[Global_education_committee] [OCC] Proposal of a new OWASP Supporter Type - Government Supporter
listas at sapao.net
Thu Feb 23 15:14:15 UTC 2012
from my experience with the Brazilian government, there are lots of gov
folks producing openly accessible documentation such as standards and
sectorial recommendations. Exchanging experiences and materials with these
guys can be beneficial for OWASP and for them too, IMHO.
There are also the more secretive agencies, and these usually do not share.
But they usually won't want to be openly involved with OWASP either. On
another hand, since the OWASP ESAPI team seems to have a good experience in
interacting with the NSA, maybe I'm wrong.
In summary, there are parts of governments that can and will share
knowledge and documents. We should focus on these.
On Thu, Feb 23, 2012 at 09:59, Thomas Brennan <tomb at owasp.org> wrote:
> Inline, my personal position on your question.
> Semper Fi,
> Tom Brennan
> On Feb 23, 2012, at 8:54 AM, "McGovern, James" <james.mcgovern at hp.com>
> > I have the following questions regarding the Government:
> > 1. If US Government types participate. Are they "open" to sharing some
> of their security practices such that the community benefits, or will they
> behave "closed"
> Anyone including individuals that work for governments around the world
> today participate and contribute and reference OWASP here is just a few
> It is clearly in a organizations best interest to assist in the support
> unclassified materials by design at OWASP on behalf of their governed
> societies without bias or prejudice. Knowledge is economic and political
> As for "sharing" we encourage it but leach'in is ok too..
> > 2. Are we supportive of all types of "government" participation? Would
> we say no if the CISO of Iran, Libya, etc wanted to participate or would we
> too welcome them with open arms
> I look forward to acknowledgement of our community by other communities
> including supporting governments. Acting in a government neutral manner we
> are a one of many places for continued technical evolution in society. This
> goes for religions too... and aliens ok maybe not the gray aliens..
> > 3. How can we ensure that the increased government participation will be
> beneficial to the OWASP community at large? Will this invite suboptimal
> government behavior where the FBI will start profiling who attends meetings?
> We can not ensure any volenteers support or effort OWASP can provide
> operational guidance.
> As for demographic and meeting attendance that too is "appsec fightclub"
> is open to anyone we have "no s3crets" <sneakers movie referrance+2> and
> promote the use of chatham house rules.
> Ok... Let me go find my tinfoil hat so I can go back to my day job with
> critical infrastructures where there are closed doors, NDA's and related.
> OWASP is the fun part of the day where you can learn, volunteer and
> contribute on software if you apply that to helping society or your version
> of evil or nothing at all, that is clearly out of scope.
> For those that missed it, I would recommend folks look at our 2012 values,
> If people, governments, other do not believe in them as core principal
> will not abide by them they are encouraged to get involved with a community
> that better fits their views or as voting members appoint, elect committee
> and organizational leadership to adjust the association course
> See you at RSA
> > _______________________________________________
> > Owasp-connections-committee mailing list
> > Owasp-connections-committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-connections-committee
> Global_education_committee mailing list
> Global_education_committee at lists.owasp.org
Homo sapiens non urinat in ventum.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global_education_committee