[Global_industry_committee] GIC meeting scheduled for Friday Mar-1, 17:00 UTC/GMT - follow-up

Tobias tobias.gondrom at owasp.org
Mon Mar 11 08:17:01 UTC 2013


I hear you, but am not fully sure about whether there are any underlying
conflicts or your statements is mostly for information purposes.

1) Personally I may have a slightly different opinion on that, but see
no conflict to work in this frame, especially as I so far always had the
feeling, that working together with our staff is working well.

2) As I mentioned, I consider this a done deal, and as I said before, I
am a supported of the initiatives (in fact being one of the first people
to use the process last year) - so I see no point in discussing "water
under the bridge". I rather focus on going forward in the frame we have

3) Not sure what you mean by that, but as I said, I rather focus on what
we do now going forward.

4) Agree with regards to the other committees. And with regards to the
GIC to some extend that it was not as active as it should have been.
But just to be very clear, the GIC worked on several items last year
with success:
- drove the CISO Guide to good maturity
- kicked off the CISO Survey
- Industry tables at AppSec US (though we had a learning curve and made
some organisational mistakes in the process)
- UK Nominet Consultation
- ENISA Who-Is-Who Directory
- in South America we establish a relationship with the OAS. Thanks to
that, we could present the OWASP to all the South America CERTs (on
march 2012) and as a result of that the CERTs include the OWASP training
materials as part of they trainings.
- several requests from major corporates (e.g. Oracle) about specific
projects could be answered (though the answers were not always satisfying).

We can discuss on the value of these activities for OWASP and if you
think they were worthless or have better ideas, I am very interested and
keen to learn more.

5) And just so we don't have a mis-perception on cause and effect: in
case of the GIC this re-emergence of activity was mostly due to cleaning
up our team membership and re-energizing the team. To be clear, most, if
not all of these activities of the GIC started before the announcement
of the "initiatives".

Again, I am a strong supporter of the initiatives and can understand
that the committees were shut down.
In the case of the GIC, I am also a strong supporter of putting these
tasks now in the form of the GIAB as we discussed in Korea.

And I hope that we will have your full support for this move.

Best regards, Tobias

On 10/03/13 00:12, Jim Manico wrote:
> My candid (and personal) thoughts on this matter.
> 1) I feel the full time staff should be driving operations of OWASP more than the board. 
> 2) This initiative (to end committees) was driven by our staff. This started before I became a board member and I felt it was prudent to support the full time staffs initiatives that had started before I joined the board.
> 3) We were supposed to transition the closing of committees over several months instead of ending them in one announcement. This was a mistake.
> 4) The GIC committee was fairly inactivate for the past few years. Key word: years. Other committees suffered the same problem. If I am wrong here, please say so. I think this situation really encouraged the GIC members to take additional action which is a great thing. This is the main reason the committees were closed.
> 5) Almost every committee has seen increased activity because of this move!
> I am very sorry for any hurt feelings. But I think the most important thing is *activity* and being in-service to the mission. I do not think we need committees to spread awareness which is the core of our mission. But we do NEED active volunteers like you!
> I am more than happy to discuss this in more detail if you like.
> I am VERY impressed with the direction the new "Industry Board" is moving in. But the criteria to success is active volunteerism in support of the OWASP mission.
> Fair?
> Aloha,
> Jim
>> Hi Colin,
>> thanks a lot for your feedback and edit.
>> 1. I agree.
>> 2. Actually I don't care so much for the name as long as it works.
>> (Sarah and Jim are against any "committee" name inside (obviously as we
>> shut down the committees)
>> I like the term "Global" as I want to keep the global and cross country
>> aspect, regarding "Advisory", I don't care, and btw. am not totally
>> happy with the term "board" (as it may lead to misinterpretation with
>> our "OWASP Board". But as I didn't have any other good ideas, well.
>> Maybe you have some good ideas for names?
>> 3. Global Committee Chair meetings are dead, btw. already for a while. I
>> believe to remember, one time I attended, and basically had a chat with
>> Sarah and Helen.
>> And yes, we should send someone (or myself) to the board meetings. I
>> will attend the next board meeting on Mar-11 and hopefully we can have
>> someone from our team attending. (though I personally believe, probably
>> every 2nd month attendance should be sufficient.)
>> Just my 2cents, Tobias
>> On 04/03/13 02:22, Colin Watson wrote:
>>> Tobias
>>> Thanks for putting these pages up. It is very helpful to have
>>> something solid to comment on.
>>> A few thoughts below for consideration.
>>> 1)  I edited the page which said members have to attend 66% of
>>> meetings. Whilst attendance is important, I think leading,
>>> contributing or otherwise supporting activities is much more
>>> important. I'm pretty certain I would fail to attend 66% of meetings
>>> despite being very willing. I was late on Friday and thus missed it,
>>> and the next one is on a UK public holiday so its unlikely I can make
>>> that either.
>>> 2)  Are we definitely going the "Global" and "Advisory" in the title?
>>> 3)  Regarding governance, does the chair need to "attend or nominate"
>>> someone to OWASP Board and Global Committee Chair meetings? Virtual
>>> attendance too? Does the latter group exist any longer?
>>> Colin
>>> On 3 March 2013 11:21, Tobias <tobias.gondrom at owasp.org> wrote:
>>>> Hi all,
>>>> - also added Jim on cc to join the conversation and review the pages -
>>>> follow-up of our GIC call on Mar-1, even though with some technical problems
>>>> for several people dialing in (go2meeting seems to have been blocked by some
>>>> corporate firewalls). My apologies for that trouble. I will try to find an
>>>> alternative dial-in conference solution for future meetings. And just fyi a
>>>> link to a short meeting minutes page
>>>> (https://www.owasp.org/index.php/Industry:_Minutes_2013-03-01)
>>>> Going forward, I prepared the following Wiki pages for your consideration
>>>> and feedback and as basis for our discussion.
>>>> Please give your feedback ASAP as we need to submit this to the board until
>>>> Mar-8 for them to nod on it on Mar-11 and the GIAB to be ready by Mar-31.
>>>> Here the pages in Wiki. Please send comments or make changes directly to the
>>>> documents.
>>>> - https://www.owasp.org/index.php/Global_Industry_Advisory_Board
>>>> (the main page, with mission and goals, links to meeting minutes, etc.)
>>>> - https://www.owasp.org/index.php/Global_Industry_Advisory_Board_Governance
>>>> (the charter and how to select members and remove them)
>>>> - https://www.owasp.org/index.php/GIAB_nominated_candidates
>>>> (I took part of the nomination document of the old committes, and made it
>>>> shorter and removed all this "becoming a member be a great honor" stuff and
>>>> replaced it with serving our community.)
>>>> -
>>>> https://www.owasp.org/index.php/Global_Industry_Advisory_Board_Joining_Form_-_Template
>>>> (to be clear: I would not ask everybody who already had endorsements from
>>>> the GIC, to go through this process again; but I will link to the
>>>> endorsement pages from the GIC for this purpose.)
>>>> - And for all current GIC members: Please also email me or our mailing-list
>>>> a quick message whether you want to participate in the future GIAB.
>>>> Please let me know what you think?
>>>> All the best and looking forward to hearing from you!
>>>> Tobias
>>>> On 02/03/13 02:04, Tobias wrote:
>>>> Hi guys,
>>>> I like to check back with you. As I received some reports from people having
>>>> technical problems joining the call. If you had such a problem, could you
>>>> please send me a quick email, so I know in the future and will use a
>>>> different dial-in tool?
>>>> We had on this call only Mauro, Alexander, Sarah and myself. :-(
>>>> (below the Doodle sign-up)
>>>> Alexander and Mauro provided good feedback on the future of the GIC tasks,
>>>> and they support the notion to move to the GIAB approach.
>>>> We discussed some of the details.
>>>> I will prepare a short charter until Sunday (evening HK time, morning US
>>>> time) and will really need your input on that either before if you have a
>>>> good idea, or ASAP after that, as we have to put this to the board before
>>>> Mar-8!
>>>> Best regards, Tobias
>>>> On 02/03/13 01:08, Tobias wrote:
>>>> Hi guys,
>>>> in case you are trouble connecting, please try the go2meeting.
>>>> That works. Talk to you in a bit.
>>>> Best regards, Tobias
>>>> On 27/02/13 00:38, Tobias wrote:
>>>> Hello guys,
>>>> thanks a lot for your feedback on the scheduling of our next call on the
>>>> future of the GIC and my apologies for the short notice.
>>>> Based on that information, let's schedule our call for Friday March-1, 17:00
>>>> UK time (GMT+00:00)
>>>> http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130301T17&p1=136&ah=1
>>>> Agenda topics for the Global Industry Committee meeting:
>>>> - Future of GIC
>>>> - update of CISO Guide
>>>> - update of CISO Survey
>>>> - Industry Table at AppSec APAC
>>>> - industry bodies contacts?
>>>> - ...?
>>>> (and the link to the GIC page:
>>>> https://www.owasp.org/index.php/Global_Industry_Committee)
>>>> Please let me know if you can not attend this call.
>>>> Access to the GIC meeting is via Go2Meeting.
>>>> (So far there is only Audio, no need for slides at this point.)
>>>> 1.  Please join my meeting.
>>>> https://www3.gotomeeting.com/join/910785446
>>>> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.  Or,
>>>> call in using your telephone.
>>>> Dial +1 (213) 493-0606
>>>> (more dial-in numbers are at the bottom of the email)
>>>> Access Code: 910-785-446
>>>> Audio PIN: Shown after joining the meeting
>>>> Meeting ID: 910-785-446
>>>> Not at your computer? Click the link to join this meeting from your iPhone®,
>>>> iPad® or Android® device via the GoToMeeting app.
>>>> Best regards and looking forward to talking with you on Friday.
>>>> Cheers, Tobias
>>>> (GIC chair)

More information about the Global_industry_committee mailing list