This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Industry:Minutes 2011-06-16

Jump to: navigation, search


The Global Industry Committee was created during the OWASP EU Summit in Portugal 2008. The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.

Roll Call

Global Industry Committee Call: June 16, 2011 at 16:00 UTC/GMT


  • Lorna Alamri
  • Sherif Koussa
  • Jerry Hoff
  • Kelly SantaLucia
  • Kate Hartman
  • Sarah Baso


  • Joe Bernik (Chair)
  • Rex Booth
  • David Campbell
  • Colin Watson
  • Mauro Flores
  • Mateo Martinez
  • Alexander Fry
  • Nishi Kumar

Open GIC Action Items

Follow up on GIC Working Sessions at AppSec EU

3 sessions on Friday, June 10 2011 (second day of the conference)

  • 1st session:GIC Outreach Presentation 10:15-11:00 am
    • Lorna Alamri replaced Nishi Kumar, who had a last minute work conflict and had to cancel her trip.
    • Nishi provided the slide show and Lorna presented to about 5 people who were in attendance
    • Lorna Alamri - will follow up with email to attendees regarding industry outreach
  • 2nd session: Gathering Information - Industry CISO Survey 12:05-12:50 pm, presented by Rex Booth
    • 3 people in attendance (in addition to committee members - Lorna Alamri and Colin Watson)
    • Report/session notes from Rex Booth pending
  • 3rd session: Industry Roundtable discussion 3:00-3:45 pm, presented by Sarah Baso with remote participation by Joe Bernik
    • Unattended

Plans for AppSec USA

Are we going to have Industry outreach session(s)/track?

  • Jerry Hoff is attending AppSec USA and is happy to assist with Industry Outreach, Sherif Koussa does not know yet if he will attend
  • If GIC wants to have outreach session(s) here similar to appsec EU, more planning and marketing needs to occur around the sessions to ensure their success

SANS workshop in Washington DC

Nist Draft on Cloud Computing

  • NIST wants comments on its cloud computing guide, which includes

security concerns. The announcement is here:

  • Any interest in comment on the NIST cloud computing guide? Sarah Baso to send out email reminder to GIC list to see if anyone is interested in taking this on.

Nomination of IS Pros for the 2011 GISLAs

Are we doing anything with PCI Security Standards?

  • No current comments/interest in this initiative.

GIC Governance Policies

Currently listed here:

  • Will be implemented based on no response from committee members, policies may be superceded by policies applying to all

Next Meeting

2 weeks

  • 30 June, 2011 16:00 UTC/GMT
  • Dial in: +1-866-534-4754, code: 69277
  • Industry Outreach activities for AppSec USA will be priority discussion (considering lessons learned from AppSec EU).