Difference between revisions of "How to Host a Conference"

Jump to: navigation, search
Line 364: Line 364:
==Historic Contracts==
==Historic Contracts==
[http://www.owasp.org/images/5/57/MN_Convention_Center.pdf AppSec US Venue]
[http://www.owasp.org/images/5/57/MN_Convention_Center.pdf AppSec US Venue]
[https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNNmNlNmUyMzMtZmYzNC00NWU3LWIyNzgtNzRlMTdlZGMxMTBj&hl=en AppSec China Event Management Agreement]

Revision as of 20:18, 10 September 2011



Our intent in posting these guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host an event. While it is almost impossible to cover EVERY detail of planning, we think we have put together a fairly comprehensive series of recommendations. Just ask anyone who has put together an event of any size and they will tell you it's hard work, but can also be a lot of fun. We are an open community, so your peers are often a great resource. Refer to some of the other conference pages and contact the conference planners directly for advice. Different types of OWASP Events (see the Event Definition tab) have a few requirements imposed on them. See the requirements tab for details.


The Global Conferences Committee is responsible for coordinating all OWASP conferences and events. If you have any questions or comments feel free to ask them at global_conference_committee@lists.owasp.org

Global Conference Committee Chair is Mark Bristow

Global Conference Committee Operational Support is Sarah Baso

OWASP Operations Director is Kate Hartmann


Event Definition

All OWASP events will fall into one of the following categories. If you are unsure as to what types of event you would like to plan contact us and for further clarification or to help define the scope of your event. Please also note that various types of events have some requirements set for them, see the policies/requirements tab for details

OWASP Global AppSec Conference

These conferences are the flagship of the OWASP outreach effort. This will be an international conference sponsored by OWASP and approved by the OWASP Staff along with a small group of community event reviewers. AppSec Conferences include multiple days of multi-track plenary sessions in addition to pre-conference training offerings. AppSec Conferences, schedules, and trainings must be reviewed by the OWASP Staff and will receive the full support of the OWASP Foundation. In any calendar year, there will be no more than 4 AppSec Conferences of this size. Locations will be determined the prior year and planning must begin at a minimum of 12 months in advance. The talent and services of volunteers are crucial to OWASP AppSec Conference success. That is the reason why it is important to establish standards and guidelines for volunteer so that both the volunteer and OWASP staff understand the parameters of the relationship up front. Volunteers that cancel at the last minute and produce limited results encumber OWASP mission, costing it money and preventing it from fulfilling its fundraising goals. A reliable volunteer with a strong work ethic can go a long way towards helping OWASP meet its goals. Before getting the approval to organize an OWASP AppSec Conference the Conference Organizers should: First, make a personal commitment to be there for OWASP. And second, read and fill out and sign the volunteer agreement.

OWASP Regional/Theme Conference

Regional/Theme conferences typically have lower attendance than AppSec conferences and typically include multiple days of single track plenary sessions. Training may or may not be offered at the discretion of the regional conference planning team. Regional conferences are not subject to the same rigor as AppSec conferences in terms of planning and only require the local planning team enter the event into the OWASP Conference Management System for review and approval by OWASP Staff and a small group of community reviewers. Regional conferences are encouraged to have a unique theme (development, Research, PHP, Government, Browsers...) to help differentiate them, although this is not required. Regional teams are free to brand their conference as they wish, as long as the OWASP affiliation is maintained, with the exception of the moniker "OWASP Global AppSec" which is reserved only for Global AppSec conferences.

OWASP Local Event

Events are typically single day or "OWASP Day" type events that are generally local in nature. Events typically have only one track and span anywhere from a half to a full day. Planning for these events is at the sole discretion of the event team and may be branded in any manner so long as the OWASP affiliation is maintained. In general, significant OWASP Foundation support will not be available for these events.

Project Summit

The purpose of our Project Summits is to focus dedicated time on collaboration & innovation of specific technical topics to help improve the quality and usefulness of our OWASP project tools. A Project Summit may be a standalone event or co-located with our Global AppSec conferences. Project Summits are classified as local or regional events and are eligible for the same level of support.

Partner/Promotional/Co-Marketing Events

Partner events are events of any type where OWASP partners with another non-profit organization to co-host an event. These events sometimes require close examination as the terms of the partnering agreement need to be reviewed to ensure OWASP integrity and reduce liability. These events also frequently will require both OWASP Staff and community review and may take many forms.

Many of our partnership & co-marketing agreements have the same standard deliverables, which may include but are not limited to:

  • Include the event under our Partner & Promotional section
  • Include the event in our monthly Connector up until the conclusion of the event
  • One (1) dedicated email invitation to the chapter leaders within the region of the event, asking them share the details and discounts with their community and chapter members. Email to be provided to OWASP for review/release by the partnering organization. Each chapter is run independently, so it is up to each chapter leaders discretion to promote the event.
  • Logo posted on our Supporting Partners page
  • Social Media - usually no more than 1x a month up until the start of the event.

Promotional Events are where OWASP has paid or in-kind sponsorship in a conference that is hosted by another organization. This sponsorship may take the shape of a booth, hosted competition, lanyards, bags, fliers and other promotional items and may or may not be a strictly financial transaction. These events require additional scrutiny as OWASP has a very limited marketing budget, however it is important for community members to have the support to "get the word out" at other events. These events will often provide OWASP with conference passes that can be distributed to volunteers who agree to represent OWASP at the OWASP booth.


Board Member Role

The OWASP Board will make every effort to have at least one OWASP Board Member in attendance at each AppSec conference. The Board Member will…

  1. Provide a keynote or other address on OWASP, our goals, vision, strategy, ethics, projects, membership, and progress. The goal is to introduce attendees to OWASP and our culture, describe membership program, attract contributors, and inspire people about the importance of application security.
  2. Ensure that OWASP principles and ethics are upheld in all aspects of the prosecution of the conference. In particular, ensure that OWASP’s brand is not misused by commercial entities.
  3. Provide logistical support and the ability to make quick decisions on the ground (within reason) without having a formal board meeting and decision process.
  4. Serve as a lightning rod for any issues, problems, suggestions or praise that anyone wants to provide about OWASP and bring them to the appropriate committee or OWASP Board.
  5. Assess the general operation of the local/regional OWASP organization, chapters, sponsors, leaders, and contributors. The goal is to use this information to strategize how to grow OWASP’s presence in the region and support the local leadership.
  6. Meet with local leaders from OWASP, government, vendors, and industry to get them to understand why application security is important and joining with OWASP makes sense.



The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to plan a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP conference schedule to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

Having a cohesive, comprehensive plan for your event is key to the success of your event. While all plans change it is important to consider all of the elements listed in the following tabs when developing your conference planning package.

Once you have developed your plan submit it to the Global Conferences Committee for review and consideration.

Conference Committee

While there is no requirement to organize your conference's committee in any particular way, these structures have worked for successful conferences in the past. It's important to organize a conference committee as early as possible. It is recommended that you establish regular planning/reporting meetings and set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

It is important that the conference committee be predominately comprised of a local team that is able to act locally to speed up and help in all activities related to the conference venue and local services. Planning a conference entirely from a remote location is a challenging job and is NOT recommended. Events without local support are unlikely to get Global Conferences Committee approval.

Conference Organizers

This should be a relatively small group (recommend 3) who are the core organizers of the conference. This group is the "executive leadership" for the conference. There is a tendency for one person to lead a conference, or for this group to be fairly large. experience indicates that one person is likely unable to handle all of the decisions that will be required for managing a successful conference while having too many causes the issue of inaction by committee. In the initial stages, these are the people who will be doing the heavy lifting while the rest of the committee comes into place. It's recommended that specific organizers be initially tasked into the following:

  • One of the principle organizers should be designated as responsible for the budget. It is important to reconcile any decisions with the budget as well as keep it up to date. Conferences are the lifeblood of OWASP's financial picture so it's important that they be managed well.
  • One organizer should be devoted to developing partnerships/sponsorship leads for the conference. It's important to determine if the conference will be partnering with any local organizations or governments up front and to manage that relationship. Additionally getting sponsorships early will greatly help keep the conference fiscally responsible
  • The last organizer should be devoted to facilities. The first step in planning a conference is to develop a contract with the conference facility. There are many things to consider while working this process and it requires dedicated attention. Please do keep in mind however that organizers may not sign contracts, only officers of OWASP (The Board) may obligate the foundation legally.

Functional Leaders

In the past it has been helpful to appoint functional leaders for the conference. These volunteers are typically assigned a specific area of responsibility to work in conjunction with the principle organizer's efforts.

  • Sponsors -- To augment the activities of the principal organizer assigned to this task, it's important to assign someone to sponsorships right away. This task will involve a lot of email, conference calls, and footwork and needs all the help it can get.
  • Security -- Checking credentials at the entrance to convention only areas and controlling access to convention events. There will be licensed security personnel onsite to handle and "real" security issues should they arise, volunteers are not expected to put themselves in any jeopardy as security staff.
  • Speakers -- Helping Speakers and Trainers get to and from their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied.
  • Registration/Info Desk/Merch -- Helping run the registration and "Front Desk" functions of the conference. This may also expand to running an Information Desk functionality and/or helping sell merchandise.
  • Facilities -- Helping run the "behind the scenes" of the conference. This will mainly be overseeing the various contractors and vendors hired to provide services for the conference, and acting as a liaison between the convention center, contractors, exhibitors and the rest of the conference.
  • Volunteers -- Getting a small army is hard to do

Program Committee

You need a group of people to review the papers you will receive.

Good criteria to select Program Committee members include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Selecting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.

Trainer Evaluators

You need a group of people to review the training proposals you will receive.

Good criteria to select Trainer Evaluators include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Selecting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.

Remember that the foundation does have some personnel who can help with the conference planning. While it's important not to over-leverage these people, do include them as often as they can support as their insight and experience will be invaluable.



The OWASP Conference Budget Planning Tool has been developed by the Global Conferences Committee to assist in the budget planning process. The tool was originally designed for AppSec conferences but can be used for a conference of any size. When submitting a budget to the GCC, you are required to use this format.

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

Your conference costs should be handled through the Foundation. Sponsorship funds, venue deposits, travel reimbursements, printing, etc will be managed for you. This allows you to focus more on the event content! Contact Kate Hartmann as soon as possible to get this set up. Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

Things to Consider

  • Shipment of OWASP products will come out of the conference budget
  • Conferences are expected to provide travel for at least one board member
  • Be sure to budget for fliers, signage and schwag
  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

Profit Sharing

Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. More detail can be found on the Global Conference Committee Policies page.

  • Global AppSec Conference - 25% of event profits with a $5,000 USD cap ($10,000 for multi-chapter events)
  • Regional/Theme Events - 30% of event profits with a $4,000 USD cap
  • Local Events - 50% of profits with a $3000 USD cap



Obtaining sponsorship is essential to the success of your event. Without financial input from vendors to cover costs of food, venue, giveaways, and everything else, your event will inevitably fail. The following document has been prepared to assist you in convincing vendors to give you money. Please tailor the document to suit your event and forward it to any and all potential sponsors.


It is important to have completed your budget early so you can correctly estimate the amount of sponsorship you will need.

Contact Mark Bristow or Sarah Baso if you would like assistance or have interest in selling one of our 2011 Global Sponsorship Packages.

If you plan to have an exhibit hall it must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).



One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities. To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating. Partnering with a local university is a great way to obtain free space.

A contract to secure your venue is critical. Only a member of the Board can enter into a contract on behalf of OWASP!!! Please forward contracts to be signed to Kate Hartmann for signatures.

Training rooms will require space to accommodate generally 10-30 students per class.



International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

While is is acceptable to target individuals/companies to solicit content, in keeping with the OWASP value of openness, all Call for Papers and Call for Training must be open to all to submit. Calls for Papers or Training must be at a minimum announced on the conference Wiki page.


A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

Also note that according to the standard OWASP Speaker Agreement, presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to OWASP Presentations after the event.

Consider a CFP system to manage submissions such as EasyChair (it is free) http://www.easychair.org, or OpenConf (free and pro-version) http://www.openconf.com.

Additionally, each OWASP Conference is required to solicit a board member to provide a welcoming or keynote address. This shows foundation endorsement of the local team ensures a consistent OWASP message.


If you are offering training at your event the Call For Training proposal template should help you issue a call for training. While you are welcome to target training organizations, remember to ensure that the call for training be publicly available so that all my propose classes.

Training revenues are to be split 60/40 with 60% of the revenue going to OWASP and 40% going to the trainer. OWASP will provide the facilities, promotion, A/V equipment, and refreshments for all training. Trainers are responsible for travel/accommodations for the training staff, all training materials, and promotion of the training.

All training during OWASP Events must be OPEN TO THE PUBLIC. OWASP and the Trainer may set aside no more than a combined 10% of the available training slots for their own use. Setting aside of training slots in all cases must be approved by the Global Conferences Committee


Audio Visual/Recording

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. OWASP owns one projector that can be "loaned" out for events. Contact Kate Hartmann to arrange for the shipping of this and other items. When you confirm conference presentations, ask presenters to provide you with a list of equipment they need.



OWASP has several registration tools available to use. Currently we utilize the RegOnline registration system for larger, paying events. If your event is free of charge, but you require an RSVP for space restrictions or food, please contact Kate Hartmann to review registration options for free events.

OWASP Conference Registration Distribution over time.
OWASP Conference Registration Distribution over time.

The following data was taken from several larger OWASP conferences to demonstrate how registrations are typically distributed over time.



Promoting your conference begins as soon as you have selected a conference site and date. All OWASP Branded Events/Conferences are required to have a presence on the OWASP Wiki. You are also welcome to register an external web address (preferably in the .org tld) to help market and promote your event so long as the site links back to the OWASP Wiki (main page or event page) in some way. You are however required to keep the Wiki page up to date and current as the primary source of information for the event, any external resources are secondary sources of information. Post the date and location on the OWASP wiki. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.


Conference organizers are welcome to negotiate with local newspapers, trade magazines, and other media to help promote the event. OWASP prefers to establish "in kind" agreements with media for promotions but in the past, paid advertisements have been used where appropriate. If you have any questions or concerns please ask the Global Conferences Committee

Design Components

In designing your own Powerpoint templates, tshirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) here. Please do share them with the other conference chairs!

The Resources tab has additional resources for assisting in promoting your event.


Conference Materials

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

Name Tags

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.



Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway. Be sure to take care of all the caffine junkies in the crowd. If possible, try and arrange for a pre event tasting. You don't want people remembering your event for the bad coffee or sandwiches.

Be sure to allow for special dietary considerations. Always offer some vegetarian options for your meals.


Social Events

After a long intensive day of speakers and/or training, a more casual opportunity for networking will be welcomed by most all attendees. Depending on the size and location of your event you may want to consider one or several of the following options:

  • OWASP "meet up" at a local pub
  • OWASP gala dinner
  • Corporate sponsored party
  • Guided site seeing tours
  • Group outing to a sporting event

In many cases you can include an optional fee to be paid to cover the costs of the event. In the case of a corporate sponsored event, the sponsor would cover the costs. Very often, however, an informal yet organized (planned) evening at the pub will be sufficient to facilitate networking among conference attendees and speakers.

Be sure to remind everyone at the end of the last talk for the day of the location of the gathering, the cost (if any), and the start time for the next days speakers.

Whatever you plan, however, be sure to include some free time for people to do things on their own.



Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

OWASP on the MOVE funds are not to be used for conferences or events. If you are planning on covering ANY speakers travel and/or accommodations, be sure to plan for this in your event budget.

Visitor's Guide

All global conferences that will attract a substantial international audience should create a city Visitor's guide. A great example of a visitor's guide was put together by the AppSec Research 2010 teamThis guide should include sections like:

  • Country Overview
    • Common Languages
    • Money
    • Tipping and Haggling
    • Local Customs
    • Special Events during the conference
  • Transportation to Event
    • Taxi Company Phone numbers and estimated prices
    • Buss or Mass Transit information, schedules, and prices
    • Directions on how to get to conference site WITH PICTURES (It's recommended you walk from the major transportation hubs and take pictures along the way)
  • Host City
    • Local points of interest
    • How to get around the city (metro/bus maps)
    • Bars near the event



If you plan on a regional or international event, it is considerate to negotiate a discounted room rate with a local hotel. In many cases, if you event is at a hotel, they will happily give you greater than 50% discount on rooms. If your event is at another type of venue (convention center, university campus, corporate building) there are often referral relationships between the venue and nearby hotels. Be sure to ask you coordinator.

When reserving your room blocks take into consideration the number of out of town speakers and guests you are expecting and how many room nights will be required. Be sure to avoid commitment for the unsold rooms. The hotel wants to get paid of course. Be sure that the hotel will not hold OWASP responsible for unbooked rooms.


delete me


These are the requirements imposed on any event using the OWASP brand. All Events must be coordinated with the Global Conferences Committee and receive their approval. Event requests can be submitted via the https://ocms.owasp.org/ OWASP Conference Management System (OCMS)]. If you do not have an account, you can signup for an OCMS account here, please use an @owasp.org email address if available.

If you have questions or require an exception to any of these please contact the OWASP Staff.

Policy Applicability
All content must be vendor neutral All Events - Core Value
All content must be made available to the public after the conference All Events - Core Value
All calls for papers, training and registration must be open and promoted to the public All Events - Core Value
Selecting Committee Members (Training or Papers) must not submit All Events
Use the conference website/wikipage to submit papers. It must supports blind paper submissions. All Events
All events must be conducted in a manner consistent with the OWASP Mission, Principles and Code of Ethics All Events - Core Value
OWASP Event Definitions All Events
OWASP Event Requirements All Events
Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. Policy Document
  • Global AppSec Conference - 10% of event profits up to Profit Goal set in annual Foundation Budget ($10,000 for multi-chapter events), 40 % of event profits in excess of Profit Goal. No profit cap.
  • Local and Regional Events - 90% of event profits. No profit cap.
All Events
All OWASP Events must be coordinated with OWASP Foundation Staff by submitting an events description via OCMS. An approval that the event will be posted on the OWASP Wiki and Event announcement webpage will be sent from the OCMS input. Any request for funding support must follow normal funding request procedures separate from the OCMS submission. All Events
Events must have an OWASP Wiki Page, or a webpage showing the OWASP logo and be linked to the OWASP wiki Events Pages All Events
Only OWASP Board members or their designates may enter into contracts on behalf of the foundation All Events
All finances must be handled by the OWASP Foundation All Events
Complimentary conference admissions are provided to speakers, volunteers, staff, Global Board members and active OWASP Leaders.

A “Leader” is defined as a chapter or project leader that is clearly identified on the chapter or project wiki page AND has been documented as a leader in the Foundation’s records. If a leader registers for a conference complimentary ticket but does not appear for the conference, the chapter will be charged 60% of the retail cost of a conference ticket.

All Events
OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee. All Events
A complete budget must be submitted if the event requires any funds from the OWASP Foundation and funding requests will be reviewed and approved by OWASP Executive Director. Please submit a requests via our Contact Us link on the OWASP Wiki homepage. Regional/Theme Conferences
An OWASP leader should be invited to provide welcome and state of the union. All Events
Global AppSec Conferences must include training Global AppSec Conferences
Global AppSec Conferences must charge an admission fee Global AppSec Conferences
Sessions must be recorded and posted to the public after the conference Global AppSec Conferences
There must be at least one networking event at the conference Global AppSec Conferences
All Training providers are required to sign a Training Instructor Agreement Training
Training revenue will be split 60/40 (OWASP/Training Provider) Training
Each training class allows for two complimentary seats to be made available to OWASP Leaders. This must be included in the Training Instructor Agreement. These are available on a first come basis. Only one training seat per session is allowed per chapter to allow for diversity in distribution of seats.

If a leader registers for a complimentary training seat but does not attend the full training session the chapter will be charged 60% of the retail cost of the training session and the leader will not be given a complimentary ticket (conference or training sessions) for any other Global AppSec events in the following year.

Speakers must sign a Speaker Agreement Speakers
Speakers will not receive compensation for their speaking engagement Speakers
Event organizers must reach out to the WIA program to assist with the program committee and to help find suitable keynote and invited speakers. Global AppSec Conferences & Regional Events
Event organizers must send an open call for participation for volunteers, papers committee. Global AppSec Conferences & Regional Events
Event organizers should encourage all training and CFP proposals to go through the “Talk bootcamp” process. Global AppSec Conferences & Regional Events
WIA initiative should lead a search for women keynotes, featured, panel speakers. Global AppSec Conferences & Regional Events
Event organizers and WIA initiative should reach out to women speaker lists to encourage training proposals and speakers to submit through the normal CFP process. If there is to be a women in AppSec panels to be organized, the WIA initiative must be involved and feature predominantly women panelists. Global AppSec Conferences & Regional Events
These aren’t quotas, but a goal. Global events organizers are free to exceed these metrics.
*At least 10% of the program committee must be women, and must include the WIA initiative members
*At least 50% of keynotes and featured speakers must be women
*At least 25% of panel participants must be women. If there are no women participants, the panel should be cancelled. 
*At least 10% of talks must be women

If these metrics cannot be reached, the organizing committee should reach out to the Conference Manager for assistance, and must apply for an exception if they can’t be reached after all avenues have been exhausted.

Global AppSec Conferences
These aren’t quotas, but an aspiration goal for regional events. Organizers are free to exceed these metrics.
*At least one of the program / papers committee must be a woman, and should include the WIA initiative members
*At least one of keynotes, featured and invited speakers must be a woman
*At least 25% of panel participants should be women. If a panel has no women participants, it should be cancelled
*At least 10% of talks chosen should be women speakers
Regional Events


Co-Marketing of Event Contract Sample

The <External Organization> Provides:

  • A Vendor Table in Vendor Area
  • OWASP Logo and Link on RSS Web-site
  • OWASP Logo and description in the Event Guide
  • Opportunity to provide an OWASP Banner in conference room
  • Tickets for 2 OWASP Speakers mutually approved by OWASP and <External Organization>
  • Software Security Track Chair
  • Monthly status update emailed to the OWASP Global Conferences Committee Chair (conferences@owasp.org) including
    • Current number of people registered for event
    • A budget update including all revenue and expenditures relating to the event

The OWASP Foundation provides:

  • OWASP Promotional Materials for the provided table
  • Marketing of Conference
    • Notification to OWASP members and constituents about special discount code to attend <EVENT>. The event will provide 50-100 words of text and link describing offer; OWASP will transmit within any newsletter, via email notification and/or other methods as approved by OWASP
    • Event banner in OWASP banner rotation on main page for 90 days prior to the event

Co-Hosted Event Contract Sample

The <External Organization> Provides:

  • A Vendor Table in Vendor Area
  • OWASP Logo and Link on RSS Web-site
  • OWASP Logo and description in the Event Guide
  • Opportunity to provide an OWASP Banner in conference room
  • Tickets for 2 OWASP Speakers mutually approved by OWASP and <External Organization>
  • Software Security Track Chair
  • Monthly status update emailed to the OWASP Global Conferences Committee Chair (conferences@owasp.org) including
    • Current number of people registered for event
    • A budget update including all revenue and expenditures relating to the event

The OWASP Foundation provides:

  • An active and contributing member of the conference executive committee present at 85% or more of the planning sessions, who will chair and moderate the Software Security Track.
  • At least 1 additional volunteer to assist on-site during the event, to be coordinated with the event volunteer coordinator.
  • Travel expenses for 2 well recognized OWASP speakers (topic and speaker mutually approved by Software Security Track Chair and OWASP)
    • Speakers must also sign the standard OWASP Speaking agreement
  • OWASP Schwag Give-aways for X attendees
  • X OWASP Lanyards
  • OWASP Promotional Materials for the provided table
  • Marketing of Conference
    • Notification to OWASP members and constituents about special discount code to attend <EVENT>. The event will provide 50-100 words of text and link describing offer; OWASP will transmit within any newsletter, via email notification and/or other methods as approved by OWASP
    • Event banner in OWASP banner rotation on main page for 90 days prior to the event

Payment Schedule:

  • All real costs incurred by the Event and OWASP shall be reimbursed prior to the distribution of any profits from the event. Real costs include expenses for schwag, Speaker Travel and Lanyards as well as any other costs not incurred in the course of supporting a booth at the event.
  • Should the event take a loss
    • 30% of losses shall be covered by the OWASP foundation, up to the amount of tangible goods provided
    • 70% Shall be covered by Event
  • Should the event make a profit (after real costs have been reimbursed)
    • 30% of profits shall be paid to the OWASP Foundation
    • 70% of profits shall be retained by Event

Historic Contracts

AppSec US Venue AppSec China Event Management Agreement