[Global_industry_committee] NIST doco we should review & comment on
dinis.cruz at owasp.org
Fri Feb 27 12:45:16 EST 2009
Hey Guys, can I propose that you apply for a SoC 09 sponsorship so that you
can have 1 (or more) persons dedicated to dealing with documents / 'official
OWASP responses' like this one.
I think it is critical that OWASP is involved in this type of activity, but
unless one of you is able to commit to the hours required to create an
'official OWASP comment' into these documents, i.e.
- Read from original document document (209 pages in this case) and all
relevant documentation (for example what are the rules of engagement to
- Consolidating that information into a 'what is relevant to OWASP'
- Harversting OWASP's community knowlege about it,
- Figuring out what is OWASP's position,
- Documenting OWASP position,
- Getting the committee + board aggreement on your interpretation of that
- Sending it to the relevant parties (in the required deadines),
- Handling any questions from the other side (and media (or community)
coverage / response / comments)
you (Global Industry Committee) need to get more resources involved.
I would point out (as an example of the need/advantage of having those extra
resources) that the Global Projects Committee has Paulo Coimbra providing
that 'extra' dedication, focus and energy. That makes the world of
difference, since the members of that committee are able to focus on the
technical issues and Paulo can deal with the implementation.
At the last board meeting I suggested that the model where a Committee is
supported by a full-time (or part-time) OWASP employee was a very good once
since it maximized the (limited) amount of value OWASP is able to get from
the Committee members (since everybody has strict limits on the time they
can commit). Although this is already happening with other committees (for
example Kate does provide a LOT of support to the Chapters and Conferences
committees), at the time the other board members did not share my idea/plan
for this dedicated committee support (i.e. the concept that in the medium
term ALL committees would have a similar resource allocated to them).
Since I am not the board member responsible for this committee (I'm on the
Projects one), I am not going to lobby this one for you, BUT, I will
strongly recommend that in the short term you use the (soon to be launched)
SoC 09 to get some extra 'implementation' and fire-power resources into your
Global Industry activities :)
2009/2/27 Colin Watson <colin.watson at owasp.org>
> I agree with Georg - it's a good opportunity to spread some word about
> what the Industry Committee is doing. I'll have a couple of days
> available, but like Georg have no experience of the US Federal Sector.
> On involvement, is it worth asking people to join our mailing list for
> updates on progress with this (so that we don't keep 'spamming' the
> other lists), but ask for input to be undertaken in some other way -
> David mentioned GoogleDocs - so that we don't get swamped with mail
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global_industry_committee