[Global_industry_committee] New GIC members
Tom Brennan - OWASP
tomb at owasp.org
Sat Nov 21 09:43:22 EST 2009
Thanks for adding this Colin.
One of the items from the Summit is identification of a committee chair.
With your efforts thus far in 2009 I would like to NOMINATE you from withing
our group to that role (others.. do you support this?) Moving forward, that
role is welcomed to hand the torch off to anyone else on the committee at
any time should they wish to recognize leadership, effort or as a result of
lack of time and we can use the annual summit as a get together as we did
As we figure this out together as a committee.... there are (2) items that
we are evolving;
(these are my thoughts and I welcome debate on this or agreement, then we do
What we have now = http://www.owasp.org/index.php/Global_Industry_Committee
Our charter has been ( taken from the following page:
- Start outreach to critical infrastructures worldwide such as:
- electricity generation, transmission and distribution;
- gas production, transport and distribution;
- oil and oil products production, transport and distribution;
- water supply (drinking water, waste water/sewage, stemming of
surface water (e.g. dikes and sluices));
- agriculture, food production and distribution;
- heating (e.g. natural gas, fuel oil, district heating);
- public health (hospitals, ambulances);
- transportation systems (fuel supply, railway network, airports,
harbors, inland shipping);
- financial services (banking, clearing);
- security services (police, military).
*...they all use web applications...some even protect human life as well as
PII and credit cards :)*
- Identify issues or "efforts" like the Browser Working Group and others,
the group should invite Industry CIO/CISO's (perhaps as a "value" of
corporate membership support) to want to publicly collaborate on a document
of industry needs that can add value to having the support of OWASP
Foundation for the greater good of secure software, a internet based global
economic platform and humanitarian needs worldwide
So as we continue to evolve this means;
* Industry Outreach - Providing a mechanism to collect the requirements of
industry and be a unified voice for the consumer (business or end-user) of
web application. This requires SIG (special interest groups) with
appointments to roles. Example: If my pal Richard Branson CEO of Virgin
Airlines wanted to be a industry adviser for OWASP to support and add his
creditability to the mission, that is a "token" role + with mutual
acceptance this type of thing would give us access to a industry vertical
(airlines example) and we could collect data from that segment from our
conduits and additional supporting corporations so they can have a voice to
the example framework, browser, governments etc... (could you see Dinis on
Capital Hill or in Parliament talking about OWASP hahahaha) We have already
had several folks accept agree to help us with this industry movement that
can also help serve the bigger picture of owasp mission. One thing that you
will fid with such appointments is that you don't just get (1) person with a
big title... typically you get that person and a team within that persons
world to drive a measurable task that they are responsible for. This also
serves as a conduit for owasp connections people-to-people.
* Industry Injection - Providing input and feedback to influence the
documentation, policies pretty obvious to point out accomplishments thus far
addition to best practices and information provided to the world that we are
already doing projects/papers etc... The more the better actually and we
can drive this with a task force / tiger team / group of people that wish to
focus on a single measurable effort together and OWASP can justify this by
doing a working group of XX people to spend time together to knock out a
task. This was of course the primary focus in 2009 to get us reference
materials as we continue.
So... the 1st edit of
http://www.owasp.org/index.php/Global_Committee_Pagesthat I did was to
add Special Interest Group and adding of Jim, Jim and Joe
that were conceived to facilitate outreach to industry. This morning morning
looked at it again and noted your change of the India Board,
http://www.owasp.org/index.php/OWASP_India_Advisory_Board. I see this as a
regional group of people focused on a region of the world.
So we have to make a choice.
On the Committee Page we do we add buckets by special interest
group/industry vertical type globally OR do we break it out by regions of
the world and then SIG's special interest group/industry vertica within the
region of the world.
It would seem that it should be Global Industry Committee / Regional
Industry Committee / Special Interest Group / Vertical would you guys agree?
Once we have a revised and agreed plan we can then start pulling all the
people together, not trying to make it complex rather a structure that can
allow us to plug in energy and a mechanism that can scale out of the gate.
Finally - the OWASP-CRM project should be live by 12/15 and we will be able
to start using it for this purpose as well
hit me up on skype (jinxpuppy) to discuss more.
On Sat, Nov 21, 2009 at 5:01 AM, Colin Watson <colin.watson at owasp.org>wrote:
> Three new GIC members added to:
> 2009/11/19 Tom Brennan - OWASP <tomb at owasp.org>:
> > Simply add them to the page - people are volunteering to give time and
> > energy - lets not make it complicated to do so.
> > Then when they take on a task, that is how we measure effectiveness.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global_industry_committee