[Owasp-leaders] [SAMM] Fwd: ISO/IEC 27034

Dennis Groves dennis.groves at owasp.org
Sun Aug 25 15:53:33 UTC 2013


On 25 Aug 2013, at 3:17, Antonio Fontes wrote:

> leaders,
>
> "Multiple hats on chapter leaders", yes, as long as one "hat" does not
> interfere with the other ones.
>
>
> The case of ISO27034 is an interesting placeholder to a larger
> discussion: at what moment will ISO be entitled/expected to announce
> that OWASP contributed to the project and not just Sebastien/Jonathan?
> What forms of collaboration actually constitute an expression of 
> OWASP's
> opinion/position as a community, and what are those, which constitute
> the expression of opinions/positions of a single OWASP individual?
>
> Or -asked another way- "when does a leader get a voice that speaks for
> OWASP and not just for him/herself?"

Few people can make any such claim as having a voice that speaks for 
OWASP. Those that do, already know whom they are. Second, it is 
important to realise that the community grants that voice to those 
leaders through their acceptance of that leaders vision.

> Just to make sure my message is not misunderstood: I am not 
> questioning
> Sebastien/Jonathan's involvements in the ISO 27034 process. Quite to 
> the
> opposite, I highly vouch for them on this initiative but this is
> probably because I both personally and professionally know them and
> fully entrust them into this initiative, which may still not be the 
> case
> for other leaders.
>
> If not done already, I would highly recommend this question to be
> discussed in the workshops during the Appsec NY in November, just to
> make sure that voices and opinions from leaders are well heard.
>
> Eventually, do we have a process (not sure whether or not the word
> "committee" comes here) that centralizes and lists these 
> collaborations
> with standardization bodies?

I am BSI-ISO/SC27/WG4; I know I am not also alone in being in OWASP and 
on the standards committee. Obviously so are Jonathan and Sebastien, and 
there must be many others as well.  It maybe useful indeed for us to 
gather in NY at AppSec USA so we can work on a process for engaging with 
standards bodies.


[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

     Unless someone like you...cares a whole awful lot...
     nothing is going to get better...It's not."
                                             -- The Lorax


More information about the OWASP-Leaders mailing list