This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Global Industry Committee"
(→Meetings: 5 Jan 2010 minutes added) |
|||
Line 1: | Line 1: | ||
− | '''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.''' | + | '''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.''' |
− | ==Mission Statement== | + | == Mission Statement == |
− | ''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' | + | ''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' [https://www.owasp.org/index.php/Global_Industry_Committee#General_Presentations_and_Reports Powerpoint of Accomplishments] |
+ | <br> | ||
− | ==Committee Plan== | + | == Committee Plan == |
− | Step 1: | + | Step 1: [[Industry:Organizations for Outreach|Identify specific organizations]] worth working with to spread the OWASP gospel |
− | [[Industry: | ||
− | Step 2: | + | Step 2: Prioritize the proposed liasons based on potential impact, and also realistic likelihood of the organization actively working with us |
− | Prioritize the proposed liasons based on potential impact, and also realistic likelihood of the organization actively working with us | ||
− | Step 3: | + | Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact |
− | Execute, leveraging global OWASP resources as much as possible to maximize impact | ||
− | Step 4: | + | Step 4: Evaluate progress & repeat Step 1-3 |
− | Evaluate progress & repeat Step 1-3 | ||
− | ==Committee Members== | + | == Committee Members == |
− | Current Board Member Rep (appointed Jan 2010): [mailto:[email protected] Dave Wichers] | + | Current Board Member Rep (appointed Jan 2010): [mailto:[email protected] Dave Wichers] |
− | Original Board Member Rep: [mailto:[email protected] Tom Brennan] | + | Original Board Member Rep: [mailto:[email protected] Tom Brennan] |
− | + | <br> Committee Members: | |
− | Committee Members: | ||
{| class="prettytable" | {| class="prettytable" | ||
− | ! Name | + | |- |
− | ! Email | + | ! Name |
+ | ! Email | ||
! Location | ! Location | ||
|- | |- | ||
− | | Joe Bernik | + | | Joe Bernik |
− | | | + | |
| US | | US | ||
|- | |- | ||
− | | Rex Booth | + | | Rex Booth |
− | | rex.booth 'at' gt dot com | + | | rex.booth 'at' gt dot com |
| US | | US | ||
|- | |- | ||
− | | David Campbell | + | | David Campbell |
− | | dcampbell 'at' owasp dot org | + | | dcampbell 'at' owasp dot org |
| US | | US | ||
|- | |- | ||
− | | Alexander Fry | + | | Alexander Fry |
− | | alexander.fry 'at' owasp dot org | + | | alexander.fry 'at' owasp dot org |
| US | | US | ||
|- | |- | ||
− | | Georg Hess | + | | Georg Hess |
− | | georg.hess 'at' artofdefence dot com | + | | georg.hess 'at' artofdefence dot com |
| Germany | | Germany | ||
|- | |- | ||
− | | Eoin Keary | + | | Eoin Keary |
− | | eoin.keary 'at' owasp dot org | + | | eoin.keary 'at' owasp dot org |
| Ireland | | Ireland | ||
|- | |- | ||
− | | Yiannis Pavlosoglou | + | | Yiannis Pavlosoglou |
− | | yiannis 'at' owasp dot org | + | | yiannis 'at' owasp dot org |
| UK | | UK | ||
|- | |- | ||
− | | Colin Watson | + | | Colin Watson |
− | | colin.watson 'at' owasp dot org | + | | colin.watson 'at' owasp dot org |
| UK | | UK | ||
− | |||
|} | |} | ||
− | OWASP Employees: | + | OWASP Employees: |
− | |||
− | |||
− | + | *Alison | |
+ | *Kate Hartman | ||
− | == | + | == Getting Involved == |
− | + | === Mailing List === | |
− | + | [http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] | |
− | + | === Meetings === | |
− | + | The next Global Industry Committee meeting will be: | |
− | + | *TBC | |
− | + | Previous meetings are: | |
− | |||
− | === Membership === | + | *[[Industry:Minutes 2010-01-05|05 Jan 2010]] - [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 Recording (mp3) of the call] |
+ | *[[Industry:Minutes 2009-01-23|23 Jan 2009]] | ||
+ | |||
+ | === Membership === | ||
[[Membership]] explains how to become an OWASP organization supporter or individual member. | [[Membership]] explains how to become an OWASP organization supporter or individual member. | ||
− | You don't have to be an OWASP Member or Committee Member to contribute - the current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. | + | You don't have to be an OWASP Member or Committee Member to contribute - the current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. |
− | === Other ongoing initiatives === | + | === Other ongoing initiatives === |
− | * [http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide. | + | *[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide. |
− | * [http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry. | + | *[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry. |
− | * [http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents. | + | *[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents. |
− | ==Current Activity== | + | == Current Activity == |
− | === Work in Progress === | + | === Work in Progress === |
− | The current activities being undertaken: | + | The current activities being undertaken: |
{| class="prettytable" | {| class="prettytable" | ||
− | ! Task | + | |- |
− | ! Deadline | + | ! Task |
− | ! Type | + | ! Deadline |
− | ! Status | + | ! Type |
− | ! Description | + | ! Status |
+ | ! Description | ||
! Who | ! Who | ||
|- | |- | ||
− | | [http://www.enisa.europa.eu/ ENISA] Cloud Computing Common Assurance Metrics | + | | [http://www.enisa.europa.eu/ ENISA] Cloud Computing Common Assurance Metrics |
− | | 2010 | + | | 2010 |
− | | Standards | + | | Standards |
− | | New | + | | New |
− | | Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Metrics for ENISA's [http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework?searchterm=cloud Cloud Computing Information Assurance Framework]. See also the [http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment Cloud Computing Risk Assessment] report. | + | | Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Metrics for ENISA's [http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework?searchterm=cloud Cloud Computing Information Assurance Framework]. See also the [http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment Cloud Computing Risk Assessment] report. |
| CW | | CW | ||
|- | |- | ||
− | | [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]] | + | | [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]] |
− | | 5 Mar 2010 | + | | 5 Mar 2010 |
− | | Legislation | + | | Legislation |
− | | In Progress | + | | In Progress |
− | | Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice" | + | | Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice" |
| CW | | CW | ||
|- | |- | ||
− | | [http://www.spva.org Secure POS Vendor Alliance (SPVA)] | + | | [http://www.spva.org Secure POS Vendor Alliance (SPVA)] |
− | | - | + | | - |
− | | Outreach | + | | Outreach |
− | | In Progress | + | | In Progress |
| Begin dialogue about possibility of working together | | Begin dialogue about possibility of working together | ||
| DC | | DC | ||
|} | |} | ||
− | === Completed Items === | + | === Completed Items === |
{| class="prettytable" | {| class="prettytable" | ||
− | ! Task | + | |- |
− | ! Completed | + | ! Task |
− | ! Type | + | ! Completed |
− | ! Status | + | ! Type |
− | ! Description | + | ! Status |
+ | ! Description | ||
! Who | ! Who | ||
|- | |- | ||
− | | [[:Industry: | + | | [[:Industry:Draft NIST SP 800-37 Revision 1|NIST SP 800-37 Revision 1 FPD]] Review Project |
− | | 30 Dec 2009 | + | | 30 Dec 2009 |
− | | Standards | + | | Standards |
| Closed | | Closed | ||
− | | Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach" | + | | Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach" |
| RB | | RB | ||
|- | |- | ||
− | | [http://www.crest-approved.org/ CREST] CRESTCon | + | | [http://www.crest-approved.org/ CREST] CRESTCon |
− | | 15 Dec 2009 | + | | 15 Dec 2009 |
− | | Outreach | + | | Outreach |
| Closed | | Closed | ||
− | | Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th. | + | | Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th. |
| YP | | YP | ||
|- | |- | ||
− | | [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network] | + | | [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network] |
− | | 30 Nov 2009 | + | | 30 Nov 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way | + | | Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way |
| CW | | CW | ||
|- | |- | ||
− | | [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]] | + | | [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]] |
− | | 25 Nov 2009 | + | | 25 Nov 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements" | + | | Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements" |
| CW | | CW | ||
|- | |- | ||
− | | [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009] | + | | [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009] |
− | | 10-13 Nov 2009 | + | | 10-13 Nov 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Conference organisation - special effort to engage with US Federal sector | + | | Conference organisation - special effort to engage with US Federal sector |
| RB | | RB | ||
|- | |- | ||
− | | [http://www.justice.gov.uk/ UK Ministry of Justice] | + | | [http://www.justice.gov.uk/ UK Ministry of Justice] |
− | | - | + | | - |
− | | Legislation | + | | Legislation |
− | | Closed | + | | Closed |
− | | Ask to be added to official consultation list | + | | Ask to be added to official consultation list |
| CW | | CW | ||
|- | |- | ||
− | | [http://www.it-sa.de/ IT-SA] | + | | [http://www.it-sa.de/ IT-SA] |
− | | 13-15 Oct 2009 | + | | 13-15 Oct 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | OWASP booth at trade show | + | | OWASP booth at trade show |
| GH | | GH | ||
|- | |- | ||
− | | [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009] | + | | [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009] |
− | | 13 Oct 2009 | + | | 13 Oct 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Conference organisation | + | | Conference organisation |
| GH | | GH | ||
|- | |- | ||
− | | US [http://www.loc.gov Library of Congress] | + | | US [http://www.loc.gov Library of Congress] |
− | | 28 Sep 2009 | + | | 28 Sep 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Presentation about OWASP | + | | Presentation about OWASP |
| RB | | RB | ||
|- | |- | ||
− | | [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009] | + | | [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009] |
− | | 10 Sep 2009 | + | | 10 Sep 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Conference organisation | + | | Conference organisation |
| EK | | EK | ||
|- | |- | ||
− | | OWASP Citations | + | | OWASP Citations |
− | | 7 Sep 2009 | + | | 7 Sep 2009 |
− | | Other | + | | Other |
− | | Closed | + | | Closed |
− | | Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]] | + | | Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]] |
| CW | | CW | ||
|- | |- | ||
− | | US [http://www.loc.gov Library of Congress] | + | | US [http://www.loc.gov Library of Congress] |
− | | 26 Aug 2009 | + | | 26 Aug 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Presentation about OWASP | + | | Presentation about OWASP |
| RB | | RB | ||
|- | |- | ||
− | | OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit] | + | | OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit] |
− | | 13 Aug 2009 | + | | 13 Aug 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures]. | + | | Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures]. |
| DC | | DC | ||
|- | |- | ||
− | | [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]] | + | | [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]] |
− | | 31 Jul 2009 | + | | 31 Jul 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." | + | | Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." |
| CW | | CW | ||
|- | |- | ||
− | | [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project] | + | | [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project] |
− | | 8 Jul 2009 | + | | 8 Jul 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0] | + | | Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0] |
| TB | | TB | ||
|- | |- | ||
− | | [[Scotland]] | + | | [[Scotland]] |
− | | 25 Jun 2009 | + | | 25 Jun 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]]) | + | | Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]]) |
| CW | | CW | ||
|- | |- | ||
− | | OWASP Presentation at [http://cfp2009.org/ CFP Con 2009] | + | | OWASP Presentation at [http://cfp2009.org/ CFP Con 2009] |
− | | 1 Jun 2009 | + | | 1 Jun 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Deliver presentation on web threats and countermeasures. | + | | Deliver presentation on web threats and countermeasures. See [http://www.cfp2009.org/wiki/index.php/Tutorials/Workshops CFP tutorial page] grep OWASP for more info. |
| DC | | DC | ||
|- | |- | ||
− | | ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory] | + | | ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory] |
− | | - | + | | - |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters. | + | | Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters. |
| CW | | CW | ||
|- | |- | ||
− | | IIL [http://www.iilondon.co.uk/ Insurance Institute of London] | + | | IIL [http://www.iilondon.co.uk/ Insurance Institute of London] |
− | | 2 Jun 2009 | + | | 2 Jun 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce] | + | | Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce] |
| CW | | CW | ||
|- | |- | ||
− | | [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]] | + | | [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]] |
− | | 29 May 2009 | + | | 29 May 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management" | + | | Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management" |
| CW/EK/RB/DC | | CW/EK/RB/DC | ||
|- | |- | ||
− | | German IT Industry Association | + | | German IT Industry Association |
− | | 15 May 2009 | + | | 15 May 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Presentation on OWASP | + | | Presentation on OWASP |
| GH | | GH | ||
|- | |- | ||
− | | [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines] | + | | [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines] |
− | | 7 May 2009 | + | | 7 May 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP | + | | Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP |
| DC | | DC | ||
|- | |- | ||
− | | [[Industry:DPC BS 10012|DPC BS 10012]] | + | | [[Industry:DPC BS 10012|DPC BS 10012]] |
− | | 31 Mar 2009 | + | | 31 Mar 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC) | + | | Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC) |
| CW | | CW | ||
|- | |- | ||
− | | [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]] | + | | [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]] |
− | | 27 Mar 2009 | + | | 27 Mar 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations" | + | | Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations" |
| RB | | RB | ||
|- | |- | ||
− | | [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]] | + | | [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]] |
− | | 13 Mar 2009 | + | | 13 Mar 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)" | + | | Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)" |
| CW | | CW | ||
|- | |- | ||
− | | [[London]] | + | | [[London]] |
− | | 12 Mar 2009 | + | | 12 Mar 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]]) | + | | Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]]) |
| CW | | CW | ||
|- | |- | ||
− | | [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]] | + | | [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]] |
− | | 11 Mar 2009 | + | | 11 Mar 2009 |
− | | Legislation | + | | Legislation |
− | | Closed | + | | Closed |
| Provide response to UK Government's "Digital Britain Interim Report Jan 2009" | | Provide response to UK Government's "Digital Britain Interim Report Jan 2009" | ||
| CW | | CW | ||
|- | |- | ||
− | | [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range] | + | | [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range] |
− | | 5 Mar 2009 | + | | 5 Mar 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Conference organisation | + | | Conference organisation |
| DC | | DC | ||
|- | |- | ||
− | | US [http://www.commerce.gov/ Department of Commerce] | + | | US [http://www.commerce.gov/ Department of Commerce] |
− | | 25 Feb 2009 | + | | 25 Feb 2009 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Presentation about OWASP to Economic Security Working Group | + | | Presentation about OWASP to Economic Security Working Group |
| RB | | RB | ||
|- | |- | ||
− | | [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]] | + | | [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]] |
− | | 31 Jan 2009 | + | | 31 Jan 2009 |
− | | Standards | + | | Standards |
− | | Closed | + | | Closed |
− | | Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC) | + | | Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC) |
| Puneet/CW | | Puneet/CW | ||
|- | |- | ||
| AppSec Presentation Delivered to Infragard, Dec 2008 | | AppSec Presentation Delivered to Infragard, Dec 2008 | ||
− | | Dec 2008 | + | | Dec 2008 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. | + | | [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. [http://docs.google.com/Present?docid=ddkr62qv_0cn7km4c3&skipauth=true Presentation here]. Email DC for full PPT with speaker notes |
| DC | | DC | ||
|- | |- | ||
− | | The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk] | + | | The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk] |
− | | Nov 2008 | + | | Nov 2008 |
− | | Outreach | + | | Outreach |
− | | Closed | + | | Closed |
− | | Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website | + | | Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website |
| DC | | DC | ||
− | |||
|} | |} | ||
− | === General Presentations and Reports === | + | === General Presentations and Reports === |
+ | |||
+ | [[Summit 2009]] | ||
− | + | *Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]] | |
− | * Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]] | ||
− | Summaries (for inclusion into other full OWASP presentations): | + | Summaries (for inclusion into other full OWASP presentations): |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | *Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]] | ||
+ | *Jul 2009 [[Image:Owasp-industry-committee-summary-july-2009.ppt]] | ||
+ | *May 2009 [[Image:Owasp-industry-committee-summary-may-2009.ppt]] | ||
+ | *Apr 2009 [[Image:Owasp-industry-committee-summary-april-2009.ppt]] | ||
+ | *Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]] | ||
+ | <br> | ||
Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees] | Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees] |
Revision as of 02:14, 16 January 2010
The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.
Mission Statement
To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities. Powerpoint of Accomplishments
Committee Plan
Step 1: Identify specific organizations worth working with to spread the OWASP gospel
Step 2: Prioritize the proposed liasons based on potential impact, and also realistic likelihood of the organization actively working with us
Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact
Step 4: Evaluate progress & repeat Step 1-3
Committee Members
Current Board Member Rep (appointed Jan 2010): Dave Wichers
Original Board Member Rep: Tom Brennan
Committee Members:
Name | Location | |
---|---|---|
Joe Bernik | [email protected] | US |
Rex Booth | rex.booth 'at' gt dot com | US |
David Campbell | dcampbell 'at' owasp dot org | US |
Alexander Fry | alexander.fry 'at' owasp dot org | US |
Georg Hess | georg.hess 'at' artofdefence dot com | Germany |
Eoin Keary | eoin.keary 'at' owasp dot org | Ireland |
Yiannis Pavlosoglou | yiannis 'at' owasp dot org | UK |
Colin Watson | colin.watson 'at' owasp dot org | UK |
OWASP Employees:
- Alison
- Kate Hartman
Getting Involved
Mailing List
Meetings
The next Global Industry Committee meeting will be:
- TBC
Previous meetings are:
Membership
Membership explains how to become an OWASP organization supporter or individual member.
You don't have to be an OWASP Member or Committee Member to contribute - the current committee members joined for a 12 month term - see How to Join a Committee and Global Committee Pages.
Other ongoing initiatives
- Special Interest Groups - Outreach to sector-specific critical infrastructures worldwide.
- OWASP India Advisory Board - Regional panel contributing to the software outsourcing industry.
- OWASP Citations - References to OWASP in official, or otherwise important, documents.
Current Activity
Work in Progress
The current activities being undertaken:
Task | Deadline | Type | Status | Description | Who |
---|---|---|---|---|---|
ENISA Cloud Computing Common Assurance Metrics | 2010 | Standards | New | Work with Category:OWASP Cloud ‐ 10 Project to contribute to the development of Common Assurance Metrics for ENISA's Cloud Computing Information Assurance Framework. See also the Cloud Computing Risk Assessment report. | CW |
Personal Information Online COP | 5 Mar 2010 | Legislation | In Progress | Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice" | CW |
Secure POS Vendor Alliance (SPVA) | - | Outreach | In Progress | Begin dialogue about possibility of working together | DC |
Completed Items
Task | Completed | Type | Status | Description | Who |
---|---|---|---|---|---|
NIST SP 800-37 Revision 1 FPD Review Project | 30 Dec 2009 | Standards | Closed | Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach" | RB |
CREST CRESTCon | 15 Dec 2009 | Outreach | Closed | Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th. | YP |
SDL Pro Network | 30 Nov 2009 | Outreach | Closed | Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way | CW |
Draft NIST IR 7628 | 25 Nov 2009 | Standards | Closed | Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements" | CW |
Appsec DC 2009 | 10-13 Nov 2009 | Outreach | Closed | Conference organisation - special effort to engage with US Federal sector | RB |
UK Ministry of Justice | - | Legislation | Closed | Ask to be added to official consultation list | CW |
IT-SA | 13-15 Oct 2009 | Outreach | Closed | OWASP booth at trade show | GH |
OWASP AppSec Germany 2009 | 13 Oct 2009 | Outreach | Closed | Conference organisation | GH |
US Library of Congress | 28 Sep 2009 | Outreach | Closed | Presentation about OWASP | RB |
OWASP Ireland AppSec 2009 | 10 Sep 2009 | Outreach | Closed | Conference organisation | EK |
OWASP Citations | 7 Sep 2009 | Other | Closed | Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: Industry:Citations | CW |
US Library of Congress | 26 Aug 2009 | Outreach | Closed | Presentation about OWASP | RB |
OWASP webcast at Brighttalk Data and Privacy in Web 2.0 Summit | 13 Aug 2009 | Outreach | Closed | Deliver OWASP presentation on XSS, client side exploitation, and countermeasures. | DC |
SAFECode Secure Development Practices (update to Oct 2008 version) | 31 Jul 2009 | Standards | Closed | Response to SAFECode "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." | CW |
OWASP CSA Project | 8 Jul 2009 | Standards | Closed | Response to RFC Cloud Security Alliance Guidance v1.0 | TB |
Scotland | 25 Jun 2009 | Outreach | Closed | Presentation about the Global Industry Committee, its role and recent activities (presentation slides File:Owasp-scotland-industry-committee-june-2009.ppt and written notes File:Owasp-scotland-industry-committee-june-2009-notes.pdf) | CW |
OWASP Presentation at CFP Con 2009 | 1 Jun 2009 | Outreach | Closed | Deliver presentation on web threats and countermeasures. See CFP tutorial page grep OWASP for more info. | DC |
ENISA Who-Is-Who Directory | - | Outreach | Closed | Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters. | CW |
IIL Insurance Institute of London | 2 Jun 2009 | Outreach | Closed | Contact IIL regarding future input to their publication Insurance Aspects of E-Commerce | CW |
Draft NIST SP 800-118 | 29 May 2009 | Standards | Closed | Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management" | CW/EK/RB/DC |
German IT Industry Association | 15 May 2009 | Outreach | Closed | Presentation on OWASP | GH |
Outreach Presentation to Frontier Airlines | 7 May 2009 | Outreach | Closed | Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP | DC |
DPC BS 10012 | 31 Mar 2009 | Standards | Closed | Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC) | CW |
Draft NIST SP 800-53 Revision 3 | 27 Mar 2009 | Standards | Closed | Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations" | RB |
Draft NIST SP 800-122 | 13 Mar 2009 | Standards | Closed | Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)" | CW |
London | 12 Mar 2009 | Outreach | Closed | Presentation about the Global Industry Committee, its role and recent activities (presentation slides File:Owasp-london-industry-committee-march-2009.ppt and written notes File:Owasp-london-industry-committee-march-2009-notes.pdf) | CW |
Digital Britain Interim Report | 11 Mar 2009 | Legislation | Closed | Provide response to UK Government's "Digital Britain Interim Report Jan 2009" | CW |
SnowFROC Front Range | 5 Mar 2009 | Outreach | Closed | Conference organisation | DC |
US Department of Commerce | 25 Feb 2009 | Outreach | Closed | Presentation about OWASP to Economic Security Working Group | RB |
DPC BS 8878:2009 | 31 Jan 2009 | Standards | Closed | Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC) | Puneet/CW |
AppSec Presentation Delivered to Infragard, Dec 2008 | Dec 2008 | Outreach | Closed | Infragard is a collaboration between the US FBI and maintainers of critical infrastructure. Presentation here. Email DC for full PPT with speaker notes | DC |
The Register Google Analytics — Yes, it is a security risk | Nov 2008 | Outreach | Closed | Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website | DC |
General Presentations and Reports
- Global Industry Committee Presentation File:Owasp-summit2009-industry-committee.ppt
Summaries (for inclusion into other full OWASP presentations):
- Sep 2009 File:Owasp-industry-committee-summary-september-2009.ppt
- Jul 2009 File:Owasp-industry-committee-summary-july-2009.ppt
- May 2009 File:Owasp-industry-committee-summary-may-2009.ppt
- Apr 2009 File:Owasp-industry-committee-summary-april-2009.ppt
- Mar 2009 File:Owasp-industry-committee-summary-march-2009.ppt
Other Global Committees