[Global_industry_committee] GIC _v2.0

Yiannis Pavlosoglou yiannis at owasp.org
Wed Aug 11 06:09:41 EDT 2010


Hi,

>From a GIC perspective and based on the feedback received thus far, I
don't forsee an issue with either putting this together, nor filtering
it to the right group(s) of people. We seem to have the bandwidth for
it, it would be nice to have the right people from other committee on
a short response time stand-by to review or comment on the versions of
this.

Eoin, it would also be nice to get some timelines from you / the board
around this, i.e. when do you want it outbound?

I will add it to the agenda for the next GIC call, which will be
scheduled this week, likely to take place next week.

Thank you,

Yiannis

PS. Reply to all bounces on the owasp-board mailing list, perhaps
committee chairs (if all committees have them) should be added to it?
An idea.

On 10 August 2010 15:15, Eoin <eoin.keary at owasp.org> wrote:
> Marco,
> Totally agree with your points there and hence the survey should cover off:
>
> OWASP materials and Tools: Usefullness, relevance, improvements,
> requirements
> AppSec issues they most commonly face: Secure Dev, Budget, Test,
> requirements, skills, cost, value
>
> AppSec Budget (Training, Tools, materials; What it is spent on. Trends,
> Resulting value, third parties, vendor products).
>
> Development: types of SDL's used, pitfalls, trends, reuse, use of open
> source, frameworks,
>
> Skills and Awareness issues. Project sponsor, CIO's, Architects, Business
> Units, trends, CoTs, Third party ASP's, ISP's, Dev outsourcing etc
>
>
> (Please slice and dice as required).
>
> -ek
>
>
>
>
>
>
> On 10 August 2010 13:15, Marco M. Morana <marco.m.morana at gmail.com> wrote:
>>
>> Eoin
>>
>>
>>
>> I think an OWASP AppSec survey is a great idea and can be an opportunity
>> for:
>>
>> 1)      gauge IS  management awareness of application and software
>> security related to different industry sectors
>>
>> 2)      understand the CISOs motives for software/application security
>> initiatives adoption within a give organization such as 1) are due to
>> previous exposure/impact of data breaches and fraud due to exploit of OWASP
>> T10 vulnerabilities 2) compliance, 3) recommendation from analysts 4)
>> engineering defect management cost/efficiencies
>>
>> 3)      assess, at high level, the maturity of software and application
>> security practices within the organization, which software security
>> activities are implemented in the SDLC , how and where
>>
>> 4)      understand strategic and tactical goals and how these match with
>> IS and Risk  Management metric and measurements are used by different
>> organization
>>
>> 5)      survey how critical training/awareness, processes and tools are
>> for application security programs and how OWASP can help in these
>>
>> 6)      survey on the importance of software assurance as related to
>> validation of industry and compliance specific software verification
>> requirements and how these can be map to OWASP ASVS
>>
>> 7)      understand how OWASP projects can best align with corporate Appsec
>> and SoftwareSec programs/initiatives for different sectors and the best
>> roadmap for the adoption of these
>>
>>
>>
>> A few ideas fueled by my early morning espresso, cheers
>>
>>
>>
>> Marco
>>
>>
>>
>> From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
>> Sent: Tuesday, August 10, 2010 5:22 AM
>> Cc: bernik at gmail.com; global_industry_committee-bounces at lists.owasp.org;
>> Yiannis Pavlosoglou; OWASP Foundation Board List; Global_industry_committee;
>> Marco M. Morana
>> Subject: Re: [Global_industry_committee] GIC _v2.0
>>
>>
>>
>> Ok,
>> If this sounds like a plan OWASP Annual Application Security Survey.
>> (OAASS) I shall require to propose this to the next board meeting and also
>> the GPC.
>>
>> Once done we can start building the survey.
>>
>> This is [in my view] a great chance for OWASP to reach out to Industry in
>> a meaningful manner which could be used to define the direction of OWASP
>> projects and also OWASP as a whole.
>>
>> Let me know what you think and also who's in and ill propose the idea to
>> the board and GPC as a first step.
>>
>> Eoin
>>
>>
>> On 9 August 2010 16:30, Marco M. Morana <marco.m.morana at gmail.com> wrote:
>>
>> I agree with Joe
>>
>> I offer to drive it though our chapter in Cincinnati.
>>
>> Yiannis let me know how I can coordinate this for the next September 27th
>> meeting also with other CISOs/IS Directors/managers local to us
>>
>> Regards
>>
>> Marco M
>> OWASP Cincinnati Chapter Lead
>>
>> -----Original Message-----
>> From: global_industry_committee-bounces at lists.owasp.org
>> [mailto:global_industry_committee-bounces at lists.owasp.org] On Behalf Of
>> bernik at gmail.com
>> Sent: Monday, August 09, 2010 10:35 AM
>> To: Eoin; global_industry_committee-bounces at lists.owasp.org; Yiannis
>> Pavlosoglou
>> Cc: OWASP Foundation Board List; Global_industry_committee
>> Subject: Re: [Global_industry_committee] GIC _v2.0
>>
>> I like this idea. Could be very helpful in steering our efforts.
>>
>> Joe
>>
>> Sent from my BlackBerry device from Cincinnati Bell Wireless
>>
>> -----Original Message-----
>> From: Eoin <eoin.keary at owasp.org>
>> Sender: global_industry_committee-bounces at lists.owasp.org
>> Date: Mon, 9 Aug 2010 14:13:51
>> To: Yiannis Pavlosoglou<yiannis at owasp.org>
>> Cc: OWASP Foundation Board List<owasp-board at lists.owasp.org>;
>> Global_industry_committee<global_industry_committee at lists.owasp.org>
>> Subject: Re: [Global_industry_committee] GIC _v2.0
>>
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>>
>>
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member
>> OWASP Code Review Guide Lead Author
>>
>> Sent from my i-Transmogrifier
>> http://asg.ie/
>> https://twitter.com/EoinKeary
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>


More information about the Global_industry_committee mailing list