This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Working Session - OWASP Intra Governmental Affairs
From OWASP
Revision as of 12:51, 7 November 2008 by Dc (talk | contribs) (Intra Government Affairs Working Group EU Summit Portugal 2008)
Working Sessions Operational Rules - Please see here the general frame of rules. |
---|
WORKING SESSION IDENTIFICATION | ||||||
---|---|---|---|---|---|---|
Work Session Name | OWASP Intra Governmental Affairs | |||||
Short Work Session Description | Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors. | |||||
Related Projects |
If any, add a link. | |||||
Email Contacts & Roles | Chair David Campbell |
Secretary Colin Watson , |
Mailing list Subscription Page |
WORKING SESSION SPECIFICS | ||||||
---|---|---|---|---|---|---|
Objectives |
| |||||
Venue/Date&Time/Model | Venue OWASP EU Summit Portugal 2008 |
Date&Time November 5 & 7, 2008 Time TBD |
Discussion Model "Everybody is a Participant" |
WORKING SESSION OPERATIONAL RESOURCES | ||||||
---|---|---|---|---|---|---|
Projector, also wireless connection for conferencing in remote participants. NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively. |
WORKING SESSION ADDITIONAL DETAILS | ||||||
---|---|---|---|---|---|---|
FIXME: UPDATE Presentation prepared by Puneet and DC to seed discussion and summarize outcomes. |
WORKING SESSION OUTCOMES | ||
---|---|---|
Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. | After the Board Meeting - fill in here. | |
Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards | After the Board Meeting - fill in here. | |
Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee. Assign a primary point of contact for gov't interaction for each country. Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP. | After the Board Meeting - fill in here. | |
Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira | After the Board Meeting - fill in here. | |
Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD | After the Board Meeting - fill in here. | |
Fill in here. | After the Board Meeting - fill in here. |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
WORKING SESSION PARTICIPANTS | ||||||
---|---|---|---|---|---|---|
Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
1 | David Campbell | OWASP Denver | Experience w/ US Govt. agencies | |||
2 | Puneet Mehta | OWASP Delhi | Experience w/ India Govt. Agencies | |||
3 | ||||||
4 | Colin Watson | Watson Hall | Raising awareness of OWASP in government agencies | |||
5 | Rex Booth | Grant Thornton LLP | Experience with US gov. agencies | |||
6 | Lucas C. Ferreira | Brazilian Parliament | Work for Brazilian government | |||
7 | ||||||
8 | ||||||
9 | ||||||
10 |
If needed add here more lines.