[Global_industry_committee] GIC _v2.0

Marco M. Morana marco.m.morana at gmail.com
Tue Aug 10 08:15:42 EDT 2010



I think an OWASP AppSec survey is a great idea and can be an opportunity

1)      gauge IS  management awareness of application and software security
related to different industry sectors

2)      understand the CISOs motives for software/application security
initiatives adoption within a give organization such as 1) are due to
previous exposure/impact of data breaches and fraud due to exploit of OWASP
T10 vulnerabilities 2) compliance, 3) recommendation from analysts 4)
engineering defect management cost/efficiencies

3)      assess, at high level, the maturity of software and application
security practices within the organization, which software security
activities are implemented in the SDLC , how and where  

4)      understand strategic and tactical goals and how these match with IS
and Risk  Management metric and measurements are used by different

5)      survey how critical training/awareness, processes and tools are for
application security programs and how OWASP can help in these

6)      survey on the importance of software assurance as related to
validation of industry and compliance specific software verification
requirements and how these can be map to OWASP ASVS

7)      understand how OWASP projects can best align with corporate Appsec
and SoftwareSec programs/initiatives for different sectors and the best
roadmap for the adoption of these


A few ideas fueled by my early morning espresso, cheers




From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
Sent: Tuesday, August 10, 2010 5:22 AM
Cc: bernik at gmail.com; global_industry_committee-bounces at lists.owasp.org;
Yiannis Pavlosoglou; OWASP Foundation Board List; Global_industry_committee;
Marco M. Morana
Subject: Re: [Global_industry_committee] GIC _v2.0


If this sounds like a plan OWASP Annual Application Security Survey. (OAASS)
I shall require to propose this to the next board meeting and also the GPC.

Once done we can start building the survey.

This is [in my view] a great chance for OWASP to reach out to Industry in a
meaningful manner which could be used to define the direction of OWASP
projects and also OWASP as a whole.

Let me know what you think and also who's in and ill propose the idea to the
board and GPC as a first step.


On 9 August 2010 16:30, Marco M. Morana <marco.m.morana at gmail.com> wrote:

I agree with Joe

I offer to drive it though our chapter in Cincinnati.

Yiannis let me know how I can coordinate this for the next September 27th
meeting also with other CISOs/IS Directors/managers local to us


Marco M
OWASP Cincinnati Chapter Lead

-----Original Message-----
From: global_industry_committee-bounces at lists.owasp.org
[mailto:global_industry_committee-bounces at lists.owasp.org] On Behalf Of
bernik at gmail.com
Sent: Monday, August 09, 2010 10:35 AM
To: Eoin; global_industry_committee-bounces at lists.owasp.org; Yiannis
Cc: OWASP Foundation Board List; Global_industry_committee
Subject: Re: [Global_industry_committee] GIC _v2.0

I like this idea. Could be very helpful in steering our efforts.


Sent from my BlackBerry device from Cincinnati Bell Wireless

-----Original Message-----
From: Eoin <eoin.keary at owasp.org>
Sender: global_industry_committee-bounces at lists.owasp.org
Date: Mon, 9 Aug 2010 14:13:51
To: Yiannis Pavlosoglou<yiannis at owasp.org>
Cc: OWASP Foundation Board List<owasp-board at lists.owasp.org>;
Global_industry_committee<global_industry_committee at lists.owasp.org>
Subject: Re: [Global_industry_committee] GIC _v2.0

Global_industry_committee mailing list
Global_industry_committee at lists.owasp.org

Global_industry_committee mailing list
Global_industry_committee at lists.owasp.org

Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20100810/6d364db6/attachment-0001.html 

More information about the Global_industry_committee mailing list