[Global_industry_committee] Future of the GIC

Tobias tobias.gondrom at owasp.org
Sat Mar 9 04:57:36 UTC 2013


Mauro,

thanks a lot for your feedback.
I made the according addition as you suggested:
added a sentence to the removal reasons:
"*The member repeatedly does not fulfill the tasks he/she himself
promised and committed to do on the GIAB (usually this will be
documented in the meeting minutes)."

For the second point, I suggest we just put the goals and milestones
into our main document, and not add another sentence about this into the
governance document, if that is ok with you?

Best regards, Tobias


On 05/03/13 08:09, Mauro Flores wrote:
> Tobias, great work!!!
> The only comment/suggestion I have is on the Global Industry Advisory
> Board Governance in the Removal from Committee section, I would add as
> a removal reason if the member don't fulfil a task he/she agree to do
> on the GIAB. The idea is that if a member accepts to do something for
> the GIAB he/she must fulfil the task or find a substitute to do it,
> but in any case the task has to be done but someone. Many time I saw
> that someone takes a task and some time after he/she loses interest,
> don't have more time or something happens and this person is no longer
> able to move that task forward and stead of finding a replacement,
> he/he just forget about that task and I think that should be a removal
> reason. 
>
> I also think we should set some specific goals for each GIAB year that
> we should set all together. Like releasing the CISO Guide, or do XXX
> Industry tables with at least XX industry representatives and stuff
> like that. Specific, measurable, challenging but reachable actions for
> each year.
> My 2 cent. 
>
> regards, Mauro Flores
> El dom, 03-03-2013 a las 19:19 +0800, Tobias escribió:
>> Hi all,
>>
>> follow-up of our GIC call on Mar-1, even though with some technical
>> problems for several people dialing in (go2meeting seems to have been
>> blocked by some corporate firewalls). My apologies for that trouble.
>> I will try to find an alternative dial-in conference solution for
>> future meetings. And just fyi a link to a short meeting minutes page
>> (https://www.owasp.org/index.php/Industry:_Minutes_2013-03-01) 
>>
>> Going forward, I prepared the following Wiki pages for your
>> consideration and feedback and as basis for our discussion.
>>
>> Please give *your feedback ASAP* as we need to submit this to the
>> board *until Mar-8* for them to nod on it on Mar-11 and the GIAB to
>> be ready by Mar-31.
>>
>> Here the pages in Wiki. Please send comments or make changes directly
>> to the documents.
>>
>> - *https://www.owasp.org/index.php/Global_Industry_Advisory_Board*
>> (the main page, with mission and goals, links to meeting minutes, etc.)
>>
>> -
>> *https://www.owasp.org/index.php/Global_Industry_Advisory_Board_Governance*
>> (the charter and how to select members and remove them)
>>
>> - *https://www.owasp.org/index.php/GIAB_nominated_candidates*
>> (I took part of the nomination document of the old committes, and
>> made it shorter and removed all this "becoming a member be a great
>> honor" stuff and replaced it with serving our community.)
>>
>> -
>> *https://www.owasp.org/index.php/Global_Industry_Advisory_Board_Joining_Form_-_Template*
>> (to be clear: I would not ask everybody who already had endorsements
>> from the GIC, to go through this process again; but I will link to
>> the endorsement pages from the GIC for this purpose.)
>>
>> - And for all current GIC members: Please also email me or our
>> mailing-list a quick message whether you want to participate in the
>> future GIAB.
>>
>> Please let me know what you think?
>>
>> All the best and looking forward to hearing from you!
>>
>> Tobias
>>
>>
>>
>>
>> On 24/02/13 21:51, Tobias wrote:
>>
>>> Hi dear GIC fellows,
>>>
>>> as you read on the leaders list and my previous post, the board and
>>> our staff decided to shut down all committees and transfer some of
>>> their activities to initiatives to re-energize activity and make
>>> things more open for new volunteers.
>>> The reasoning was also that the committees were not functioning
>>> well, which possibly for most committees may be true.
>>>
>>> FYI some background info: In the context of the new initiatives
>>> program, I had a conversation during the last AppSecUS in Austin
>>> with a board member and some of our staff and thought we had
>>> established a common understanding that the GIC would continue to
>>> remain active in parallel to the new initiatives starting up.
>>> Unfortunately that seems to have been misunderstood or wasn't
>>> communicated clearly enough among the board and leadership teams
>>> during the decision making process. Anyway. Water under the bridge.
>>>
>>> Based on the past announcement and the political discussions about
>>> the shut-down of the committees, I had last Thursday a longer
>>> constructive conversation with Jim and Sarah at the AppSecAPAC in
>>> Jeju on how to move forward with the duties of the GIC.
>>>
>>> The GIC goals are very nicely phrased: "The OWASP Global Industry
>>> Committee (GIC) shall expand awareness of and promote the inclusion
>>> of software security best practices in Industry, Government,
>>> Academia and regulatory agencies and be a voice for industry. This
>>> will be accomplished through outreach; including presentations,
>>> development of position papers and collaborative efforts with other
>>> entities."
>>>
>>> To be clear, I strongly believe that these goals are very important
>>> for OWASP and our success in going beyond pen-testing and making
>>> sure we can reach the wider community of developers and end-users,
>>> and that we need an entity in OWASP to focus and improve on that.
>>> - advocating industry interests and building relationship with
>>> industry and eventually improving our corporate memberships and
>>> influence.
>>> - initiating new industry related projects and building synergy
>>> between these industry related projects and promoting them (CISO
>>> guide, CISO Survey, Industry links, etc.).
>>>
>>> Back to the conversation with Jim and Sarah at the AppSec APAC in
>>> Jeju: to find a way on how we can continue to work on these goals in
>>> the current or a future framework.
>>>
>>> In general, it seems that it is accepted that the GIC is the one
>>> committee that is still functioning reasonably well (though I
>>> personally could see us improve on that - and myself becoming a
>>> better chair) and fulfills important goals for OWASP. However, there
>>> seems to be great hesitation (and political resistance) to make an
>>> exception and keep the GIC alive as the only remaining committee.
>>>
>>> Following we discussed various options:
>>> 1. Make the GIC an initiative:
>>> We had a discussion about why it would not be such a good idea to
>>> change the GIC to an initiative. Two of the reasons why this would
>>> not be a good fit:
>>> - initiatives shall a clear finite scope and lifetime (more like a
>>> mini-project) and in fact the GIC serves the need for a long-term
>>> contact point for industry relations and synergy across different
>>> projects
>>> - the GIC in fact inspires initiatives or projects that make sense
>>> for industry members.
>>> During our discussion it became clear and agreed that due to the
>>> nature of the GIC and our current work, that to try and make the GIC
>>> into an initiative would not be a viable solution.
>>>
>>> 2. Replacing the GIC with another to-be-founded entity:
>>> As I personally don't feel strongly about the name of a thing as
>>> long as it does achieve the objective, the proposal was to close the
>>> GIC and replace it with the "Global Industry Advisory Board" (GIAB)
>>> with similar scope.
>>> This proposal was developed together during the conversation between
>>> Sarah, Jim and myself and would have full support from both of them
>>> and myself.
>>>
>>> Things that we would need to do for this to happen:
>>> - we need to write a document on the goals and the selection process
>>> of the members and terms (I would base that on the committee
>>> selection charter).
>>> - there will be a board meeting on Mar-11 and we should have that
>>> document ready by Mar-7 so it can be send around in time before the
>>> meeting, so the board can "nod on it". We would be active on April-1
>>> (or Mar-31 to avoid people thinking this is an April-1 joke).
>>>
>>> This can actually also be an opportunity for us to review some of
>>> our past committee weaknesses and try to learn from them:
>>> Some ideas of things we should consider:
>>> - define how and what to do with GIAB memberships if people do not
>>> attend calls etc. E.g. it should be easier to remove members and the
>>> chair if they are not active. One idea is to make the terms of
>>> members and the chair finite and members need to actively re-apply
>>> after 1 year.
>>> - be more clear on our goals and what specific success criteria
>>> should be?
>>> - I liked the fact that for an application to the GIAB, you need to
>>> be endorsed as one of the selection criteria. (the way we handled
>>> this with the GIC with 5 endorsements). What do you think would 3
>>> endorsements be sufficient? What would be a good number? The second
>>> selection criteria should be a vote by the existing GIAB  members.
>>> - Initially for the transition, I propose to basically transfer all
>>> the active members of the GIC into the GIAB and add active
>>> volunteers based on their applications and member votes.
>>> - It would be good if we can have diversity in industry and regions
>>> in the GIAB reflected in the members.
>>> (e.g. members from different industries and regions). That can also
>>> help with active outreach and promotion of OWASP topics towards
>>> different industries and regions.
>>> - I would suggest to limit the number of members to a maximum of 12.
>>> (personally I think group sizes beyond 8 become less and less
>>> effective - with twelve being a reasonable upper limit for the GIAB)
>>>
>>> What do you think about this plan?
>>> Would this be agreeable?
>>>
>>> Please let me know your feedback.
>>>
>>> I also will send round a doodle for time slots for our next call in
>>> a few minutes. Please let me know ASAP, as I need to schedule the
>>> call ASAP, so that we have a document for the board to decide (nod
>>> on) in time.
>>>
>>> Cheers, Tobias
>>>
>>>
>>>
>>>
>>>
>>
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org <mailto:Global_industry_committee at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_industry_committee/attachments/20130309/586be0bf/attachment.html>


More information about the Global_industry_committee mailing list