[Governance] Compliance Committee?

Joerg Stephan joerg.stephan at owasp.org
Mon Dec 8 21:49:32 UTC 2014

Hey Josh,

thanks for sharing this.

May I ask, cause I really don`t get it, what this "Compliance Comittee" is
all about?
>From the points above I understand that there should be rules how to get
the "membership" , but I can`t imagine what the theme of the party is.

Kind regards


On Mon, Dec 8, 2014 at 10:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Martin recently sent a message to some members of the Board proposing the
> idea of a Compliance Committee (see below).  I think this is a great idea
> and want to support it, but feel that this is a discussion that should be
> had in public on our Governance list.  Martin agreed and so I'm putting
> this out here to see how others feel.  He's got a host of excellent
> questions in his original message that definitely require some deep
> thoughts about how we want this process to work.  Is there somebody from
> our community who feels particularly passionate about the idea of a
> Compliance Committee and would like to take the lead here?
> ~josh
> ---------- Forwarded message ----------
> From: Martin Knobloch <martin.knobloch at owasp.org>
> Date: Mon, Nov 17, 2014 at 3:42 AM
> Subject: Re: Compliance committee
> To: Jim Manico <jim.manico at owasp.org>, Fabio Cerullo <fcerullo at owasp.org>,
> Josh Sokol <josh.sokol at owasp.org>
> Hi Jim,
> We have discussed a 'Compliant Committee'  (or whatever to call it)
> previously via email and at the AppSec-Eu and US.
> In general, I am in favor of such a committee, but there is a lot to think
> about:
> Due to the different nature (responsibilities), the membership of the
> committee cannot be open as for the other committees
> - therefore, we have to decide, can people apply or should the members be
> nominated?
> - nomination, application handled by whom?
> - screening of nominated / elected members?
> - time / expiration of committee 'membership'
> Whistle-blower  policy (and other regulations):
> - what are the implications / are there any changes needed in relation to
> the current (and currently updated) policies?
> - More guidelines, in short term some overhead, would be needed
> I can think of more, when given more time.
> Again, I am in favor of this, but it has to be done right form the
> beginning!
> Cheers,
> -martin
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20141208/3ccb5de4/attachment.html>

More information about the Governance mailing list