[Global_industry_committee] Future of the GIC

Tobias tobias.gondrom at owasp.org
Sun Mar 3 11:19:33 UTC 2013

Hi all,

follow-up of our GIC call on Mar-1, even though with some technical
problems for several people dialing in (go2meeting seems to have been
blocked by some corporate firewalls). My apologies for that trouble. I
will try to find an alternative dial-in conference solution for future
meetings. And just fyi a link to a short meeting minutes page

Going forward, I prepared the following Wiki pages for your
consideration and feedback and as basis for our discussion.

Please give *your feedback ASAP* as we need to submit this to the board
*until Mar-8* for them to nod on it on Mar-11 and the GIAB to be ready
by Mar-31.

Here the pages in Wiki. Please send comments or make changes directly to
the documents.

- *https://www.owasp.org/index.php/Global_Industry_Advisory_Board*
(the main page, with mission and goals, links to meeting minutes, etc.)

(the charter and how to select members and remove them)

- *https://www.owasp.org/index.php/GIAB_nominated_candidates*
(I took part of the nomination document of the old committes, and made
it shorter and removed all this "becoming a member be a great honor"
stuff and replaced it with serving our community.)

(to be clear: I would not ask everybody who already had endorsements
from the GIC, to go through this process again; but I will link to the
endorsement pages from the GIC for this purpose.)

- And for all current GIC members: Please also email me or our
mailing-list a quick message whether you want to participate in the
future GIAB.

Please let me know what you think?

All the best and looking forward to hearing from you!


On 24/02/13 21:51, Tobias wrote:
> Hi dear GIC fellows,
> as you read on the leaders list and my previous post, the board and
> our staff decided to shut down all committees and transfer some of
> their activities to initiatives to re-energize activity and make
> things more open for new volunteers.
> The reasoning was also that the committees were not functioning well,
> which possibly for most committees may be true.
> FYI some background info: In the context of the new initiatives
> program, I had a conversation during the last AppSecUS in Austin with
> a board member and some of our staff and thought we had established a
> common understanding that the GIC would continue to remain active in
> parallel to the new initiatives starting up. Unfortunately that seems
> to have been misunderstood or wasn't communicated clearly enough among
> the board and leadership teams during the decision making process.
> Anyway. Water under the bridge.
> Based on the past announcement and the political discussions about the
> shut-down of the committees, I had last Thursday a longer constructive
> conversation with Jim and Sarah at the AppSecAPAC in Jeju on how to
> move forward with the duties of the GIC.
> The GIC goals are very nicely phrased: "The OWASP Global Industry
> Committee (GIC) shall expand awareness of and promote the inclusion of
> software security best practices in Industry, Government, Academia and
> regulatory agencies and be a voice for industry. This will be
> accomplished through outreach; including presentations, development of
> position papers and collaborative efforts with other entities."
> To be clear, I strongly believe that these goals are very important
> for OWASP and our success in going beyond pen-testing and making sure
> we can reach the wider community of developers and end-users, and that
> we need an entity in OWASP to focus and improve on that.
> - advocating industry interests and building relationship with
> industry and eventually improving our corporate memberships and
> influence.
> - initiating new industry related projects and building synergy
> between these industry related projects and promoting them (CISO
> guide, CISO Survey, Industry links, etc.).
> Back to the conversation with Jim and Sarah at the AppSec APAC in
> Jeju: to find a way on how we can continue to work on these goals in
> the current or a future framework.
> In general, it seems that it is accepted that the GIC is the one
> committee that is still functioning reasonably well (though I
> personally could see us improve on that - and myself becoming a better
> chair) and fulfills important goals for OWASP. However, there seems to
> be great hesitation (and political resistance) to make an exception
> and keep the GIC alive as the only remaining committee.
> Following we discussed various options:
> 1. Make the GIC an initiative:
> We had a discussion about why it would not be such a good idea to
> change the GIC to an initiative. Two of the reasons why this would not
> be a good fit:
> - initiatives shall a clear finite scope and lifetime (more like a
> mini-project) and in fact the GIC serves the need for a long-term
> contact point for industry relations and synergy across different projects
> - the GIC in fact inspires initiatives or projects that make sense for
> industry members.
> During our discussion it became clear and agreed that due to the
> nature of the GIC and our current work, that to try and make the GIC
> into an initiative would not be a viable solution.
> 2. Replacing the GIC with another to-be-founded entity:
> As I personally don't feel strongly about the name of a thing as long
> as it does achieve the objective, the proposal was to close the GIC
> and replace it with the "Global Industry Advisory Board" (GIAB) with
> similar scope.
> This proposal was developed together during the conversation between
> Sarah, Jim and myself and would have full support from both of them
> and myself.
> Things that we would need to do for this to happen:
> - we need to write a document on the goals and the selection process
> of the members and terms (I would base that on the committee selection
> charter).
> - there will be a board meeting on Mar-11 and we should have that
> document ready by Mar-7 so it can be send around in time before the
> meeting, so the board can "nod on it". We would be active on April-1
> (or Mar-31 to avoid people thinking this is an April-1 joke).
> This can actually also be an opportunity for us to review some of our
> past committee weaknesses and try to learn from them:
> Some ideas of things we should consider:
> - define how and what to do with GIAB memberships if people do not
> attend calls etc. E.g. it should be easier to remove members and the
> chair if they are not active. One idea is to make the terms of members
> and the chair finite and members need to actively re-apply after 1 year.
> - be more clear on our goals and what specific success criteria should
> be?
> - I liked the fact that for an application to the GIAB, you need to be
> endorsed as one of the selection criteria. (the way we handled this
> with the GIC with 5 endorsements). What do you think would 3
> endorsements be sufficient? What would be a good number? The second
> selection criteria should be a vote by the existing GIAB  members.
> - Initially for the transition, I propose to basically transfer all
> the active members of the GIC into the GIAB and add active volunteers
> based on their applications and member votes.
> - It would be good if we can have diversity in industry and regions in
> the GIAB reflected in the members.
> (e.g. members from different industries and regions). That can also
> help with active outreach and promotion of OWASP topics towards
> different industries and regions.
> - I would suggest to limit the number of members to a maximum of 12.
> (personally I think group sizes beyond 8 become less and less
> effective - with twelve being a reasonable upper limit for the GIAB)
> What do you think about this plan?
> Would this be agreeable?
> Please let me know your feedback.
> I also will send round a doodle for time slots for our next call in a
> few minutes. Please let me know ASAP, as I need to schedule the call
> ASAP, so that we have a document for the board to decide (nod on) in
> time.
> Cheers, Tobias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_industry_committee/attachments/20130303/62275db4/attachment.html>

More information about the Global_industry_committee mailing list