. Individuals who refuse to comply with these guidelines are not eligible for a refund. They may have their OWASP membership suspended if law enforcement becomes involved in their removal and especially if the meeting has to be abandoned.
  • No COVID event insurance Physical gatherings are held at your own risk, and all participants must also agree to that. Please make sure that you put this in the event RSVP to gather acceptance from participants and make an announcement at the start of each event so folks can leave if they don’t feel comfortable.

Travel is unnecessary and discouraged

Do not make plans to travel. Pre-approval will require that you demonstrate the following:

  • You have obtained sponsorship for all travel and incidental costs (if any)
  • You have demonstrated that your travel plans and destination have no travel restrictions, such as driving to an event in a COVID free country, domestic travel with no travel restrictions or differences in COVID status, or that there’s a travel bubble between your departure location and destination
  • That you agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvency, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death, or similar are explicitly excluded and will not be pre-approved or paid.
  • Many countries require vaccination or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements.
  • You must obtain sufficient travel insurance to cover typical travel insurance cover, including medical evacuation or death. Travel insurance will only be reimbursed if covered by sponsorship.

COVID Temporary Restrictions and Finance Reform Expenses Policy

OWASP is undergoing fundamental finance reform. In 2020, we operated the expense system exactly as we propose the new finance reform will operate. Expenses have a cap of $250 USD per request and must be related to your Chapter, event, committee, or project. Submit a chapter reimbursement request and adhere to the approval guidelines below, and you’ll get reimbursed. Expenses over $250 must be pre-approved by the Foundation and require two leaders to approve.

Monthly Review of Restrictions

These restrictions will be reviewed by the Executive Director monthly in concert with the OWASP Board. We welcome comments from the community and the OWASP Board on the detail of these restrictions and any improvements. Please log a GitHub issue to suggest a change for the next month.

We will communicate these restrictions and any changes via OWASP’s social media, website, leaders list, and the OWASP Community Slack in the #leaders channel and pin.

If this temporary restriction has not been updated in the last 90 days, it is no longer in effect, and standard policies apply.

If you have any questions, please contact Andrew van der Stock, [email protected] to discuss. Office Hours are available in several time zones: