[Global_industry_committee] Future of the GIC
tobias.gondrom at owasp.org
Sun Mar 3 11:19:33 UTC 2013
follow-up of our GIC call on Mar-1, even though with some technical
problems for several people dialing in (go2meeting seems to have been
blocked by some corporate firewalls). My apologies for that trouble. I
will try to find an alternative dial-in conference solution for future
meetings. And just fyi a link to a short meeting minutes page
Going forward, I prepared the following Wiki pages for your
consideration and feedback and as basis for our discussion.
Please give *your feedback ASAP* as we need to submit this to the board
*until Mar-8* for them to nod on it on Mar-11 and the GIAB to be ready
Here the pages in Wiki. Please send comments or make changes directly to
(the main page, with mission and goals, links to meeting minutes, etc.)
(the charter and how to select members and remove them)
(I took part of the nomination document of the old committes, and made
it shorter and removed all this "becoming a member be a great honor"
stuff and replaced it with serving our community.)
(to be clear: I would not ask everybody who already had endorsements
from the GIC, to go through this process again; but I will link to the
endorsement pages from the GIC for this purpose.)
- And for all current GIC members: Please also email me or our
mailing-list a quick message whether you want to participate in the
Please let me know what you think?
All the best and looking forward to hearing from you!
On 24/02/13 21:51, Tobias wrote:
> Hi dear GIC fellows,
> as you read on the leaders list and my previous post, the board and
> our staff decided to shut down all committees and transfer some of
> their activities to initiatives to re-energize activity and make
> things more open for new volunteers.
> The reasoning was also that the committees were not functioning well,
> which possibly for most committees may be true.
> FYI some background info: In the context of the new initiatives
> program, I had a conversation during the last AppSecUS in Austin with
> a board member and some of our staff and thought we had established a
> common understanding that the GIC would continue to remain active in
> parallel to the new initiatives starting up. Unfortunately that seems
> to have been misunderstood or wasn't communicated clearly enough among
> the board and leadership teams during the decision making process.
> Anyway. Water under the bridge.
> Based on the past announcement and the political discussions about the
> shut-down of the committees, I had last Thursday a longer constructive
> conversation with Jim and Sarah at the AppSecAPAC in Jeju on how to
> move forward with the duties of the GIC.
> The GIC goals are very nicely phrased: "The OWASP Global Industry
> Committee (GIC) shall expand awareness of and promote the inclusion of
> software security best practices in Industry, Government, Academia and
> regulatory agencies and be a voice for industry. This will be
> accomplished through outreach; including presentations, development of
> position papers and collaborative efforts with other entities."
> To be clear, I strongly believe that these goals are very important
> for OWASP and our success in going beyond pen-testing and making sure
> we can reach the wider community of developers and end-users, and that
> we need an entity in OWASP to focus and improve on that.
> - advocating industry interests and building relationship with
> industry and eventually improving our corporate memberships and
> - initiating new industry related projects and building synergy
> between these industry related projects and promoting them (CISO
> guide, CISO Survey, Industry links, etc.).
> Back to the conversation with Jim and Sarah at the AppSec APAC in
> Jeju: to find a way on how we can continue to work on these goals in
> the current or a future framework.
> In general, it seems that it is accepted that the GIC is the one
> committee that is still functioning reasonably well (though I
> personally could see us improve on that - and myself becoming a better
> chair) and fulfills important goals for OWASP. However, there seems to
> be great hesitation (and political resistance) to make an exception
> and keep the GIC alive as the only remaining committee.
> Following we discussed various options:
> 1. Make the GIC an initiative:
> We had a discussion about why it would not be such a good idea to
> change the GIC to an initiative. Two of the reasons why this would not
> be a good fit:
> - initiatives shall a clear finite scope and lifetime (more like a
> mini-project) and in fact the GIC serves the need for a long-term
> contact point for industry relations and synergy across different projects
> - the GIC in fact inspires initiatives or projects that make sense for
> industry members.
> During our discussion it became clear and agreed that due to the
> nature of the GIC and our current work, that to try and make the GIC
> into an initiative would not be a viable solution.
> 2. Replacing the GIC with another to-be-founded entity:
> As I personally don't feel strongly about the name of a thing as long
> as it does achieve the objective, the proposal was to close the GIC
> and replace it with the "Global Industry Advisory Board" (GIAB) with
> similar scope.
> This proposal was developed together during the conversation between
> Sarah, Jim and myself and would have full support from both of them
> and myself.
> Things that we would need to do for this to happen:
> - we need to write a document on the goals and the selection process
> of the members and terms (I would base that on the committee selection
> - there will be a board meeting on Mar-11 and we should have that
> document ready by Mar-7 so it can be send around in time before the
> meeting, so the board can "nod on it". We would be active on April-1
> (or Mar-31 to avoid people thinking this is an April-1 joke).
> This can actually also be an opportunity for us to review some of our
> past committee weaknesses and try to learn from them:
> Some ideas of things we should consider:
> - define how and what to do with GIAB memberships if people do not
> attend calls etc. E.g. it should be easier to remove members and the
> chair if they are not active. One idea is to make the terms of members
> and the chair finite and members need to actively re-apply after 1 year.
> - be more clear on our goals and what specific success criteria should
> - I liked the fact that for an application to the GIAB, you need to be
> endorsed as one of the selection criteria. (the way we handled this
> with the GIC with 5 endorsements). What do you think would 3
> endorsements be sufficient? What would be a good number? The second
> selection criteria should be a vote by the existing GIAB members.
> - Initially for the transition, I propose to basically transfer all
> the active members of the GIC into the GIAB and add active volunteers
> based on their applications and member votes.
> - It would be good if we can have diversity in industry and regions in
> the GIAB reflected in the members.
> (e.g. members from different industries and regions). That can also
> help with active outreach and promotion of OWASP topics towards
> different industries and regions.
> - I would suggest to limit the number of members to a maximum of 12.
> (personally I think group sizes beyond 8 become less and less
> effective - with twelve being a reasonable upper limit for the GIAB)
> What do you think about this plan?
> Would this be agreeable?
> Please let me know your feedback.
> I also will send round a doodle for time slots for our next call in a
> few minutes. Please let me know ASAP, as I need to schedule the call
> ASAP, so that we have a document for the board to decide (nod on) in
> Cheers, Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global_industry_committee