[Global_industry_committee] GIC Conference Call - January 2010

Colin Watson colin.watson at owasp.org
Wed Dec 23 10:52:15 EST 2009

Dear all

I wondered if we could start off 2010 with a committee conference
call?  Some possible things to discuss:

* another hello to our new committee members
* structure/plan (see Tom's email copied in below)
* Eoin's idea of a regional industry day
* what else we are/have been doing
* ?

Lorna A has asked me to write something about the GIC's work for the
January OWASP newsletter. So an earlier rather than later date would
be preferred... my suggestions:

* Tuesday 5 Jan at 17:00 hrs GMT or
* Thursday 7 Jan at 17:00 hrs GMT

Are either of these dates/times possible for the committee members?
What else would you like to talk about?

Best wishes for Christmas and the new year.


---------- Forwarded message ----------
From: Tom Brennan - OWASP <tomb at owasp.org>
Date: 2009/11/21
Subject: Re: New GIC members
To: Colin Watson <colin.watson at owasp.org>
Cc: Global_industry_committee at lists.owasp.org


As we figure this out together as a committee....  there are (2) items
that we are evolving;

(these are my thoughts and I welcome debate on this or agreement, then we do it)

What we have now =  http://www.owasp.org/index.php/Global_Industry_Committee

Our charter has been ( taken from the following page:


Start outreach to critical infrastructures worldwide such as:

electricity generation, transmission and distribution;
gas production, transport and distribution;
oil and oil products production, transport and distribution;
water supply (drinking water, waste water/sewage, stemming of surface
water (e.g. dikes and sluices));
agriculture, food production and distribution;
heating (e.g. natural gas, fuel oil, district heating);
public health (hospitals, ambulances);
transportation systems (fuel supply, railway network, airports,
harbors, inland shipping);
financial services (banking, clearing);
security services (police, military).

...they all use web applications...some even protect human life as
well as PII and credit cards :)

Identify issues or "efforts" like the Browser Working Group and
others, the group should invite Industry CIO/CISO's (perhaps as a
"value" of corporate membership support) to want to publicly
collaborate on a document of industry needs that can add value to
having the support of OWASP Foundation for the greater good of secure
software, a internet based global economic platform and humanitarian
needs worldwide

So as we continue to evolve this means;

* Industry Outreach - Providing a mechanism to collect the
requirements of industry and be a unified voice for the consumer
(business or end-user) of web application. This requires SIG (special
interest groups) with appointments to roles. Example:  If my pal
Richard Branson CEO of Virgin Airlines wanted to be a industry adviser
for OWASP to support and add his creditability to the mission, that is
a "token" role + with mutual acceptance this type of thing would give
us access to a industry vertical (airlines example) and we could
collect data from that segment from our conduits and additional
supporting corporations so they can have a voice to the example
framework, browser, governments etc... (could you see Dinis on Capital
Hill or in Parliament talking about OWASP hahahaha)  We have already
had several folks accept agree to help us with this industry movement
that can also help serve the bigger picture of owasp mission. One
thing that you will fid with such appointments is that you don't just
get (1) person with a big title... typically you get that person and a
team within that persons world to drive a measurable task that they
are responsible for.  This also serves as a conduit for owasp
connections people-to-people.

* Industry Injection - Providing input and feedback to influence the
documentation, policies pretty obvious to point out accomplishments
thus far such as
in addition to best practices and information provided to the world
that we are already doing projects/papers etc...  The more the better
actually and  we can drive this with a task force / tiger team / group
of people that wish to focus on a single measurable effort together
and OWASP can justify this by doing a working group of XX people to
spend time together to knock out a task.  This was of course the
primary focus in 2009 to get us reference materials as we continue.

So...  the 1st edit of
http://www.owasp.org/index.php/Global_Committee_Pages that I did was
to add Special Interest Group and adding of Jim, Jim and Joe that were
conceived to facilitate outreach to industry. This morning morning
looked at it again and noted your change of the India Board,
http://www.owasp.org/index.php/OWASP_India_Advisory_Board.   I see
this as a regional group of people focused on a region of the world.

So we have to make a choice.

On the Committee Page we do we add buckets by special interest
group/industry vertical type globally OR do we break it out by regions
of the world and then SIG's special interest group/industry vertica
within the region of the world.

It would seem that it should be Global Industry Committee /  Regional
Industry Committee / Special Interest Group / Vertical would you guys

Once we have a revised and agreed plan we can then start pulling all
the people together, not trying to make it complex rather a structure
that can allow us to plug in energy and a mechanism that can scale out
of the gate.

Finally - the OWASP-CRM project should be live by 12/15 and we will be
able to start using it for this purpose as well

Thoughts discussion?

hit me up on skype (jinxpuppy) to discuss more.

Tom Brennan
(973) 506-9303

More information about the Global_industry_committee mailing list