[Global_industry_committee] New GIC members
eoin.keary at owasp.org
Sat Nov 21 11:09:41 EST 2009
I mentioned this to Colin during the Summit. I am happy for him to lead
2009/11/21 Tom Brennan - OWASP <tomb at owasp.org>
> Thanks for adding this Colin.
> One of the items from the Summit is identification of a committee chair.
> With your efforts thus far in 2009 I would like to NOMINATE you from withing
> our group to that role (others.. do you support this?) Moving forward, that
> role is welcomed to hand the torch off to anyone else on the committee at
> any time should they wish to recognize leadership, effort or as a result of
> lack of time and we can use the annual summit as a get together as we did
> this year.
> As we figure this out together as a committee.... there are (2) items that
> we are evolving;
> (these are my thoughts and I welcome debate on this or agreement, then we
> do it)
> What we have now =
> Our charter has been ( taken from the following page:
> Industry <http://www.owasp.org/index.php/Global_Industry_Committee>
> - Start outreach to critical infrastructures worldwide such as:
> - electricity generation, transmission and distribution;
> - gas production, transport and distribution;
> - oil and oil products production, transport and distribution;
> - telecommunication;
> - water supply (drinking water, waste water/sewage, stemming of
> surface water (e.g. dikes and sluices));
> - agriculture, food production and distribution;
> - heating (e.g. natural gas, fuel oil, district heating);
> - public health (hospitals, ambulances);
> - transportation systems (fuel supply, railway network, airports,
> harbors, inland shipping);
> - financial services (banking, clearing);
> - security services (police, military).
> *...they all use web applications...some even protect human life as well
> as PII and credit cards :)*
> - Identify issues or "efforts" like the Browser Working Group and
> others, the group should invite Industry CIO/CISO's (perhaps as a "value" of
> corporate membership support) to want to publicly collaborate on a document
> of industry needs that can add value to having the support of OWASP
> Foundation for the greater good of secure software, a internet based global
> economic platform and humanitarian needs worldwide
> So as we continue to evolve this means;
> * Industry Outreach - Providing a mechanism to collect the requirements of
> industry and be a unified voice for the consumer (business or end-user) of
> web application. This requires SIG (special interest groups) with
> appointments to roles. Example: If my pal Richard Branson CEO of Virgin
> Airlines wanted to be a industry adviser for OWASP to support and add his
> creditability to the mission, that is a "token" role + with mutual
> acceptance this type of thing would give us access to a industry vertical
> (airlines example) and we could collect data from that segment from our
> conduits and additional supporting corporations so they can have a voice to
> the example framework, browser, governments etc... (could you see Dinis on
> Capital Hill or in Parliament talking about OWASP hahahaha) We have already
> had several folks accept agree to help us with this industry movement that
> can also help serve the bigger picture of owasp mission. One thing that you
> will fid with such appointments is that you don't just get (1) person with a
> big title... typically you get that person and a team within that persons
> world to drive a measurable task that they are responsible for. This also
> serves as a conduit for owasp connections people-to-people.
> * Industry Injection - Providing input and feedback to influence the
> documentation, policies pretty obvious to point out accomplishments thus far
> such as
> http://www.owasp.org/index.php/Global_Industry_Committee#Completed_Itemsin addition to best practices and information provided to the world that we
> are already doing projects/papers etc... The more the better actually and
> we can drive this with a task force / tiger team / group of people that wish
> to focus on a single measurable effort together and OWASP can justify this
> by doing a working group of XX people to spend time together to knock out a
> task. This was of course the primary focus in 2009 to get us reference
> materials as we continue.
> So... the 1st edit of
> http://www.owasp.org/index.php/Global_Committee_Pages that I did was to
> add Special Interest Group and adding of Jim, Jim and Joe that were
> conceived to facilitate outreach to industry. This morning morning looked at
> it again and noted your change of the India Board,
> http://www.owasp.org/index.php/OWASP_India_Advisory_Board. I see this as
> a regional group of people focused on a region of the world.
> So we have to make a choice.
> On the Committee Page we do we add buckets by special interest
> group/industry vertical type globally OR do we break it out by regions of
> the world and then SIG's special interest group/industry vertica within the
> region of the world.
> It would seem that it should be Global Industry Committee / Regional
> Industry Committee / Special Interest Group / Vertical would you guys agree?
> Once we have a revised and agreed plan we can then start pulling all the
> people together, not trying to make it complex rather a structure that can
> allow us to plug in energy and a mechanism that can scale out of the gate.
> Finally - the OWASP-CRM project should be live by 12/15 and we will be able
> to start using it for this purpose as well
> Thoughts discussion?
> hit me up on skype (jinxpuppy) to discuss more.
> On Sat, Nov 21, 2009 at 5:01 AM, Colin Watson <colin.watson at owasp.org>wrote:
>> Three new GIC members added to:
>> 2009/11/19 Tom Brennan - OWASP <tomb at owasp.org>:
>> > Simply add them to the page - people are volunteering to give time and
>> > energy - lets not make it complicated to do so.
>> > Then when they take on a task, that is how we measure effectiveness.
> Tom Brennan
> (973) 506-9303
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
OWASP Board Member
OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global_industry_committee