[Governance] Compliance Committee?

Josh Sokol josh.sokol at owasp.org
Mon Dec 8 21:40:13 UTC 2014


Martin recently sent a message to some members of the Board proposing the
idea of a Compliance Committee (see below).  I think this is a great idea
and want to support it, but feel that this is a discussion that should be
had in public on our Governance list.  Martin agreed and so I'm putting
this out here to see how others feel.  He's got a host of excellent
questions in his original message that definitely require some deep
thoughts about how we want this process to work.  Is there somebody from
our community who feels particularly passionate about the idea of a
Compliance Committee and would like to take the lead here?

~josh

---------- Forwarded message ----------
From: Martin Knobloch <martin.knobloch at owasp.org>
Date: Mon, Nov 17, 2014 at 3:42 AM
Subject: Re: Compliance committee
To: Jim Manico <jim.manico at owasp.org>, Fabio Cerullo <fcerullo at owasp.org>,
Josh Sokol <josh.sokol at owasp.org>


Hi Jim,

We have discussed a 'Compliant Committee'  (or whatever to call it)
previously via email and at the AppSec-Eu and US.

In general, I am in favor of such a committee, but there is a lot to think
about:

Due to the different nature (responsibilities), the membership of the
committee cannot be open as for the other committees
- therefore, we have to decide, can people apply or should the members be
nominated?
- nomination, application handled by whom?
- screening of nominated / elected members?
- time / expiration of committee 'membership'

Whistle-blower  policy (and other regulations):
- what are the implications / are there any changes needed in relation to
the current (and currently updated) policies?
- More guidelines, in short term some overhead, would be needed

I can think of more, when given more time.

Again, I am in favor of this, but it has to be done right form the
beginning!

Cheers,
-martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20141208/8fb95bf2/attachment.html>


More information about the Governance mailing list