Rules of Procedure

Temporary COVID-19 Restrictions

Last revised September 30, 2021, by Andrew van der Stock.


The OWASP Foundation is responsible for providing its community and staff with a safe environment, promoting chapter, project, and committee mission-related activity, while being financially responsible. The following restrictions are in place until they are all lifted.

During September 2021, the latest COVID surge is starting to peak, with widespread community transmission, severe illness and death amongst the unvaccinated from the delta variant. Vaccine availability and rates in many parts of the world still far behind where it needs to be. Therefore, we continue our strong recommendation that you cancel existing physical events, and make no plans to hold in person meetings, activities, or events for the time being.

If you do hold a physical meeting or event, we mandate the use of screening and masks, social distancing, and so on for all events. We continue to prohibit holding meetings or events in jurisdictions that prohibit mandatory masking, prohibit checking or requiring proof of vaccination or providing a recent negative COVID test. This is due to unbounded risk to OWASP, and high risk to attendees who might contract COVID, fall severely ill or die.

Depending on your country or region, please don’t assume that something can’t happen. Please talk to us about your region’s COVID situation and apply for an exemption if you need one.

On a personal note, if you’re not yet vaccinated, please get vaccinated if or as soon as you can. I want everyone to stop becoming unnecessarily deathly ill or dying, and for the world to get going again. The world can only go back to normal once the overwhelming majority of us are fully vaccinated. We’re in this together. ^ajv.


Safety is paramount, with activity and financial health as secondary concerns. The following regularly reviewed restrictions apply until further notice.

  • Virtual events remain the preferred method of meeting OWASP provides free access to virtual meeting rooms, training, and webinar facilities for up to 1000 attendees. Virtual meetings have no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at
  • Physical events should be postponed or not held at this time. If you are still holding a physical event, you must get pre-approval and follow the requirements set out below.
  • Due to unmanageable risk, meetings, activities, or events are not permitted without pre-approval in jurisdictions with prohibitions against mandatory masking, or prohibitions against businesses requiring vaccination status checks, prohibition against the use of vaccine passports, or proof of a recent negative COVID test.
  • Expenses are now governed by the approved Expenses policy, with the following exception to periodic payments: no monthly, software, periodic, or subscription event space, or other recurring payments will be pre-approved and are not permitted.
  • No monthly, software, periodic, or subscription event space, or other recurring payments are permitted, as OWASP’s income and expenses are very limited due to COVID
  • All travel expenses require pre-approval. Travel is extraordinarily unlikely to be approved due to OWASP’s financial position. See below for more details if you want to travel.

Physical Events

NB: If your region, state, or country prohibits mandatory masking, verifying vaccine passports, or viewing vaccination records or recent negative COVID tests to attend private meetings or events, starting August 1, 2021, OWASP prohibits holding in-person meetings without pre-approval.

No one can obtain COVID insurance. Therefore, OWASP cannot hold events in these jurisdictions as the health risks are too great for leaders and participants, and the liability, financial, and legal risks to OWASP are too risky for a non-profit organization.

If you are permitted by local regulations, and your local regulations don’t prohibit our mandatory meeting safety requirements, and you feel safe to hold an in-person meeting, OWASP requires all approved physical events to follow WHO COVID small event guidelines, which means:

  • Always check local guidelines before planning your event.
  • Brief guests about precautions before the event starts; during the event, remind guests of these precautions and ensure they are followed.
  • Choose outdoor venues over indoor spaces – if indoors, ensure the area is well-ventilated.
  • Minimize crowding by staggering arrivals and departures, numbering entries, designating seats/places, and marking the floor to ensure physical distancing between people of at least one meter (three feet).
  • Provide all necessary supplies – hand hygiene stations, hand sanitizer or soap and water, tissues, closed-lid bins, distance markers, masks.


  • Continue to live stream (hybrid) meetings online so that people who do not wish to attend, or cannot attend in person, can still participate.
  • If you feel unsafe, feel uncomfortable screening attendees, worry about confrontations, or being around folks who may be COVID positive, do not hold in-person events.
  • Stay home if you feel unwell. Include in the RSVP that attendees stay home if they are unwell.

Physical Event RSVP waiver question

Please add the following text as an RSVP question in Meetup: “If attending in person, I acknowledge that I do so at my own risk. OWASP recommends all participants be fully vaccinated before attending in-person events to reduce the risk of severe illness or death. The OWASP Foundation requires all attendees to pass a temperature screening and COVID symptom check, to wear masks at all times, and follow social distancing at the event.”

Physical Event Entrance Screening

  • MANDATORY Please continue to screen for temperature and ask symptom questions. Require unwell people to go home. Stay home if you cannot pass this test. Please print the first page and familiarize yourself with the rest of the document. Use the checklist to ask attendees to attest that they haven’t had those symptoms. Require unwell people to go home and seek medical care.

OWASP Temperature Screening Checklist

  • MANDATORY: Masking and social distancing. Resuming August 1, 2021, physical events must follow all WHO COVID small event guidelines. Attendance at OWASP events includes mandatory masking, social distancing, well-ventilated rooms, markings, even in regions with high vaccination rates or low COVID transmission, hospitalizations, or deaths.
  • MANDATORY Do not record or store any medical data. OWASP cannot securely or compliantly hold medical records or status.
  • RECOMMENDED: Vaccination status checks. Where local regulations permit or mandate, you may ask or be required to see vaccination status or a recent negative COVID test at the entrance. If you are mandated or require either fully vaccinated or a recent negative COVID test, put these requirements in the RSVP, so attendees can bring the appropriate information with them.

Under no circumstances do not get into confrontations. If you feel unsafe, please call law enforcement immediately, or ask the location’s staff to call the police for trespass.

What is OWASP’s position on vaccination?

OWASP strongly recommends that all event organizers, volunteers, and participants are fully vaccinated against COVID-19 to protect against severe illness or death.

As a global organization, we understand that obtaining vaccination may not be possible at this time. However, we encourage everyone to get vaccinated as soon as they can or are eligible.

Travel is strongly discouraged

Do not make plans to travel, as travel in 2021 and most of 2022 is unlikely to be approved.

Travel pre-approval is required, and will require that you demonstrate the following:

  • You have obtained sponsorship for all travel and incidental costs (if any)
  • You have demonstrated that your travel plans and destination have no travel restrictions. For example, driving to an event in a COVID-free country, domestic travel with no travel restrictions or differences in COVID status, or that there’s a travel bubble between your departure location and destination.
  • You agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvency, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death, or similar are explicitly excluded and will not be pre-approved or paid.
  • Many countries require vaccination or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements.
  • You must obtain sufficient travel insurance to cover typical travel insurance cover, including medical evacuation or death. Travel insurance will only be reimbursed if covered by sponsorship.

Monthly Review of Restrictions

The OWASP Executive Director will review these restrictions monthly in concert with the community and the OWASP Board. We will communicate these restrictions and any changes via OWASP’s social media, website, leaders list, and the OWASP Community Slack in the #leaders channel and pin.

We welcome comments from the community and the OWASP Board on the detail of these restrictions and any improvements. Please log a GitHub issue to suggest a change for the next month.

If this temporary restriction has not been updated in the last 90 days, it is no longer in effect, and standard policies apply.

If you have any questions, please get in touch with Andrew van der Stock to discuss. Office Hours are available in several time zones.