Rules of Procedure

Temporary Covid Restrictions

Last re-written / reviewed February 26, 2021 by ajv

Background

OWASP has a responsibility to provide its community and staff with a safe environment, promote chapter, project and committee mission related activity, and to be financially responsible. The following restrictions are in place until they are all lifted. All of these sections have a exceptions to the rule, so please don’t assume that something can’t happen, please talk to us about your region’s COVID situation.

With the recent availability of various vaccines for COVID, we are starting to see a tremendous drop in both hospitalizations and deaths in some countries. It is likely that by mid-year it will be safe enough for many chapters to resume in person gatherings. These temporary restrictions contemplate physical gathering starting now in locations where it is safe and permitted to do so, but with certain caveats.

tl;dr

Safety is paramount, with activity and financial responsibility as secondary concerns. The following restrictions will apply until further notice, and reviewed regularly.

  • Virtual events remain the preferred method of meeting, and OWASP provides free access to meeting rooms and webinar facilities for up to 1000 attendees at no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at https://contact.owasp.org
  • Chapter related expenses are $250, over $250 requires pre-approval, and will only be approved for chapter, project, committee or event related expenses. The draft Grants policy might be a better choice for you
  • No monthly, software, periodic or subscription event space, or other recurring payments are permitted as OWASP’s income is down over 80% compared to 2019
  • Physical gatherings must review and obey local health authority gathering requirements, including not holding events if that is the current status, and obeying all mask mandates, social distancing, gathering limits, space requirements, and so on. We look forward to the safe return of Local, regional AppSec Days, activities, and training events, and they will be reviewed and approved on a case by case basis
  • Masks, social distancing, and PPE provision (masks, sanitizer, wipes, etc), are mandated at OWASP events until further notice, unless your country or region is COVID free (NZ, Australia, etc). Some countries or regions have relaxed COVID restrictions far too quickly for various reasons unrelated to science, and OWASP cannot and will not be responsible for a super-spreader event and all the liabilities that entails, as we cannot obtain insurance for COVID
  • No COVID event insurance. Physical gatherings are held at your own risk, and all participants must also agree to that. Please make sure that you put this in the event RSVP to gather acceptance from participants and make an announcement at the start of each event so folks can leave if they don’t feel comfortable.
  • Travel expenses require pre-approval. Travel is extraordinarily unlikely to be approved due to OWASP’s financial position. Do not make plans to travel. Pre-appoval will require that you demonstrate the following:
    • You have obtained sponsorship for all travel and incidental costs (if any)
    • You have demonstrated that your travel plans and destination have no travel restrictions, such as driving to an event in a COVID free country, domestic travel with no travel restrictions or differences in COVID status, or that there’s a travel bubble between your departure location and destination
    • That you agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvancy, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death or similar are explicity excluded and will not be pre-approved or paid.
    • Many countries require vaccination and/or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements. Costs relating to vaccination, testing, and quarantine will not be reimbursed and are at your own expense
    • You must obtain sufficient travel insurance to cover typical travel insurance cover, including medical evacuation, and death. Travel insurance will only be reimbursed if covered by a sponsorship.

COVID Temporary Restrictions and Finance Reform Expenses Policy

OWASP is undergoing fundamental finance reform. During 2020, we operated the expense system exactly as we propose the new finance reform will operate. Expenses have a cap of $250 USD per request and must be related to your chapter, event, committee, or project. Submit a chapter reimbursement request and adhere to the approval guidelines below, and you’ll get reimbursed. Expenses over $250 must be pre-approved by the Foundation, and require two leaders to approve.

Expense Approval criteria

  • Expenses under $250 do not require pre-approval, and may be submitted by a single leader for any valid chapter, project, committee, or event expense
  • Expenses above $250 USD require pre-approval and dual leader approval (or leader + relevant committee if only one leader). Do not incur expenses over $250 without pre-approval, as it will not be paid
  • Expenses must have a short explanation of why the expenses is relevant to your chapter, project, or event. Good: “Food & beverage for February 2021 OWASP Sunnydale chapter meeting.” Bad: “Catering
  • Expenses must have a receipt or invoice
  • Physical gathering event spaces must be per meeting or event only, and be related to an chapter, event, committee, or project
  • Shared working spaces will not be reimbursed without pre-approval.
  • Physical gathering expenses must have occurred to be paid
  • Donations, sponsorships, or funding of external organizations require pre-approval, and are unlikely to be approved
  • Periodic subscriptions, software subscriptions, physical space subscriptions, or recurring monthly or annual fees of any type are not permitted without pre-approval.
  • Expenses relating to shared services that the Foundation already provides to leaders, chapters, events, and projects for free cannot be reimbursed, such as Meetup Pro, Github Pro, GSuite Apps, Zoom, and similar.

During COVID, PPE, sanitization, and cleaning supplies are a fair and reasonable expense (see below in relation to gaining approval for physical gatherings). If you do not have pre-approval for a physical gathering, no expenses will be paid, including for PPE.

Pre-approvals in COVID free and low COVID restriction regions

Where your region or country has become either COVID free, or has achieved herd immunity, pre-approvals can be given for either indefinite periods or quarterly pre-approval to avoid having to apply for each and every meeting when the spread of COVID has been successfully curtailed. You must demonstrate that local health authorities have lifted all gathering limits to get indefinite pre-approval.

Chapter Minimum Activity Requirements

Between February 23, 2020 and March 31, 2021, a chapter must have held at least one virtual (or if safe, in person) meeting, event, or activity to be considered active, which can include virtual meetings, social events, and hosting local or regional events. Inactive chapters as of March 31, 2020 will be deactivated, and asked for new leadership within their own community, and if no leadership can be found by June 30, 2021, all inactive chapters will retired. Please make sure your chapter’s page on the owasp.org website is up to date and demonstrates activity, contains the current local leadership team, and has a direct link to where the public can search for and RSVP to your events. Meetup is preferred to automate this process.

After February 23, 2021, per our new Chapter policy, chapters must meet at least 3 times a year. Any chapter meeting, activity, or local or hosting a regional event will satisfy these requirements.

Monthly Review of Restrictions

These restrictions will be reviewed by the Executive Director monthly in concert with the OWASP Board. We welcome comment from the community and the OWASP Board on the detail of these restrictions, and any improvements. Please log a GitHub issue to suggest a change for the next month.

We will communicate these restrictions and any changes via OWASP’s social media, website, leaders list, and the OWASP Community Slack in the #leaders channel and pin.

If this temporary restriction has not been updated in the last 90 days, it is no longer in effect, and standard policies apply.

If you have any questions, please contact Andrew van der Stock, [email protected] to discuss. Office Hours are available in several time zones: