[Owasp-leaders] [SAMM] Fwd: ISO/IEC 27034

Antonio Fontes antonio.fontes at owasp.org
Sun Aug 25 10:17:19 UTC 2013


"Multiple hats on chapter leaders", yes, as long as one "hat" does not
interfere with the other ones.

The case of ISO27034 is an interesting placeholder to a larger
discussion: at what moment will ISO be entitled/expected to announce
that OWASP contributed to the project and not just Sebastien/Jonathan?
What forms of collaboration actually constitute an expression of OWASP's
opinion/position as a community, and what are those, which constitute
the expression of opinions/positions of a single OWASP individual?

Or -asked another way- "when does a leader get a voice that speaks for
OWASP and not just for him/herself?"

Just to make sure my message is not misunderstood: I am not questioning
Sebastien/Jonathan's involvements in the ISO 27034 process. Quite to the
opposite, I highly vouch for them on this initiative but this is
probably because I both personally and professionally know them and
fully entrust them into this initiative, which may still not be the case
for other leaders.

If not done already, I would highly recommend this question to be
discussed in the workshops during the Appsec NY in November, just to
make sure that voices and opinions from leaders are well heard.

Eventually, do we have a process (not sure whether or not the word
"committee" comes here) that centralizes and lists these collaborations
with standardization bodies?


On 24.08.2013 10:09, Colin Watson wrote:
> Luc
> Thank you for your efforts with the new standard.
>> The best way to have an official access to the working draft will be that
>> OWASP ask to have an official liaison with ISO/SC27. In that way, OWASP will
>> be alloud to provide official comments ond contribution to the project. By
>> the way, other ISO standard projects may also be interesting for OWASP.
> I do not believe OWASP (as an organisation) can ever contribute
> resources and other effort to work that is against the principle of
> "free & open". At least that is my understanding.
>> I know that Sebastien Gioria is looking to be part of the SC27 France
>> committee.
> Presumably this is not as an official OWASP liaison but in his own
> professional, or employment, capacity? We all wear multiple "hats".
> Colin
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list