Code of Conduct

General Guidelines

All attendees, speakers, sponsors, and volunteers at our event are required to agree with and follow this code of conduct.

This code of conduct outlines our expectations for participant behavior, as well as the consequences for unacceptable behavior.

NorthSec is dedicated to providing a positive and safe event for everyone, regardless of gender identity, sexual orientation, disability, physical appearance, body size, race, religion, age, economic status, OS choices, text editor or scripting language preferences.

In order to create a fun and safe environment for everyone, NorthSec does not tolerate any form of harassment or unacceptable behavior. Also, apart from the infrastructure put in place for the CTF competition, any use of the facilities in place (physical and logical) to hack or commit an illegal act is strictly forbidden.

NorthSec’s Values & Expected Behavior

Be friendly and welcoming.
NorthSec is volunteer-run, hosted by infosec professionals spending countless hours of their free time to create a fun and unique experience for all. We all want to have a good time and share this friendly and welcoming ambiance.

Be patient & pedagogic.
Remember that people are here to learn and have fun and that not everyone has the same skillset, background or native language. Productive communication requires effort so think about how your words will be interpreted.

Be respectful & collaborative.
In particular, respect differences of opinion and people on-site.

Do also consider that NorthSec’s organizers have deployed lots of effort in creating CTF challenges. Although everything is put in place to minimize bugs, assume any mistake you think you may have found in a specific challenge was made in good faith.

Be responsible.
Since alcohol may be served, drink responsibly and adequately judge your personal capacity of absorption.

Unacceptable Behavior Policy

Unacceptable behaviors & materials includes, but is not limited to:

  • Physically or logically attacking any part of NorthSec’s infrastructure, equipment of other participants, sponsors, volunteers or speakers.
  • Physically or logically attacking third parties software, services or infrastructure upon which NorthSec relies (including the venue and/or NorthSec’s Hotel physical or logical installation).
  • Publishing sensitive and/or private information on any participant, sponsors, volunteers or speakers without the explicit third party’s consent.
  • Intimidating, harassing, abusive, discriminatory, derogatory, or demeaning materials or conduct by any attendees of the event and related event activities.
  • Offensive and inappropriate comments related to gender, gender identity and expression, sexual orientation, disability, mental illness, neuro(a)typicality, physical appearance, body size, race, or religion.
  • Unwelcome comments regarding a person’s lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment.
  • Gratuitous or off-topic sexual images or behaviour in places where they’re not appropriate.
  • Unwelcome sexual attention, physical contact and simulated physical contact without consent or after a request to stop.
  • Deliberate intimidation, stalking or following, threats of violence or incitement of violence towards any individual.
  • Inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others.
  • Possession of any item that can be used as a weapon, which may cause danger to others if used in a certain manner.

Reporting Unacceptable Behavior

If you are subjected to unacceptable behavior or harassment, notice that someone else is being subjected to unacceptable behavior or harassment, or have any other concerns, please notify a NorthSec organizer as soon as possible. All reports will remain completely confidential and we will respect confidentiality requests for the purpose of protecting victims of abuse. If the person who is harassing you is on the team, they will recuse themselves from handling your incident.

NorthSec’s council members will be available to help participants contact venue security or local law enforcement, to provide escorts, or to otherwise assist those experiencing unacceptable behavior to feel safe for the duration of the event.

You can report unacceptable behavior to any one of NorthSec’s organizers that can be found on-site or you may email one of the contacts below.

Contact Information: report@nsec.io

Security Vulnerabilities Responsible Disclosure Policy

NorthSec organizers take any security issue very seriously and recognize the importance of conserving privacy and security in a responsible disclosure policy. Any security vulnerability found related to the event should be disclosed following this policy.

Steps to report:

In order for us to be able to analyze the vulnerability correctly, do provide us with a complete vulnerability report including the following details:

  • Vulnerable System/Application: the endpoint where the vulnerability occurs & all related parameters/information.
  • Vulnerability Type: the type of the vulnerability.
  • Steps to Reproduce: step-by-step information on how to reproduce the issue.
  • Screenshots or Video: a demonstration of the attack.
  • Attack Scenario: an example attack scenario may help demonstrate the risk and get your issue resolved faster.

Once we have received a complete vulnerability report, we will take the following steps to address the issue:

  • Request you to keep confidential any communication regarding the vulnerability for at least 30 days.
  • Investigate and verify the vulnerability.
  • Addresses the vulnerability if need be and release an update to patch.

Responsible disclosure policies dictate that following your private release to us, we would be provided 30 days to fix the issue before going public with it, should it be worth it to do so.

Photography Policy

NorthSec’s official photographers will be present during the event and will do their best in order to respect your requests not to have your picture taken.

NorthSec reserves the right to publish pictures of the current and past event on the following platforms:

  • On our social media feed (Twitter, Facebook, LinkedIn, Youtube).
  • On our Website.
  • In promotional materials about the event (event presentation slides, sponsorship packages).

Since it is not possible to always correctly identify people in a large crowd when on-site, anyone in a published photograph in NorthSec’s media can ask to be made unidentifiable in that published photograph.

Any attendee, organizer, volunteer, sponsor, or speaker who takes photos during the event are expected to abide by this policy.

Alcohol & Other Substances Consumption Policy

In the context of certain events, alcoholic beverages may be sold or offered to participants.

NorthSec will comply with the local laws to regulate consumption.

In the presence of alcoholic beverages, NorthSec will do its best to notify participants in advance so that they can plan a suitable mode of transportation and will provide non-alcoholic beverages as an alternative.

Alcoholic beverages, if offered free of charge, might be limited through a voucher system.

We invite participants to bring reusable cups so as to minimize the impact on the environment.

It is important to note that possessing any illegal substance, including but not limited to narcotics, marijuana, or other illegal drugs and that smoking (or vaping) – other than in designated areas is strictly prohibited and falls under unacceptable behavior policy.

Consequences of Unacceptable Behavior

Anyone asked to stop unacceptable behavior is expected to comply immediately.

If a participant engages in unacceptable behavior, the conference organizers may take any action they deem appropriate, up to and including expulsion from the current event and possibly future events without warning or refund.