All participants at NorthSec are required to adhere to this Code of Conduct. The term “participant(s)” includes all attendees, organizers, speakers, sponsors, volunteers, and other invited guests for the duration of the event.
This Code of Conduct outlines our expectations for participant behavior, as well as the consequences for unacceptable behavior.
NorthSec is dedicated to providing a positive and safe event for everyone, regardless of gender identity, sexual orientation, disability, physical appearance, body size, race, religion, age, economic status, OS choices, text editor or scripting language preferences.
In order to create a fun and safe environment for everyone, NorthSec does not tolerate any form of unacceptable behavior, including (but not limited to) harassment.
Apart from the infrastructure specifically put in place for that purpose during the CTF competition, any use of the facilities in place (physical and logical) to hack or commit an illegal act is strictly forbidden.
NorthSec’s Values & Expected Behavior
Be friendly and welcoming
NorthSec is volunteer-run, hosted by infosec professionals spending countless hours of their free time to create a fun and unique experience for all. We all want to have a good time and share this friendly and welcoming ambiance.
Be patient & pedagogic.
Remember that people are here to learn and have fun. Not everyone has the same skillset, background or native language. Productive communication requires effort: think about how your words will be interpreted.
Be respectful & collaborative.
In particular, respect differences of opinion and differences between people.
Do also consider that NorthSec’s organizers have expended a great deal of effort in creating CTF challenges. Although all efforts are made to minimize bugs, assume any errors you think you’ve found in a specific challenge were made in good faith.
Alcohol may be served at NorthSec, so please drink responsibly and adequately judge your personal capacity of absorption. Organizers have a right to refuse to serve alcohol to anyone, for any reason, at their sole discretion. If you encounter someone who is intoxicated and you believe they need support or intervention, let an organizer know. NorthSec reminds you that driving while intoxicated is a criminal offence in Canada. If you need to arrange safe transportation, they can assist you in locating a taxi or helping you to navigate public transportation.
Unacceptable Behavior Policy
NorthSec expects all participants to refrain from engaging in unlawful activity while attending NorthSec and to conduct themselves with respect for others at all times. In particular, organizers would like to highlight that the following behaviours are considered unacceptable at NorthSec:
- Physically or logically attacking any part of NorthSec’s infrastructure;
- Physically or logically attacking any devices or tools, belonging to other NorthSec participants;
- Physically or logically attacking third parties software, services or infrastructure upon which NorthSec relies (including property of the venue or the Hotel);
- Infringing the rules set forth during the competition (CTF). For instance, not respecting the time limits imposed for some CTF challenges, and not complying immediately when asked by organizers to stop trying to solve the challenge.
- Publishing sensitive, personal and/or private information regarding any participant without that participant’s explicit consent;
- Publishing intimidating, harassing, abusive, discriminatory, derogatory, or demeaning materials about any participant;
- Intimidating, harassing, abusive, discriminatory, derogatory or demeaning conduct toward any other participant;
- Offensive, discriminatory or inappropriate comments related to gender, gender identity and expression, sexual orientation, (dis)ability, mental illness, neuro(a)typicality, physical appearance, body size, race, ethnicity, or religion;
- Offensive, discriminatory or inappropriate comments regarding a person’s lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment.
- Gratuitous, unwelcome or off-topic sexual imagery or behaviour. Participants are reminded that children are sometimes present at NorthSec events.
- Sexual attention, remarks, gestures or physical contact in the absence of active and affirmative consent. Participants are reminded that under Canadian law, any sexual contact (including touching and kissing) without affirmative consent — either through words or unambiguous conduct — is considered sexual assault. Neither silence nor passivity is sufficient to demonstrate consent under Canadian law. In other words, only yes means yes.
- Intimidation, stalking or following, threats of violence or incitement of violence towards any individual or group;
- Inappropriate social contact, such as continuing to make attempts to communicate with someone after they have indicated that they do not wish to speak to you;
- Possession of any item that can be used as a weapon, which may cause danger to others if used in a certain manner.
- Any other conduct which endangers the physical safety or bodily integrity of others.
Reporting Unacceptable Behavior
If you are the subject of unacceptable behavior or harassment, notice that someone else is being subjected to unacceptable behavior or harassment, or have any other concerns, please notify a NorthSec organizer as soon as possible. All reports are treated as confidential by default. If the person who makes the report wishes to be involved in its resolution, the NorthSec team will not take any steps to do so without their knowledge and consent.
If the person who has engaged in unacceptable behaviour or harassment is a member of the NorthSec organizing team, that individual is required by NorthSec policy to recuse themselves from handling the complaint.
NorthSec’s council members will be available to help participants if they wish to contact venue security or local law enforcement, to provide accompaniment, or to otherwise assist those experiencing unacceptable behavior to feel safe for the duration of the event.
You can report unacceptable behavior to any one of NorthSec’s organizers or you can may email the contact address below, which is checked regularly throughout the event.
You can find out the many ways to contact us before, after, and during the event below.
Security Vulnerabilities Responsible Disclosure Policy
NorthSec organizers take all security issues very seriously and recognizes the importance of conserving privacy and security through a responsible disclosure policy. Any security vulnerability found related to the event should be disclosed following this policy.
Steps to report:
In order for us to be able to analyze the vulnerability correctly, do provide us with a complete vulnerability report which should include the following details:
- Vulnerable System/Application: the endpoint where the vulnerability occurs & all related parameters/information.
- Vulnerability Type: the type of the vulnerability.
- Steps to Reproduce: step-by-step information on how to reproduce the issue.
- Screenshots or Video: a demonstration of the attack.
- Attack Scenario: an example attack scenario may help demonstrate the risk and get your issue resolved faster.
Once we have received a complete vulnerability report, we will take the following steps to address the issue:
Request you to keep confidential any communication regarding the vulnerability for at least 30 days. Investigate and verify the vulnerability. Addresses the vulnerability if need be and release an update to patch. Responsible disclosure dictates that following your private release to us, we will be provided 30 days to fix the issue before public notification is allowed, in the event that public notification is necessary.
NorthSec’s official photographers will be present during the event and will do their best in order to respect all requests by individuals not to be photographed.
NorthSec reserves the right to publish pictures of the current and past event on the following platforms:
- On our social media feed (Twitter, Facebook, Youtube).
- On our Website (nsec.io).
- In promotional materials about the event (event presentation slides, sponsorship packages).
- It is not possible to always correctly identify specific individuals in a large crowd when on-site. However, anyone appearing in a published photograph published by NorthSec, who does not wish to be, can make a request media can make a request to be made unidentifiable by writing to firstname.lastname@example.org.
Any attendee, organizer, volunteer, sponsor, or speaker who takes photos during the event are expected to abide by this policy.
Alcohol & Other Substances Consumption Policy
In the context of certain events, alcoholic beverages may be sold or offered to participants.
NorthSec will comply with the local laws to regulate consumption.
In the presence of alcoholic beverages, NorthSec will do its best to notify participants in advance so that they can plan a suitable mode of transportation and will provide non-alcoholic beverages as an alternative.
Alcoholic beverages, if offered free of charge, might be limited through a voucher system.
We invite participants to bring reusable cups so as to minimize the impact on the environment.
It is important to note that possessing any illegal substance, including but not limited to narcotics, marijuana, or other illegal drugs and that smoking (or vaping) – other than in designated areas is strictly prohibited and falls under unacceptable behavior policy.
Consequences of Unacceptable Behavior
Anyone asked to stop unacceptable behavior is expected to comply immediately.
If a participant is deemed to have engaged in unacceptable behavior, NorthSecthe organizers may take any action they deem appropriate in response, up to and including expulsion from NorthSec and from future events without warning or refund. Appropriate responses to unacceptable behaviour by the NorthSec team will aim to mitigate harm which has occurred, to resolve conflict where appropriate, and to protect participants from future harm. For example, an appropriate response may require an individual to apologize, pay for damaged equipment, or leave a social event.
If there is a conflict regarding what constitutes unacceptable behaviour or regarding the interpretation of this policy, please contact us using the information below.
For any reports of inappropriate behaviour, before, during, and after the conference, please email email@example.com
During the conference and CTF, board members will be on call for any violations of the Code of Conduct that require immediate action or support.
They can be reached on the conference Slack, as well as onsite.
During the conference (May 17 & 18)
During the CTF (May 19 & 20)
We also have an emergency hotline available throughout the conference and CFP that will connect callers to on-call board members.