[Global_industry_committee] New GIC members

Eoin eoin.keary at owasp.org
Sat Nov 21 11:09:41 EST 2009


I mentioned this to Colin during the Summit. I am happy for him to lead
also.


2009/11/21 Tom Brennan - OWASP <tomb at owasp.org>

> Thanks for adding this Colin.
>
> One of the items from the Summit is identification of a committee chair.
> With your efforts thus far in 2009 I would like to NOMINATE you from withing
> our group to that role (others.. do you support this?)  Moving forward, that
> role is welcomed to hand the torch off to anyone else on the committee at
> any time should they wish to recognize leadership, effort or as a result of
> lack of time and we can use the annual summit as a get together as we did
> this year.
>
> As we figure this out together as a committee....  there are (2) items that
> we are evolving;
>
> (these are my thoughts and I welcome debate on this or agreement, then we
> do it)
>
> What we have now =
> http://www.owasp.org/index.php/Global_Industry_Committee
>
> Our charter has been ( taken from the following page:
> http://www.owasp.org/index.php/Global_Committee_Pages)
> Industry <http://www.owasp.org/index.php/Global_Industry_Committee>
>
>    - Start outreach to critical infrastructures worldwide such as:
>       - electricity generation, transmission and distribution;
>       - gas production, transport and distribution;
>       - oil and oil products production, transport and distribution;
>       - telecommunication;
>       - water supply (drinking water, waste water/sewage, stemming of
>       surface water (e.g. dikes and sluices));
>       - agriculture, food production and distribution;
>       - heating (e.g. natural gas, fuel oil, district heating);
>       - public health (hospitals, ambulances);
>       - transportation systems (fuel supply, railway network, airports,
>       harbors, inland shipping);
>       - financial services (banking, clearing);
>       - security services (police, military).
>
> *...they all use web applications...some even protect human life as well
> as PII and credit cards :)*
>
>    - Identify issues or "efforts" like the Browser Working Group and
>    others, the group should invite Industry CIO/CISO's (perhaps as a "value" of
>    corporate membership support) to want to publicly collaborate on a document
>    of industry needs that can add value to having the support of OWASP
>    Foundation for the greater good of secure software, a internet based global
>    economic platform and humanitarian needs worldwide
>
> So as we continue to evolve this means;
>
> * Industry Outreach - Providing a mechanism to collect the requirements of
> industry and be a unified voice for the consumer (business or end-user) of
> web application. This requires SIG (special interest groups) with
> appointments to roles. Example:  If my pal Richard Branson CEO of Virgin
> Airlines wanted to be a industry adviser for OWASP to support and add his
> creditability to the mission, that is a "token" role + with mutual
> acceptance this type of thing would give us access to a industry vertical
> (airlines example) and we could collect data from that segment from our
> conduits and additional supporting corporations so they can have a voice to
> the example framework, browser, governments etc... (could you see Dinis on
> Capital Hill or in Parliament talking about OWASP hahahaha)  We have already
> had several folks accept agree to help us with this industry movement that
> can also help serve the bigger picture of owasp mission. One thing that you
> will fid with such appointments is that you don't just get (1) person with a
> big title... typically you get that person and a team within that persons
> world to drive a measurable task that they are responsible for.  This also
> serves as a conduit for owasp connections people-to-people.
>
> * Industry Injection - Providing input and feedback to influence the
> documentation, policies pretty obvious to point out accomplishments thus far
> such as
> http://www.owasp.org/index.php/Global_Industry_Committee#Completed_Itemsin addition to best practices and information provided to the world that we
> are already doing projects/papers etc...  The more the better actually and
> we can drive this with a task force / tiger team / group of people that wish
> to focus on a single measurable effort together and OWASP can justify this
> by doing a working group of XX people to spend time together to knock out a
> task.  This was of course the primary focus in 2009 to get us reference
> materials as we continue.
>
> So...  the 1st edit of
> http://www.owasp.org/index.php/Global_Committee_Pages that I did was to
> add Special Interest Group and adding of Jim, Jim and Joe that were
> conceived to facilitate outreach to industry. This morning morning looked at
> it again and noted your change of the India Board,
> http://www.owasp.org/index.php/OWASP_India_Advisory_Board.   I see this as
> a regional group of people focused on a region of the world.
>
> So we have to make a choice.
>
> On the Committee Page we do we add buckets by special interest
> group/industry vertical type globally OR do we break it out by regions of
> the world and then SIG's special interest group/industry vertica within the
> region of the world.
>
> It would seem that it should be Global Industry Committee /  Regional
> Industry Committee / Special Interest Group / Vertical would you guys agree?
>
> Once we have a revised and agreed plan we can then start pulling all the
> people together, not trying to make it complex rather a structure that can
> allow us to plug in energy and a mechanism that can scale out of the gate.
>
> Finally - the OWASP-CRM project should be live by 12/15 and we will be able
> to start using it for this purpose as well
> http://www.owasp.org/index.php/Category:OWASP_CRM_Project
>
> Thoughts discussion?
>
> hit me up on skype (jinxpuppy) to discuss more.
>
>
>
>
>
> On Sat, Nov 21, 2009 at 5:01 AM, Colin Watson <colin.watson at owasp.org>wrote:
>
>> Three new GIC members added to:
>>
>> http://www.owasp.org/index.php/Global_Committee_Pages
>> http://www.owasp.org/index.php/Global_Industry_Committee
>>
>> Colin
>>
>> 2009/11/19 Tom Brennan - OWASP <tomb at owasp.org>:
>> > Simply add them to the page - people are volunteering to give time and
>> > energy - lets not make it complicated to do so.
>> >
>> > Then when they take on a task, that is how we measure effectiveness.
>>
>
>
>
> --
> Tom Brennan
> http://www.linkedin.com/in/tombrennan
> (973) 506-9303
>
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>


-- 
Eoin Keary
OWASP Board Member
OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20091121/4db3cf58/attachment-0001.html 


More information about the Global_industry_committee mailing list