[Global_industry_committee] GIC _v2.0

Eoin eoin.keary at owasp.org
Tue Aug 10 10:15:28 EDT 2010


Marco,
Totally agree with your points there and hence the survey should cover off:

OWASP materials and Tools: Usefullness, relevance, improvements,
requirements

AppSec issues they most commonly face: Secure Dev, Budget, Test,
requirements, skills, cost, value

AppSec Budget (Training, Tools, materials; What it is spent on. Trends,
Resulting value, third parties, vendor products).

Development: types of SDL's used, pitfalls, trends, reuse, use of open
source, frameworks,

Skills and Awareness issues. Project sponsor, CIO's, Architects, Business
Units, trends, CoTs, Third party ASP's, ISP's, Dev outsourcing etc


(Please slice and dice as required).

-ek







On 10 August 2010 13:15, Marco M. Morana <marco.m.morana at gmail.com> wrote:

>  Eoin
>
>
>
> I think an OWASP AppSec survey is a great idea and can be an opportunity
> for:
>
> 1)      gauge IS  management awareness of application and software
> security related to different industry sectors
>
> 2)      understand the CISOs motives for software/application security
> initiatives adoption within a give organization such as 1) are due to
> previous exposure/impact of data breaches and fraud due to exploit of OWASP
> T10 vulnerabilities 2) compliance, 3) recommendation from analysts 4)
> engineering defect management cost/efficiencies
>
> 3)      assess, at high level, the maturity of software and application
> security practices within the organization, which software security
> activities are implemented in the SDLC , how and where
>
> 4)      understand strategic and tactical goals and how these match with
> IS and Risk  Management metric and measurements are used by different
> organization
>
> 5)      survey how critical training/awareness, processes and tools are
> for application security programs and how OWASP can help in these
>
> 6)      survey on the importance of software assurance as related to
> validation of industry and compliance specific software verification
> requirements and how these can be map to OWASP ASVS
>
> 7)      understand how OWASP projects can best align with corporate Appsec
> and SoftwareSec programs/initiatives for different sectors and the best
> roadmap for the adoption of these
>
>
>
> A few ideas fueled by my early morning espresso, cheers
>
>
>
> Marco
>
>
>
> *From:* eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] *On Behalf Of *
> Eoin
> *Sent:* Tuesday, August 10, 2010 5:22 AM
> *Cc:* bernik at gmail.com; global_industry_committee-bounces at lists.owasp.org;
> Yiannis Pavlosoglou; OWASP Foundation Board List; Global_industry_committee;
> Marco M. Morana
>
> *Subject:* Re: [Global_industry_committee] GIC _v2.0
>
>
>
> Ok,
> If this sounds like a plan OWASP Annual Application Security Survey.
> (OAASS) I shall require to propose this to the next board meeting and also
> the GPC.
>
> Once done we can start building the survey.
>
> This is [in my view] a great chance for OWASP to reach out to Industry in a
> meaningful manner which could be used to define the direction of OWASP
> projects and also OWASP as a whole.
>
> Let me know what you think and also who's in and ill propose the idea to
> the board and GPC as a first step.
>
> Eoin
>
>
>  On 9 August 2010 16:30, Marco M. Morana <marco.m.morana at gmail.com> wrote:
>
> I agree with Joe
>
> I offer to drive it though our chapter in Cincinnati.
>
> Yiannis let me know how I can coordinate this for the next September 27th
> meeting also with other CISOs/IS Directors/managers local to us
>
> Regards
>
> Marco M
> OWASP Cincinnati Chapter Lead
>
>
> -----Original Message-----
> From: global_industry_committee-bounces at lists.owasp.org
> [mailto:global_industry_committee-bounces at lists.owasp.org] On Behalf Of
> bernik at gmail.com
> Sent: Monday, August 09, 2010 10:35 AM
> To: Eoin; global_industry_committee-bounces at lists.owasp.org; Yiannis
> Pavlosoglou
> Cc: OWASP Foundation Board List; Global_industry_committee
> Subject: Re: [Global_industry_committee] GIC _v2.0
>
> I like this idea. Could be very helpful in steering our efforts.
>
> Joe
>
> Sent from my BlackBerry device from Cincinnati Bell Wireless
>
> -----Original Message-----
> From: Eoin <eoin.keary at owasp.org>
> Sender: global_industry_committee-bounces at lists.owasp.org
> Date: Mon, 9 Aug 2010 14:13:51
> To: Yiannis Pavlosoglou<yiannis at owasp.org>
> Cc: OWASP Foundation Board List<owasp-board at lists.owasp.org>;
> Global_industry_committee<global_industry_committee at lists.owasp.org>
> Subject: Re: [Global_industry_committee] GIC _v2.0
>
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>



-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20100810/716f716c/attachment.html 


More information about the Global_industry_committee mailing list