[Global_industry_committee] Future of the GIC

Colin Watson colin.watson at owasp.org
Mon Feb 25 09:56:29 UTC 2013


On 24 February 2013 13:51, Tobias <tobias.gondrom at owasp.org> wrote:
> Things that we would need to do for this to happen:
> - we need to write a document on the goals and the selection process of the
> members and terms (I would base that on the committee selection charter).

I am happy to help draft/review/QA this as needed.

> - there will be a board meeting on Mar-11 and we should have that document
> ready by Mar-7 so it can be send around in time before the meeting, so the
> board can "nod on it". We would be active on April-1 (or Mar-31 to avoid
> people thinking this is an April-1 joke).

Yes, March 31st!

> - define how and what to do with GIAB memberships if people do not attend
> calls etc. E.g. it should be easier to remove members and the chair if they
> are not active. One idea is to make the terms of members and the chair
> finite and members need to actively re-apply after 1 year.

Finite terms are a good idea, but I also think there should be
automatic fall-out earlier if people are not contributing and there
are others who want to take part, to prevent blocking new blood.

Contributing is not just taking part in meetings though. Include
creation of documents, outreach activities, participation in
conferences, responding to legislaton/standards/etc, speaking at
non-OWASP events, etc.

> - It would be good if we can have diversity in industry and regions in the
> GIAB reflected in the members.
> (e.g. members from different industries and regions). That can also help
> with active outreach and promotion of OWASP topics towards different
> industries and regions.

But equally, they have to contribute too. Diversity must be an aim but
symbolic/token regional (or sector/vertical) members will not help.

> - I would suggest to limit the number of members to a maximum of 12.
> (personally I think group sizes beyond 8 become less and less effective -
> with twelve being a reasonable upper limit for the GIAB)

6-12 sounds fine.

No mention of budgets? Personally I prefer if there is a zero budget
and anything that needs funding is dealt with when needed (e.g. as an
initiative). I thought having an employee administrator an unnecessary
overhead, and did I read somewhere there was a concern by employees
about the amount of time they spent on committee activities? The
GIC/GIAB should be lightweight and agile, and judged by the efforts of
its members. It also sounds better to say "we did all of this and it
cost OWASP zero".

> As I personally don't feel strongly about the name of a thing as long as it does achieve the objective,
> the proposal was to close the GIC and replace it with the "Global Industry Advisory Board" (GIAB)
> with similar scope.

Agree, the name is not so important as what we do. But if there is a
desire to make sure it is not seen as the Global Industry Committee
continuing, perhaps also use "international" instead of "Global". And
perhaps "advisory" suggests more of a one-way sort of relationship.
Maybe then just "International Industry Board (IIB)". Dropping
"Global" might also help differentiate it from "Global Initiatives".

> I also will send round a doodle for time slots for our next call in a few
> minutes. Please let me know ASAP, as I need to schedule the call ASAP, so
> that we have a document for the board to decide (nod on) in time.

I am travelling or on site for most of those slots, so I don't want to
drive the date/time. Whatever is agreed, I will make every effort to


More information about the Global_industry_committee mailing list