[Global_industry_committee] GIC Conference Call - January 2010

Rex Booth rex.booth at owasp.org
Thu Dec 24 11:26:12 EST 2009


Good idea Colin.  I should be free either day.  We can also use my  
conference line if our European friends don't mind calling a us 800  
number.

On Dec 23, 2009, at 11:04 AM, David Campbell <dcampbell at owasp.org>  
wrote:

> either day works for me.
>
> DC
>
>
> Colin Watson wrote:
>> Dear all
>>
>> I wondered if we could start off 2010 with a committee conference
>> call?  Some possible things to discuss:
>>
>> * another hello to our new committee members
>> * structure/plan (see Tom's email copied in below)
>> * Eoin's idea of a regional industry day
>> * what else we are/have been doing
>> * ?
>>
>> Lorna A has asked me to write something about the GIC's work for the
>> January OWASP newsletter. So an earlier rather than later date would
>> be preferred... my suggestions:
>>
>> * Tuesday 5 Jan at 17:00 hrs GMT or
>> * Thursday 7 Jan at 17:00 hrs GMT
>>
>> Are either of these dates/times possible for the committee members?
>> What else would you like to talk about?
>>
>> Best wishes for Christmas and the new year.
>>
>> Colin
>>
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Tom Brennan - OWASP <tomb at owasp.org>
>> Date: 2009/11/21
>> Subject: Re: New GIC members
>> To: Colin Watson <colin.watson at owasp.org>
>> Cc: Global_industry_committee at lists.owasp.org
>>
>> ....
>>
>> As we figure this out together as a committee....  there are (2)  
>> items
>> that we are evolving;
>>
>> (these are my thoughts and I welcome debate on this or agreement,  
>> then we do it)
>>
>> What we have now =  http://www.owasp.org/index.php/Global_Industry_Committee
>>
>> Our charter has been ( taken from the following page:
>> http://www.owasp.org/index.php/Global_Committee_Pages)
>>
>> Industry
>>
>> Start outreach to critical infrastructures worldwide such as:
>>
>> electricity generation, transmission and distribution;
>> gas production, transport and distribution;
>> oil and oil products production, transport and distribution;
>> telecommunication;
>> water supply (drinking water, waste water/sewage, stemming of surface
>> water (e.g. dikes and sluices));
>> agriculture, food production and distribution;
>> heating (e.g. natural gas, fuel oil, district heating);
>> public health (hospitals, ambulances);
>> transportation systems (fuel supply, railway network, airports,
>> harbors, inland shipping);
>> financial services (banking, clearing);
>> security services (police, military).
>>
>> ...they all use web applications...some even protect human life as
>> well as PII and credit cards :)
>>
>> Identify issues or "efforts" like the Browser Working Group and
>> others, the group should invite Industry CIO/CISO's (perhaps as a
>> "value" of corporate membership support) to want to publicly
>> collaborate on a document of industry needs that can add value to
>> having the support of OWASP Foundation for the greater good of secure
>> software, a internet based global economic platform and humanitarian
>> needs worldwide
>>
>> So as we continue to evolve this means;
>>
>> * Industry Outreach - Providing a mechanism to collect the
>> requirements of industry and be a unified voice for the consumer
>> (business or end-user) of web application. This requires SIG (special
>> interest groups) with appointments to roles. Example:  If my pal
>> Richard Branson CEO of Virgin Airlines wanted to be a industry  
>> adviser
>> for OWASP to support and add his creditability to the mission, that  
>> is
>> a "token" role + with mutual acceptance this type of thing would give
>> us access to a industry vertical (airlines example) and we could
>> collect data from that segment from our conduits and additional
>> supporting corporations so they can have a voice to the example
>> framework, browser, governments etc... (could you see Dinis on  
>> Capital
>> Hill or in Parliament talking about OWASP hahahaha)  We have already
>> had several folks accept agree to help us with this industry movement
>> that can also help serve the bigger picture of owasp mission. One
>> thing that you will fid with such appointments is that you don't just
>> get (1) person with a big title... typically you get that person  
>> and a
>> team within that persons world to drive a measurable task that they
>> are responsible for.  This also serves as a conduit for owasp
>> connections people-to-people.
>>
>> * Industry Injection - Providing input and feedback to influence the
>> documentation, policies pretty obvious to point out accomplishments
>> thus far such as
>> http://www.owasp.org/index.php/Global_Industry_Committee#Completed_Items
>> in addition to best practices and information provided to the world
>> that we are already doing projects/papers etc...  The more the better
>> actually and  we can drive this with a task force / tiger team /  
>> group
>> of people that wish to focus on a single measurable effort together
>> and OWASP can justify this by doing a working group of XX people to
>> spend time together to knock out a task.  This was of course the
>> primary focus in 2009 to get us reference materials as we continue.
>>
>> So...  the 1st edit of
>> http://www.owasp.org/index.php/Global_Committee_Pages that I did was
>> to add Special Interest Group and adding of Jim, Jim and Joe that  
>> were
>> conceived to facilitate outreach to industry. This morning morning
>> looked at it again and noted your change of the India Board,
>> http://www.owasp.org/index.php/OWASP_India_Advisory_Board.   I see
>> this as a regional group of people focused on a region of the world.
>>
>> So we have to make a choice.
>>
>> On the Committee Page we do we add buckets by special interest
>> group/industry vertical type globally OR do we break it out by  
>> regions
>> of the world and then SIG's special interest group/industry vertica
>> within the region of the world.
>>
>> It would seem that it should be Global Industry Committee /  Regional
>> Industry Committee / Special Interest Group / Vertical would you guys
>> agree?
>>
>> Once we have a revised and agreed plan we can then start pulling all
>> the people together, not trying to make it complex rather a structure
>> that can allow us to plug in energy and a mechanism that can scale  
>> out
>> of the gate.
>>
>> Finally - the OWASP-CRM project should be live by 12/15 and we will  
>> be
>> able to start using it for this purpose as well
>> http://www.owasp.org/index.php/Category:OWASP_CRM_Project
>>
>> Thoughts discussion?
>>
>> hit me up on skype (jinxpuppy) to discuss more.
>>
>> --
>> Tom Brennan
>> http://www.linkedin.com/in/tombrennan
>> (973) 506-9303
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>>
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee


More information about the Global_industry_committee mailing list