[GPC] [Global_industry_committee] An open letter to the Brazilian Government

Lucas Ferreira lucas.ferreira at owasp.org
Thu Mar 24 17:16:53 EDT 2011


Paulo,

thanks for the reply. This is the information I needed about the
process you are using.

Regards,

Lucas

On Thu, Mar 24, 2011 at 14:00, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:
> Lucas,
>
>
>
> If I have correctly understood the meaning of your question, I am pushing
> this work forward having into account the OWASP mission & values and the
> attached document. As for the approval process I am simply counting on
> putting it for Board’s considerations as soon as I have anything worth
> seeing written down.
>
>
>
> Please skype me if you think I haven’t been enough clear.
>
>
>
> Thanks,
>
> - Paulo
>
>
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> From: lucas.ferreira at gmail.com [mailto:lucas.ferreira at gmail.com] On Behalf
> Of Lucas Ferreira
> Sent: quinta-feira, 24 de Março de 2011 02:15
> To: Paulo Coimbra
> Cc: Kate Hartmann; Colin Watson; jeff williams; Dinis Cruz;
> global_industry_committee at lists.owasp.org;
> global-projects-committee at lists.owasp.org
>
> Subject: Re: [Global_industry_committee] An open letter to the Brazilian
> Government
>
>
>
> Hello Paulo,
>
>
>
> has a process of analysis and approval of this document inside OWASP been
> defined?
>
>
>
> Regarding the document contents and a comparison with the open letter I
> wrote, the open letter aims to start the collaboration with government as
> you did prior to the Summit. The open letter is one of my bets to reach the
> right people in the Brazilian government.
>
>
>
> Regards,
>
>
>
> Lucas
>
>
>
> On Wed, Mar 23, 2011 at 16:11, Paulo Coimbra <paulo.coimbra at owasp.org>
> wrote:
>
>> Lucas, all,
>
>>
>
>>
>
>>
>
>> The experience we are having with the Portuguese government is
>
>> currently limited to a protocol that aims to define the terms,
>
>> conditions and actions of collaboration between UMIC - Agency for the
>
>> Knowledge Society - and OWASP on aspects of training and development
>
>> of ICAT (Information, Communications, and Application Technologies)
>> skills.
>
>>
>
>>
>
>>
>
>> Please find attached the translated version of the very initial draft
>
>> that had been sent off by Luís Magalhães, the Portuguese government
>
>> representative that you met in the Summit. Currently, it is only kind
>
>> of a skeleton produced exclusively by UMIC from its own experience in
>
>> building other protocols with organizations like CISCO and Microsoft.
>
>> Being so, the developed and actual protocol between OWASP and UMIC is
>
>> still to be written down but I am working on it. I’ve exchanged point
>
>> of views with Dinis and yesterday I met Carlos Serrão to push the
>
>> issue forward and concretely to understand how his university understand
>> this issue.
>
>>
>
>>
>
>>
>
>> If you find useful we talk further about this matter my Skype contact
>
>> is
>
>>  ‘paulocoimbra7’.
>
>>
>
>>
>
>>
>
>> Thanks,
>
>>
>
>> - Paulo
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> Paulo Coimbra,
>
>>
>
>> OWASP Project Manager
>
>>
>
>>
>
>>
>
>> From: Kate Hartmann [mailto:kate.hartmann at owasp.org]
>
>> Sent: quarta-feira, 23 de Março de 2011 17:39
>
>> To: Colin Watson; Paulo Coimbra
>
>> Cc: Lucas Ferreira; jeff williams; Dinis Cruz;
>
>> global_industry_committee at lists.owasp.org
>
>> Subject: Re: [Global_industry_committee] An open letter to the
>
>> Brazilian Government
>
>>
>
>>
>
>>
>
>> Please check in with Paulo as he is working with the Portuguese
>> government.
>
>> I am not sure if the initiatives are similar.
>
>>
>
>>
>
>>
>
>> Kate Hartmann
>
>>
>
>> OWASP Operations Director
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> On Mar 23, 2011, at 1:08 PM, Colin Watson <colin.watson at owasp.org> wrote:
>
>>
>
>>
>
>>
>
>>> Lucas
>
>>
>
>>>
>
>>
>
>>> I'm not sure anyone has engaged a government so directly... but
>
>>
>
>>> perhaps Dinis did with the Portuguese Government for the Summit?
>
>>
>
>>>
>
>>
>
>>> I will have a read through of the document - at first glance it looks
>
>>> great.
>
>>
>
>>>
>
>>
>
>>> Are you aware of the draft Code of Conducts which Jeff Williams led
>
>>
>
>>> the creation of during the summit?  They were emailed to summit
>
>>
>
>>> participants - I can forward you the file if you don't have it.  I
>
>>
>
>>> wasn't at that particular session, but contributed some ideas
>
>>
>
>>> afterwards, and hence my name has appeared!  I don't think anything
>
>>
>
>>> has progressed yet on them, and some of the concepts (e.g. the
>
>>
>
>>> Executive Councils mentioned).  I offered to draft out an equivalent
>
>>
>
>>> CoP for Trade Organisations which I can send too.
>
>>
>
>>>
>
>>
>
>>> These documents were briefly mentioned in a recent Global Industry
>
>>
>
>>> Committee conference call, but we haven't discussed them any further.
>
>>
>
>>> The Educational Institutions one is probably more in the realm of the
>
>>
>
>>> GEC anyway.  But there seems to be some overlap with what you have
>
>>
>
>>> written, so it might be worth comparing them?
>
>>
>
>>>
>
>>
>
>>> In terms of "approving" anything, I don't think OWASP seems to work
>
>>
>
>>> that way.  Maybe if you ensure you engage with the local Brazilian
>
>>
>
>>> chapters to get input, and ask for ideas from GIC (and the leaders
>
>>
>
>>> list as you say in another thread) - and don't get any complaints -
>
>>
>
>>> that may be sufficient?
>
>>
>
>>>
>
>>
>
>>> In terms of who the document is "from", it might be more appropriate
>
>>
>
>>> to say "Local OWASP chapters in Brazil" instead of "OWASP", so that
>
>>> it
>
>>
>
>>> doesn't seem like some international organization trying to set
>
>>
>
>>> national policy.
>
>>
>
>>>
>
>>
>
>>> Regards
>
>>
>
>>>
>
>>
>
>>> Colin (my own thoughts, not necessarily those of GIC)
>
>>
>
>>>
>
>>
>
>>>
>
>>
>
>>> On 21 March 2011 20:37, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:
>
>>
>
>>>> Hello Industry Committee Members,
>
>>
>
>>>>
>
>>
>
>>>> Based on Dinis' keynote at IBWAS 2010, I wrote a white paper on how
>
>>
>
>>>> the Brazilian Government could improve web application security in
>
>>>> the country.
>
>>
>
>>>> I'd like to be able to send this out as a message from OWASP and am
>
>>
>
>>>> trying to understand how this could be done. I think this could be a
>
>>
>
>>>> good introduction of OWASP to many government officials, as it
>
>>
>
>>>> contains prescriptive advice.
>
>>
>
>>>>
>
>>
>
>>>> So, I ask you to tell me what would be the best way to proceed.
>
>>
>
>>>>
>
>>
>
>>>> The original version (in Portuguese) is available here:
>
>>
>
>>>> https://docs.google.com/a/owasp.org/viewer?a=v&pid=explorer&chrome=t
>
>>>> r
>
>>
>
>>>> ue&srcid=0B80Pq13j4HaqYTJlYjYyMjQtZGIyZS00NGY2LTlmOTMtZDUyMDk5MzUzYm
>
>>>> E
>
>>
>
>>>> x&hl=en&authkey=CIi7r5EP
>
>>
>
>>>>
>
>>
>
>>>> A Google translated version is here:
>
>>
>
>>>> https://docs.google.com/a/owasp.org/document/d/1pWNIlMvbl9DueibfrETI
>
>>>> R
>
>>
>
>>>> ZBj4qxKLjz6DgavTxnYNDQ/edit?hl=en&authkey=CNOWjaQL
>
>>
>
>>>>
>
>>
>
>>>> I will try to improve the translated version in the next days.
>
>>
>
>>>>
>
>>
>
>>>> Thanks for your help,
>
>>
>
>>>>
>
>>
>
>>>> Lucas
>
>>
>
>>>>
>
>>
>
>>>> --
>
>>
>
>>>> Homo sapiens non urinat in ventum.
>
>>
>
>>>>
>
>>
>
>>>> _______________________________________________
>
>>
>
>>>> Global_industry_committee mailing list
>
>>
>
>>>> Global_industry_committee at lists.owasp.org
>
>>
>
>>>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>>
>
>>>>
>
>>
>
>>>>
>
>>
>
>>> _______________________________________________
>
>>
>
>>> Global_industry_committee mailing list
>
>>
>
>>> Global_industry_committee at lists.owasp.org
>
>>
>
>>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>
>
>
>
>
>
> --
>
> Homo sapiens non urinat in ventum.



-- 
Homo sapiens non urinat in ventum.


More information about the Global-projects-committee mailing list