Attendee Information

January 1, 0001

Expectations for Attendees

The OWASP Summit is the most energizing InfoSec event in the world. Each of the 140+ working sessions will create a published deliverable for the greater InfoSec Community to engage with. This high level of productivity does require certain commitments from the attendees. As an OWASP Summit Attendee we have these expectations of you.


The key to the OWASP Summit is its participatory nature. Unlike at a conference, attendees are expected to immerse themselves in each working session collaborating to create a published deliverable in a compressed amount of time. The expectation is that every attendee will actively engage with their peers to create during the event.

Mutual Respect

You will be engaging in intense creative activity with your peers. Sometimes the topic you will be dealing can be divisive. The basis for all conversations and growth during the Summit must be mutual respect. Every interaction with your fellow Summit Attendees must at heart recognize that everyone is here to make AppSec better–even if we disagree about how to go about it.

Mutual respect also includes making space for others to talk. Be aware of dominating the conversation during your working session.

Challenge Directly

When participating in the event you are expected to say what you think plainly so that your working session team can quickly and thoroughly confront the issues they are there to respond to. This is the place to engage, not hold back out of misguided fear of challenging ideas.

Please use Radical Candor.

Care Deeply

This doesn’t mean that you are allowed to tear down others. While challenging directly you are expected to remember that this is a collaborative environment. The goal is to communicate your critiques with the heart and collegial spirit that is due to your Summit Colleagues. This means that consideration, and thoughtfulness should guide your words without stifling your constrictive criticisms.

Objective Distance & Personal Criticism

You may have passionate opinions about many of the items we will be discussing, this is a good thing. However, you are expected to be able to examine each issue with objective distance. This means that as we attempt to create consensus (or simply examine where it cannot be found) you are expected to weigh the ideas of others without subordinating them to your own preconceived ideas unduly. This also needs to be applied to your Summit Colleagues whom you may encounter again during the summit after passionate disagreements. You are expected to be able to deal with each issue from a fresh perspective.

All criticism during the OWASP Summit must be directed at the topics of your working session. Personal criticisms will derail conversations and poison the collaborative atmosphere, the latter will not be tolerated.

Offer supporting documents for value judgments

When offering a value judgment (such as that idea does not work/is bad/is the best) you must offer proof or supporting documentation to anchor your opinion and keep it constructive to the conversation as a whole.

Be Solution Focused

When noting that an action is sub par, you should always propose a solution that will address your critiques.


The OWASP Summit is dedicated to providing a harassment-free event experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion. We do not tolerate harassment of summit participants in any form in any summit venue, including working sessions, social events, or other channels of communication. Harassment includes, but is not inappropriate questioning, sustained personal criticism, unwelcome following or touching, repeated unwelcome cornering of individuals away from the group and uninvited touching.

If you need to report harassment contact Tiffany Long

A summit participant who violates these rules will be addressed immediately. Should the participant not comply, the participant may be expelled from the summit without a refund. The summit organisers reserve the right to expel anyone who violates these rules..

Hacking the Venue

By attending the OWASP Summit you agree that you will not engage in any illegal activity including Hacking or altering the wifi of the venue or other guests.

The Summit Experience

Here is the Villa set up:

Collaborations Around the Clock

The key to the Summit dynamic is having villas where you can interact with other participants on your own schedule around the clock. To this end the venue is organized into a series of villas that are supplemented by the conference center (conveniently named The Venue). The villas will serve the dual purpose of accommodations as well as locations for the more informal evening sessions. Some venues will also serve as locations for standard working sessions (these will be marked on the schedule)


When you arrive at Woburn Center Parcs proceed to the conference center (conveniently called The Venue) you will recive your house key and accommodation information package when you register for the conference. Each villa has a mix of single and double rooms. When you arrive at your villa, it is your responsibility to decide with your housemates on the sleeping arrangements. If their are any difficulties please email the organizers at

General Housekeeping

Cleaners will come to your villa each morning to clean, see to dirty dishes, and take out the rubbish. As there are no locks on bedroom doors, we advise you not to leave valuables lying around.

On the day you leave, please strip your bed of sheets and pillowcases. Leave the dirty linen on the floor.

You need to have everything out of your room/villa by 10:00 a.m. on the day you leave; you can leave luggage at the registration desk in the Venue.


Session timings

Sessions are either 60, 90, or 120 minutes long. So that we can achieve our goals, please try to follow this schedule. Please try to get to your session so we can start as close to the start time as possible.

If you are the organiser, please have a draft agenda ready for your sessions, so attendees know what to expect.

Session length 60 minutes 90 minutes 120 minutes
Introductions 2 2 2
Presentation 20 30 45
Discussion 20 30 45
Q&A 10 30 20
Wrap-up & close 6 8 8

We highly recommend to appoint a timekeeper at the beginning of the meeting to warn speakers 5 minutes or so before the deadline for the next part of the session, in order to keep things moving and on schedule.


The point of the summit is to create concrete deliverables from each working session. These deliverables can take many forms including:
- Diagrams - Flowchart - Policies - Positions - Statements - Surveys - Documents …

Vendor Neutrality

The OWASP Vendor Neutrality policy has to be observed at this conference. Please do not use the working sessions as a place to pitch your product. Maintaining neutrality enhances the value of collaborative tone of this week.

Dynamic Sessions

Dynamic Sessions are scheduled but do not have a leader, or have deliverables expected. They are envisaged as organic and dynamic dinner or post-dinner round-table conversations. The topic of conversation could also be prompted by one of the earlier scheduled sessions.

Evening Sessions

Evening sessions take place at villas, later in the evening. There are scheduled topics, but topic will more than likely evolve organically.