[Global_industry_committee] GIC _v2.0

Marco M. Morana marco.m.morana at gmail.com
Thu Sep 2 12:20:25 EDT 2010


Eoin

Great ! Let me know if can help write the questions to extract the "devil" from the details especially when these are from infosec managers at a large FI

Regards

Marco M

Sent from my iPhone

On Sep 2, 2010, at 7:07 AM, Eoin <eoinkeary at gmail.com> wrote:

> Yes,
> Myself and Dave Campbell did a call last week.
> 
> I have also asked the board for funding to fund a survey site and hard copy survey delivery, postage etc.
> 
> We have a structure defined but the devil is in the detail, the questions......
> 
> It shall be both in hard copy and also via a survey monkey type of online affair.
>  
> Survey rollout shall be via invite (an invite letter to individuals and also an email.)
> 
> We need to list connections who can fill out the survey. I want to stay away from consultancies and professional services organisations, we need to target financial services, energy, software dev,  transport etc. OWASP corporate sponsors also (but majority are consultants).
> 
> This survey shall get OWASP into a more proactive posture rather than reactive. It may also help define where we should focus and spend our limited resources.
> 
> -ek
> 
> 
> 
> On 4 September 2010 11:55, Marco M. Morana <marco.m.morana at gmail.com> wrote:
> Yiannis
> 
> there has been any follow OWASP Annual Application Security Survey. (OAASS)?
> 
>  
> 
> I think there is also need to get a survey like this done prior to determine activities for CISOs engaged in Appsec Initiatives such as training on S-SDLC processes, governance and risk management processes.
> 
>  
> 
> I can take some of the ideas included in the list herein and expand them a little further in a draft, if you think this is something we would like to pursuit.
> 
>  
> 
> I am also thinking that would be a good idea to use OAASS for a mapping to a training targeting CISOs, ISO, IS Managers that eventually I could deliver at OWASP in Italy or elsewhere in Europe during my next trip in October/November this year. I also copied OWASP Italy Chapter President, Matteo Meucci
> 
>  
> 
> I was planning to attend Appsec USA and I registered for it next week but unfortunately I cannot physically attend it.
> 
>  
> 
> If there is a GIC meeting during AppSec that is on conference call, I would be happy to attend the conference call.
> 
>  
> 
> Thanks
> 
>  
> 
> Marco M
> 
> OWASP Cincinnati Chapter Lead
> 
>  
> 
> From: Marco M. Morana [mailto:marco.m.morana at gmail.com] 
> Sent: Tuesday, August 10, 2010 8:16 AM
> To: 'Eoin'
> Cc: 'bernik at gmail.com'; 'global_industry_committee-bounces at lists.owasp.org'; 'Yiannis Pavlosoglou'; 'OWASP Foundation Board List'; 'Global_industry_committee'
> Subject: RE: [Global_industry_committee] GIC _v2.0
> 
>  
> 
> Eoin
> 
>  
> 
> I think an OWASP AppSec survey is a great idea and can be an opportunity for:
> 
> 1)      gauge IS  management awareness of application and software security related to different industry sectors
> 
> 2)      understand the CISOs motives for software/application security initiatives adoption within a give organization such as 1) are due to previous exposure/impact of data breaches and fraud due to exploit of OWASP T10 vulnerabilities 2) compliance, 3) recommendation from analysts 4) engineering defect management cost/efficiencies
> 
> 3)      assess, at high level, the maturity of software and application security practices within the organization, which software security activities are implemented in the SDLC , how and where 
> 
> 4)      understand strategic and tactical goals and how these match with IS and Risk  Management metric and measurements are used by different organization
> 
> 5)      survey how critical training/awareness, processes and tools are for application security programs and how OWASP can help in these
> 
> 6)      survey on the importance of software assurance as related to validation of industry and compliance specific software verification requirements and how these can be map to OWASP ASVS
> 
> 7)      understand how OWASP projects can best align with corporate Appsec and SoftwareSec programs/initiatives for different sectors and the best roadmap for the adoption of these
> 
>  
> 
> A few ideas fueled by my early morning espresso, cheers
> 
>  
> 
> Marco
> 
>  
> 
> From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
> Sent: Tuesday, August 10, 2010 5:22 AM
> Cc: bernik at gmail.com; global_industry_committee-bounces at lists.owasp.org; Yiannis Pavlosoglou; OWASP Foundation Board List; Global_industry_committee; Marco M. Morana
> Subject: Re: [Global_industry_committee] GIC _v2.0
> 
>  
> 
> Ok,
> If this sounds like a plan OWASP Annual Application Security Survey. (OAASS) I shall require to propose this to the next board meeting and also the GPC.
> 
> Once done we can start building the survey.
> 
> This is [in my view] a great chance for OWASP to reach out to Industry in a meaningful manner which could be used to define the direction of OWASP projects and also OWASP as a whole.
> 
> Let me know what you think and also who's in and ill propose the idea to the board and GPC as a first step.
> 
> Eoin
> 
> On 9 August 2010 16:30, Marco M. Morana <marco.m.morana at gmail.com> wrote:
> 
> I agree with Joe
> 
> I offer to drive it though our chapter in Cincinnati.
> 
> Yiannis let me know how I can coordinate this for the next September 27th
> meeting also with other CISOs/IS Directors/managers local to us
> 
> Regards
> 
> Marco M
> OWASP Cincinnati Chapter Lead
> 
> 
> -----Original Message-----
> From: global_industry_committee-bounces at lists.owasp.org
> [mailto:global_industry_committee-bounces at lists.owasp.org] On Behalf Of
> bernik at gmail.com
> Sent: Monday, August 09, 2010 10:35 AM
> To: Eoin; global_industry_committee-bounces at lists.owasp.org; Yiannis
> Pavlosoglou
> Cc: OWASP Foundation Board List; Global_industry_committee
> Subject: Re: [Global_industry_committee] GIC _v2.0
> 
> I like this idea. Could be very helpful in steering our efforts.
> 
> Joe
> 
> Sent from my BlackBerry device from Cincinnati Bell Wireless
> 
> -----Original Message-----
> From: Eoin <eoin.keary at owasp.org>
> Sender: global_industry_committee-bounces at lists.owasp.org
> Date: Mon, 9 Aug 2010 14:13:51
> To: Yiannis Pavlosoglou<yiannis at owasp.org>
> Cc: OWASP Foundation Board List<owasp-board at lists.owasp.org>;
> Global_industry_committee<global_industry_committee at lists.owasp.org>
> Subject: Re: [Global_industry_committee] GIC _v2.0
> 
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
> 
> 
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
> 
> 
> 
> 
> -- 
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> 
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
> 
> 
> 
> 
> -- 
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> 
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20100902/919aae4c/attachment.html 


More information about the Global_industry_committee mailing list