Rules of Procedure

Temporary COVID-19 Restrictions

Last revised February 28, 2022, by Andrew van der Stock.


The OWASP Foundation is responsible for providing its community and staff with a safe environment, promoting chapter, project, and committee mission-related activity, while being financially responsible. The following restrictions are in place until they are all lifted.

This month, I have eased the requirements on meeting in person considerably as the number of deaths decreases in most locations.

We need to start living with COVID as an endemic issue in our community, which is best addressed by continuing basic health precautions such as masks, screening, and social distancing until more of the community is immunized and the pandemic winds down.

As health rules vary so much on a global scale, and community spread and deaths, we regularly review and adhere to the current WHO small meeting guidelines. If there are stronger local, regional, or country requirements, then they must be followed.

On a personal note, if you’re not yet vaccinated or had your boosters, please get vaccinated or boosted as soon as you can. This is the only way we get out of this pandemic. ^ajv.


  • Fully virtual events remain the preferred method of meeting.

  • Physical events do not require pre-approval if you follow basic health guidance or your local jurisdiction’s requirements if they are stronger.

  • Physical events require pre-approval in jurisdictions that prohibit private businesses from following health precautions.

  • You have to enforce proof of vaccination if required in your jurisdiction. Chapter and Event leaders are permitted to require proof of vaccination.

  • Standard expense policy applies, except for periodic payments and subscriptions which are prohibited.

  • All travel expenses require pre-approval.

Virtual Events

OWASP provides free access to virtual meeting rooms, training, and webinar facilities for up to 1000 attendees. Virtual meetings have no cost to chapters, events, and training programs. You can obtain these via submitting a non-funding request ticket at

Physical Events

You must follow either the WHO COVID small event guidelines or your local health authority’s requirements, whichever is the stronger. For example, if your local health authority does not permit meeting, you cannot meet, or if they limit attendance, you can only have that amount of attendees. If the opposite is true, where local regulations try to prohibit these basic requirements, please see the pre-approval process below.

Summarizing this advice:

“Make your event as safe as possible for guests. Keep it small and short. Encourage people to wear masks and ensure enough space for each guest to maintain at least a 1-metre distance from others. Help your guests follow COVID-19 prevention measures: provide masks, alcohol-based hand sanitizer or access to soap and water, tissues and bins with lids that close. Consider hosting your event in a well-ventilated outdoor space. The virus that causes COVID-19 spreads easily indoors, especially in poorly ventilated settings. Outdoor venues are safer than indoor spaces.”

Additionally, on the invite/registration and at the door, please ask attendees to:

  • Keep at least a 1 metre (about 3 feet) distance from others;
  • wear a mask;
  • avoid crowded or poorly ventilated areas;
  • cover coughs and sneezes with bent elbow or tissues; and
  • clean your hands frequently

Use Meetup’s COVID functionality to indicate and ask attendees to adhere to the safety measures or requirements at the meeting. Continue to live stream (hybrid) meetings online so that people who do not wish or cannot attend in person can still participate.

Do I have to enforce vaccine mandates, or can I require vaccinations at my meeting or event?

OWASP supports fully vaccinated events. They increase attendance and reduce the risk to attendees, participants, and sponsors. This is how we get back to normal.

  • If your country or jurisdiction requires proof of vaccination upon entry, you have to do so. OWASP cannot eliminate that requirement.
  • Chapter and Event Leaders are permitted to require proof of vaccination. At this time, it is strongly recommended but not required.

Fully vaccinated individuals can still get, become sick, or transmit COVID, and may not be aware of their status. OWASP still recommends masking and social distancing at fully vaccinated events, but we do not require it if you are permitted by local health authorities to relax these controls.

We are in discussions with our Global AppSec sponsors, many of whom require fully vaccinated events. We will keep the community informed. It is likely that Global AppSec San Francisco will be a fully vaccinated event.

Pre-approval required where COVID controls are prohibited

OWASP cannot obtain insurance coverage for COVID-related illness, injury, or death, so we cannot permit meetings or events where we cannot require basic health measures, such as masking or social distancing. Attending meetings is entirely at the attendees own risk, but we need to minimize that known risk by taking recognized and necessary precautions.

If your local jurisdiction attempts to prevent private businesses such as OWASP from requiring the WHO small gathering guidelines, you must apply for annual pre-approval. Pre-approval will be given only if you agree to uphold the basic health measures as detailed above.

NB: OWASP is a Delaware, USA and Belgian/EU not for profit entity, and therefore most of these local laws or regulations do not apply to OWASP as a private organization.

If attendees have agreed on the registration form that they will abide by these rules and do not at the event, do not get into physical confrontations. Please ask them to leave, and if necessary work with the venue to have them removed by the police for trespass. Your and any participant’s physical safety, including from COVID, must come first.


Expenses are governed by the approved Expenses policy. During the pandemic, PPE such as masks and sanitizer are permitted.

Pre-approval for periodic payments will not be approved for any monthly subscription, software, event or meeting space, or any other recurring payments. We don’t have recurring income to support recurring payments.


Do not make plans to travel.

Travel pre-approval is required, and will require that you demonstrate the following:

  • You have obtained sponsorship for all travel and incidental costs (if any)
  • You have demonstrated that your travel plans and destination have no travel restrictions, or that you have complied with them (such as being fully vaccinated)
  • You agree that all expenses related to delays, increased unforeseen costs, cancellations, airline insolvency, mandatory quarantine or isolation, medical expenses, medical evacuation, lingering illness, death, or similar are explicitly excluded and will not be pre-approved or paid.
  • Many countries require vaccination or a COVID-negative PCR test to travel, as well as a quarantine period. OWASP cannot waive these requirements or pay for testing or vaccination.
  • You must obtain sufficient travel insurance to cover typical travel insurance coverage, including medical evacuation or death. Travel insurance will only be reimbursed if covered by sponsorship.

Monthly Review of Restrictions

The OWASP Executive Director will review these restrictions monthly in concert with the community and the OWASP Board. We will communicate these restrictions and any changes via OWASP’s social media, website, leaders list, and the OWASP Community Slack in the #leaders channel and pin.

We welcome comments from the community and the OWASP Board on the detail of these restrictions and any improvements. Please log a GitHub issue to suggest a change for the next month.

If this temporary restriction has not been updated in the last 90 days, it is no longer in effect, and standard policies apply.

If you have any questions, please get in touch with Andrew van der Stock to discuss. Office Hours are available in several time zones.