[Global_industry_committee] Future of the GIC

Mauro Flores mauro.flores at owasp.org
Sun Mar 10 17:36:17 UTC 2013


Tobias, I'm ok with this.
More important than how we implement the second point is to have a way
to mesure the results... specially after Jim's mail...

regards, Mauro Flores
El sáb, 09-03-2013 a las 12:57 +0800, Tobias escribió:
> Mauro, 
> 
> thanks a lot for your feedback. 
> I made the according addition as you suggested: 
> added a sentence to the removal reasons: 
> "*The member repeatedly does not fulfill the tasks he/she himself
> promised and committed to do on the GIAB (usually this will be
> documented in the meeting minutes)."
> 
> For the second point, I suggest we just put the goals and milestones
> into our main document, and not add another sentence about this into
> the governance document, if that is ok with you? 
> 
> Best regards, Tobias
> 
> 
> On 05/03/13 08:09, Mauro Flores wrote:
> 
> > 
> > Tobias, great work!!! 
> > The only comment/suggestion I have is on the Global Industry
> > Advisory Board Governance in the Removal from Committee section, I
> > would add as a removal reason if the member don't fulfil a task
> > he/she agree to do on the GIAB. The idea is that if a member accepts
> > to do something for the GIAB he/she must fulfil the task or find a
> > substitute to do it, but in any case the task has to be done but
> > someone. Many time I saw that someone takes a task and some time
> > after he/she loses interest, don't have more time or something
> > happens and this person is no longer able to move that task forward
> > and stead of finding a replacement, he/he just forget about that
> > task and I think that should be a removal reason.  
> > 
> > I also think we should set some specific goals for each GIAB year
> > that we should set all together. Like releasing the CISO Guide, or
> > do XXX Industry tables with at least XX industry representatives and
> > stuff like that. Specific, measurable, challenging but reachable
> > actions for each year. 
> > My 2 cent.  
> > 
> > regards, Mauro Flores
> > El dom, 03-03-2013 a las 19:19 +0800, Tobias escribió: 
> > 
> > > Hi all, 
> > > 
> > > follow-up of our GIC call on Mar-1, even though with some
> > > technical problems for several people dialing in (go2meeting seems
> > > to have been blocked by some corporate firewalls). My apologies
> > > for that trouble. I will try to find an alternative dial-in
> > > conference solution for future meetings. And just fyi a link to a
> > > short meeting minutes page
> > > (https://www.owasp.org/index.php/Industry:_Minutes_2013-03-01)  
> > > 
> > > Going forward, I prepared the following Wiki pages for your
> > > consideration and feedback and as basis for our discussion. 
> > > 
> > > Please give your feedback ASAP as we need to submit this to the
> > > board until Mar-8 for them to nod on it on Mar-11 and the GIAB to
> > > be ready by Mar-31.
> > > 
> > > Here the pages in Wiki. Please send comments or make changes
> > > directly to the documents. 
> > > 
> > > - https://www.owasp.org/index.php/Global_Industry_Advisory_Board
> > > (the main page, with mission and goals, links to meeting minutes,
> > > etc.)
> > > 
> > > -
> > > https://www.owasp.org/index.php/Global_Industry_Advisory_Board_Governance
> > > (the charter and how to select members and remove them)
> > > 
> > > - https://www.owasp.org/index.php/GIAB_nominated_candidates
> > > (I took part of the nomination document of the old committes, and
> > > made it shorter and removed all this "becoming a member be a great
> > > honor" stuff and replaced it with serving our community.)
> > > 
> > > -
> > > https://www.owasp.org/index.php/Global_Industry_Advisory_Board_Joining_Form_-_Template
> > > (to be clear: I would not ask everybody who already had
> > > endorsements from the GIC, to go through this process again; but I
> > > will link to the endorsement pages from the GIC for this purpose.)
> > > 
> > > - And for all current GIC members: Please also email me or our
> > > mailing-list a quick message whether you want to participate in
> > > the future GIAB. 
> > > 
> > > Please let me know what you think? 
> > > 
> > > All the best and looking forward to hearing from you!
> > > 
> > > Tobias
> > > 
> > > 
> > > 
> > > 
> > > On 24/02/13 21:51, Tobias wrote:
> > > 
> > > 
> > > > Hi dear GIC fellows, 
> > > > 
> > > > as you read on the leaders list and my previous post, the board
> > > > and our staff decided to shut down all committees and transfer
> > > > some of their activities to initiatives to re-energize activity
> > > > and make things more open for new volunteers. 
> > > > The reasoning was also that the committees were not functioning
> > > > well, which possibly for most committees may be true. 
> > > > 
> > > > FYI some background info: In the context of the new initiatives
> > > > program, I had a conversation during the last AppSecUS in Austin
> > > > with a board member and some of our staff and thought we had
> > > > established a common understanding that the GIC would continue
> > > > to remain active in parallel to the new initiatives starting up.
> > > > Unfortunately that seems to have been misunderstood or wasn't
> > > > communicated clearly enough among the board and leadership teams
> > > > during the decision making process. Anyway. Water under the
> > > > bridge. 
> > > > 
> > > > Based on the past announcement and the political discussions
> > > > about the shut-down of the committees, I had last Thursday a
> > > > longer constructive conversation with Jim and Sarah at the
> > > > AppSecAPAC in Jeju on how to move forward with the duties of the
> > > > GIC. 
> > > > 
> > > > The GIC goals are very nicely phrased: "The OWASP Global
> > > > Industry Committee (GIC) shall expand awareness of and promote
> > > > the inclusion of software security best practices in Industry,
> > > > Government, Academia and regulatory agencies and be a voice for
> > > > industry. This will be accomplished through outreach; including
> > > > presentations, development of position papers and collaborative
> > > > efforts with other entities."
> > > > 
> > > > To be clear, I strongly believe that these goals are very
> > > > important for OWASP and our success in going beyond pen-testing
> > > > and making sure we can reach the wider community of developers
> > > > and end-users, and that we need an entity in OWASP to focus and
> > > > improve on that. 
> > > > - advocating industry interests and building relationship with
> > > > industry and eventually improving our corporate memberships and
> > > > influence. 
> > > > - initiating new industry related projects and building synergy
> > > > between these industry related projects and promoting them (CISO
> > > > guide, CISO Survey, Industry links, etc.). 
> > > > 
> > > > Back to the conversation with Jim and Sarah at the AppSec APAC
> > > > in Jeju: to find a way on how we can continue to work on these
> > > > goals in the current or a future framework. 
> > > > 
> > > > In general, it seems that it is accepted that the GIC is the one
> > > > committee that is still functioning reasonably well (though I
> > > > personally could see us improve on that - and myself becoming a
> > > > better chair) and fulfills important goals for OWASP. However,
> > > > there seems to be great hesitation (and political resistance) to
> > > > make an exception and keep the GIC alive as the only remaining
> > > > committee. 
> > > > 
> > > > Following we discussed various options: 
> > > > 1. Make the GIC an initiative: 
> > > > We had a discussion about why it would not be such a good idea
> > > > to change the GIC to an initiative. Two of the reasons why this
> > > > would not be a good fit: 
> > > > - initiatives shall a clear finite scope and lifetime (more like
> > > > a mini-project) and in fact the GIC serves the need for a
> > > > long-term contact point for industry relations and synergy
> > > > across different projects
> > > > - the GIC in fact inspires initiatives or projects that make
> > > > sense for industry members.
> > > > During our discussion it became clear and agreed that due to the
> > > > nature of the GIC and our current work, that to try and make the
> > > > GIC into an initiative would not be a viable solution. 
> > > > 
> > > > 2. Replacing the GIC with another to-be-founded entity: 
> > > > As I personally don't feel strongly about the name of a thing as
> > > > long as it does achieve the objective, the proposal was to close
> > > > the GIC and replace it with the "Global Industry Advisory
> > > > Board" (GIAB) with similar scope. 
> > > > This proposal was developed together during the conversation
> > > > between Sarah, Jim and myself and would have full support from
> > > > both of them and myself. 
> > > > 
> > > > Things that we would need to do for this to happen: 
> > > > - we need to write a document on the goals and the selection
> > > > process of the members and terms (I would base that on the
> > > > committee selection charter). 
> > > > - there will be a board meeting on Mar-11 and we should have
> > > > that document ready by Mar-7 so it can be send around in time
> > > > before the meeting, so the board can "nod on it". We would be
> > > > active on April-1 (or Mar-31 to avoid people thinking this is an
> > > > April-1 joke). 
> > > > 
> > > > This can actually also be an opportunity for us to review some
> > > > of our past committee weaknesses and try to learn from them: 
> > > > Some ideas of things we should consider: 
> > > > - define how and what to do with GIAB memberships if people do
> > > > not attend calls etc. E.g. it should be easier to remove members
> > > > and the chair if they are not active. One idea is to make the
> > > > terms of members and the chair finite and members need to
> > > > actively re-apply after 1 year. 
> > > > - be more clear on our goals and what specific success criteria
> > > > should be? 
> > > > - I liked the fact that for an application to the GIAB, you need
> > > > to be endorsed as one of the selection criteria. (the way we
> > > > handled this with the GIC with 5 endorsements). What do you
> > > > think would 3 endorsements be sufficient? What would be a good
> > > > number? The second selection criteria should be a vote by the
> > > > existing GIAB  members. 
> > > > - Initially for the transition, I propose to basically transfer
> > > > all the active members of the GIC into the GIAB and add active
> > > > volunteers based on their applications and member votes. 
> > > > - It would be good if we can have diversity in industry and
> > > > regions in the GIAB reflected in the members. 
> > > > (e.g. members from different industries and regions). That can
> > > > also help with active outreach and promotion of OWASP topics
> > > > towards different industries and regions. 
> > > > - I would suggest to limit the number of members to a maximum of
> > > > 12. 
> > > > (personally I think group sizes beyond 8 become less and less
> > > > effective - with twelve being a reasonable upper limit for the
> > > > GIAB)
> > > > 
> > > > What do you think about this plan? 
> > > > Would this be agreeable? 
> > > > 
> > > > Please let me know your feedback. 
> > > > 
> > > > I also will send round a doodle for time slots for our next call
> > > > in a few minutes. Please let me know ASAP, as I need to schedule
> > > > the call ASAP, so that we have a document for the board to
> > > > decide (nod on) in time. 
> > > > 
> > > > Cheers, Tobias
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Global_industry_committee mailing list
> > > Global_industry_committee at lists.owasp.org
> > > https://lists.owasp.org/mailman/listinfo/global_industry_committee
> > 
> > 
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_industry_committee/attachments/20130310/a9a713ab/attachment.html>


More information about the Global_industry_committee mailing list