[GPC] [Global_industry_committee] An open letter to the Brazilian Government

Paulo Coimbra paulo.coimbra at owasp.org
Wed Mar 23 15:11:53 EDT 2011

Lucas, all,


The experience we are having with the Portuguese government is currently
limited to a protocol that aims to define the terms, conditions and actions
of collaboration between UMIC - Agency for the Knowledge Society - and OWASP
on aspects of training and development of ICAT (Information, Communications,
and Application Technologies) skills.


Please find attached the translated version of the very initial draft that
had been sent off by Luís Magalhães, the Portuguese government
representative that you met in the Summit. Currently, it is only kind of a
skeleton produced exclusively by UMIC from its own experience in building
other protocols with organizations like CISCO and Microsoft. Being so, the
developed and actual protocol between OWASP and UMIC is still to be written
down but I am working on it. I’ve exchanged point of views with Dinis and
yesterday I met Carlos Serrão to push the issue forward and concretely to
understand how his university understand this issue. 


If you find useful we talk further about this matter my Skype contact is



- Paulo



Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager


From: Kate Hartmann [mailto:kate.hartmann at owasp.org] 
Sent: quarta-feira, 23 de Março de 2011 17:39
To: Colin Watson; Paulo Coimbra
Cc: Lucas Ferreira; jeff williams; Dinis Cruz;
global_industry_committee at lists.owasp.org
Subject: Re: [Global_industry_committee] An open letter to the Brazilian


Please check in with Paulo as he is working with the Portuguese government.
I am not sure if the initiatives are similar.


Kate Hartmann

OWASP Operations Director



On Mar 23, 2011, at 1:08 PM, Colin Watson <colin.watson at owasp.org> wrote:


> Lucas


> I'm not sure anyone has engaged a government so directly... but 

> perhaps Dinis did with the Portuguese Government for the Summit?


> I will have a read through of the document - at first glance it looks


> Are you aware of the draft Code of Conducts which Jeff Williams led 

> the creation of during the summit?  They were emailed to summit 

> participants - I can forward you the file if you don't have it.  I 

> wasn't at that particular session, but contributed some ideas 

> afterwards, and hence my name has appeared!  I don't think anything 

> has progressed yet on them, and some of the concepts (e.g. the 

> Executive Councils mentioned).  I offered to draft out an equivalent 

> CoP for Trade Organisations which I can send too.


> These documents were briefly mentioned in a recent Global Industry 

> Committee conference call, but we haven't discussed them any further.

> The Educational Institutions one is probably more in the realm of the 

> GEC anyway.  But there seems to be some overlap with what you have 

> written, so it might be worth comparing them?


> In terms of "approving" anything, I don't think OWASP seems to work 

> that way.  Maybe if you ensure you engage with the local Brazilian 

> chapters to get input, and ask for ideas from GIC (and the leaders 

> list as you say in another thread) - and don't get any complaints - 

> that may be sufficient?


> In terms of who the document is "from", it might be more appropriate 

> to say "Local OWASP chapters in Brazil" instead of "OWASP", so that it 

> doesn't seem like some international organization trying to set 

> national policy.


> Regards


> Colin (my own thoughts, not necessarily those of GIC)



> On 21 March 2011 20:37, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:

>> Hello Industry Committee Members,


>> Based on Dinis' keynote at IBWAS 2010, I wrote a white paper on how 

>> the Brazilian Government could improve web application security in the

>> I'd like to be able to send this out as a message from OWASP and am 

>> trying to understand how this could be done. I think this could be a 

>> good introduction of OWASP to many government officials, as it 

>> contains prescriptive advice.


>> So, I ask you to tell me what would be the best way to proceed.


>> The original version (in Portuguese) is available here:

>> https://docs.google.com/a/owasp.org/viewer?a=v

>> ue&srcid=0B80Pq13j4HaqYTJlYjYyMjQtZGIyZS00NGY2LTlmOTMtZDUyMDk5MzUzYmE

>> x&hl=en&authkey=CIi7r5EP


>> A Google translated version is here:

>> https://docs.google.com/a/owasp.org/document/d/1pWNIlMvbl9DueibfrETIR

>> ZBj4qxKLjz6DgavTxnYNDQ/edit?hl=en&authkey=CNOWjaQL


>> I will try to improve the translated version in the next days.


>> Thanks for your help,


>> Lucas


>> --

>> Homo sapiens non urinat in ventum.


>> _______________________________________________

>> Global_industry_committee mailing list 

>> Global_industry_committee at lists.owasp.org

>> https://lists.owasp.org/mailman/listinfo/global_industry_committee



> _______________________________________________

> Global_industry_committee mailing list 

> Global_industry_committee at lists.owasp.org

> https://lists.owasp.org/mailman/listinfo/global_industry_committee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110323/54ad4d7a/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Protocol UMIC OWASP_English.doc
Type: application/msword
Size: 36864 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110323/54ad4d7a/attachment-0001.doc 

More information about the Global-projects-committee mailing list