Working Sessions - Code of Conduct

Expectations for Attendees

These working sessions are planned to be energising and productive. Each of the working sessions will create a published deliverable for the greater InfoSec Community to engage with. This high level of productivity does require certain commitments from the attendees. As an attendee we have these expectations of you.


The key to these working sessions is their participatory nature. Unlike a conference setting, attendees are expected to immerse themselves in each working session, collaborating to create a published deliverable in a compressed amount of time. The expectation is that every attendee will actively engage with their peers to create during the event.

Mutual Respect

You will be engaging in an intense creative activity with your peers. Sometimes the topic you will be dealing can be divisive. The basis for all conversations and growth during the sessions must be mutual respect. Every interaction with your fellow attendees must recognise that everyone is here to make AppSec better–even if we disagree about how to go about it.

Mutual respect also includes making space for others to talk. Be aware of dominating the conversation during your working session.

Challenge Directly

When participating in the event you are expected to say what you think plainly so that your working session team can quickly and thoroughly confront the issues they are there to respond to. This is the place to engage, not hold back out of misguided fear of challenging ideas.

Radical Candor

Care Deeply

This doesn’t mean that you are allowed to tear down others. While challenging directly you are expected to remember that this is a collaborative environment. The goal is to communicate your critiques with the heart and collegial spirit that is due to your peers. This means that consideration and thoughtfulness should guide your words without stifling your constructive criticisms.

Objective Distance & Personal Criticism

You may have passionate opinions about many of the items we will be discussing, this is a good thing. However, you are expected to be able to examine each issue with objective distance. This means that as we attempt to create consensus (or simply examine where it cannot be found) you are expected to weigh the ideas of others without subordinating them to your own preconceived ideas unduly. This also needs to be applied to your peers whom you may encounter again during these sessions after passionate disagreements. You are expected to be able to deal with each issue from a fresh perspective.

All criticism during the sessions must be directed at the topics of your working session. Personal criticisms will derail conversations and poison the collaborative atmosphere, the latter will not be tolerated.

Offer supporting documents for value judgments

When offering a value judgment (such as that idea does not work/is bad/is the best) you must offer proof or supporting documentation to anchor your opinion and keep it constructive to the conversation as a whole.

Be Solution Focused

When noting that an action is sub-par, you should always propose a solution that will address your critiques.


These working sessions are dedicated to providing a harassment-free event experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion. We do not tolerate harassment of participants in any form. Harassment includes, but is not inappropriate questioning, sustained personal criticism, unwelcome following or touching, repeated unwelcome cornering of individuals away from the group and uninvited touching.

If you need to report harassment contact Jemma Davis-Smith

A participant who violates these rules will be addressed immediately. Should the participant not comply, the participant may be expelled from the session. The organisers reserve the right to expel anyone who violates these rules.


By attending these working sessions you agree that you will not engage in any illegal activity including Hacking or altering the wifi of the venue or other guests.


The point of these sessions is to create concrete deliverables from each working session. These deliverables can take many forms including:

  • Diagrams
  • Flowchart
  • Policies
  • Positions
  • Statements
  • Surveys
  • Documents

Vendor Neutrality

The OWASP Vendor Neutrality policy has to be observed at this event. Please do not use the working sessions as a place to pitch your product. Maintaining neutrality enhances the value of collaborative tone.

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street