This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Global Industry Committee"

From OWASP
Jump to: navigation, search
m (Completed Items: added direct link to froc videos etc.)
(Thank you added)
 
(180 intermediate revisions by 12 users not shown)
Line 1: Line 1:
'''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.'''
+
__NOTOC__
 +
{{Global_Committee_Retirement}}
  
== Mission Statement ==
+
Thank you to everyone who participated in, and contributed to, the Global Industry Committee up until 1st April 2013.
  
''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' [https://www.owasp.org/index.php/Global_Industry_Committee#General_Presentations_and_Reports Powerpoint of Accomplishments]
+
==== About the Committee ====
  
<br>
+
=== Mission Statement ===
  
== Committee Plan ==
+
The Global Industry Committee was created during the OWASP EU Summit in Portugal. '''The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.'''  The committee is governed by the [[Global Industry Committee Governance]] document.
 +
<br>
  
Step 1: [[Industry:Organizations for Outreach|Identify specific organizations]] worth working with to spread the OWASP gospel
 
  
Step 2: Prioritize the proposed liasons based on potential impact, and also realistic likelihood of the organization actively working with us
+
=== Committee Members ===
 +
<br>Members:  
  
Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact
+
{| class="prettytable FCK__ShowTableBorders"
 
 
Step 4: Evaluate progress &amp; repeat Step 1-3
 
 
 
== Committee Members ==
 
 
 
Current Board Member Rep (appointed Jan 2010): [mailto:[email protected] Dave Wichers]
 
 
 
Original Board Member Rep: [mailto:[email protected] Tom Brennan]
 
 
 
<br> Committee Members:
 
 
 
{| class="prettytable"
 
 
|-
 
|-
 
! Name  
 
! Name  
Line 31: Line 21:
 
! Location
 
! Location
 
|-
 
|-
| Joe Bernik
+
| Tobias Gondrom
| bernik@gmail.com
+
| tobias.gondrom 'at' owasp dot org
| US
+
| HK, UK and DE
 
|-
 
|-
| Rex Booth  
+
| Rex Booth
| rex.booth 'at' gt dot com
+
| rex.booth 'at' owasp dot org
| US
+
| DC, USA
 
|-
 
|-
| David Campbell
+
| Mauro Flores
| dcampbell 'at' owasp dot org  
+
| mauro.flores 'at' owasp dot org  
| US
+
| Uruguay
 
|-
 
|-
 
| Alexander Fry  
 
| Alexander Fry  
 
| alexander.fry 'at' owasp dot org  
 
| alexander.fry 'at' owasp dot org  
| US
+
| USA
|-
 
| Georg Hess
 
| georg.hess 'at' artofdefence dot com
 
| Germany
 
 
|-
 
|-
| Eoin Keary  
+
| Eoin Keary
 
| eoin.keary 'at' owasp dot org  
 
| eoin.keary 'at' owasp dot org  
| Ireland
+
| Dublin, Ireland
 
|-
 
|-
| Yiannis Pavlosoglou
+
| Mateo Martinez
| yiannis 'at' owasp dot org  
+
| mateo.martinez 'at' owasp dot org  
| UK
+
| Uruguay
 
|-
 
|-
 
| Colin Watson  
 
| Colin Watson  
 
| colin.watson 'at' owasp dot org  
 
| colin.watson 'at' owasp dot org  
 
| UK
 
| UK
 +
|-
 +
| Marco Morana
 +
| marco.m.morana 'at' citi dot com
 +
| Italy
 +
|-
 +
| Christian Papathanasiou
 +
| christian.papathanasiou 'at' owasp dot org
 +
| Greece
 
|}
 
|}
  
OWASP Employees:
 
  
*Alison
+
'''§ The committee chair is Tobias Gondrom.'''  The previous chairs were:
*Kate Hartman
 
  
== Getting Involved ==
+
*Rex Booth (July 2011 to September 2012)
 +
*Joe Bernik (Feb 2011 to July 2011)
 +
*Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
 +
*Colin Watson (Nov 2009 to Oct 2010)
 +
 
 +
 
 +
Former members of the committee:
 +
*David Campbell
 +
*Georg Hess
 +
*Eoin Keary
 +
*Yiannis Pavlosoglou
 +
*Joe Bernik
 +
*Nishi Kumar
 +
*Lorna Alamri
 +
*Sherif Koussa
 +
 
 +
 
 +
 
 +
==== Meetings and Getting Involved ====
  
 
=== Mailing List  ===
 
=== Mailing List  ===
  
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list]  
+
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] - this is the best way to find out what's going on day-to-day, and to provide input.
 +
 
  
 
=== Meetings  ===
 
=== Meetings  ===
 +
Currently, the Global Industry Committee conference call meetings approximately every 4 weeks and last no longer than an hour.
 +
  
The next Global Industry Committee meeting will be:  
+
The '''next Global Industry Committee meeting''' will be:  
 +
'''Monday Oct-15, 2012, 18:00 UTC / GMT.'''
  
*TBC
+
Global Meeting Time Planner - [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20121015T19&p1=136&ah=1 Click Here]
** Dial in number: +1 866 534 4754
 
** Call code 192341
 
  
Previous meetings are:
+
'''Meeting agenda'''
 +
* CISO Guide
 +
* CISO Survey
 +
* Industry Table at AppSec US
 +
* industry bodies contacts?
 +
* ...?
  
* 18 May 2010
+
 
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] - [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 Recording (mp3) of the call]  
+
Minutes of previous meetings are:
 +
* [[Industry: Minutes_2013-03-01|1.March 2013]]
 +
* December 2012 (call on the CISO Guide and CISO Survey project)
 +
* October 2012
 +
*[[Industry:Minutes_2012-06-13|13 June 2012]]
 +
* 19 April 2012
 +
* 02 September 2011
 +
* 28 July 2011
 +
*[[Industry:Minutes_2011-06-16|16 June 2011]]
 +
*[[Industry:Minutes_2011-05-13|13 May 2011]]
 +
*[[Industry:Minutes_2011-04-29|29 Apr 2011]]
 +
*[[Industry:Minutes_2011-04-08|08 Apr 2011]]
 +
*[[Industry:Minutes 2011-03-18|18 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03182011.pdf| PDF of 18 Mar 2011 Meeting Minutes]])
 +
*[[Industry:Minutes 2011-03-04|04 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03042011.pdf| PDF of 04 Mar 2011 Meeting Minutes]]) ([https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN Proposed GIC Budget for 2011])
 +
*[[Industry:Minutes 2011-02-25|25 Feb 2011]] ([[Media:GIC_Meeting_Minutes_02252011.pdf| PDF of 25 Feb 2011 Meeting Minutes]])
 +
*[[Media:Summit2011-industry-committee-outcomes.pdf|9 Feb 2011]] (Summit outcomes)
 +
*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])
 +
*[[Industry:Minutes 2010-05-18|18 May 2010]]
 +
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] (also [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 MP3 recording of the call])
 
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]
 
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]
 +
* 16 Dec 2010
  
 
=== Membership  ===
 
=== Membership  ===
  
[[Membership]] explains how to become an OWASP organization supporter or individual member.  
+
[[Membership]] explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.  
  
You don't have to be an OWASP Member or Committee Member to contribute - the current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]].  
+
The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.  
  
=== Other ongoing initiatives  ===
 
  
*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
+
==== Current Activity ====
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
 
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.
 
  
== Current Activity ==
 
  
 
=== Work in Progress  ===
 
=== Work in Progress  ===
Line 107: Line 139:
 
The current activities being undertaken:  
 
The current activities being undertaken:  
  
{| class="prettytable"
+
{| class="prettytable FCK__ShowTableBorders"
 
|-
 
|-
 
! Task  
 
! Task  
Line 116: Line 148:
 
! Who
 
! Who
 
|-
 
|-
| OWASP Financial Services SIG
+
| Nominet Consultation
| -
+
| Jan 2013
| Outreach
+
| Standards
| In Progress
+
| New
| Working with Fabio Cerullo, Eoin Keary, Jim Routh, Jerry Kickenson and others on forming a SIG
+
| Submit response to proposed security aspects of Nominet's [http://www.nominet.org.uk/how-participate/policy-development/current-policy-discussions-and-consultations/consultation-new-uk consultation on a new .uk domain name service]
| JB/EK
 
|-
 
| [[Industry:ENISA Cloud Computing Common Assurance Metrics|ENISA Common Assurance Maturity Model]]
 
| 2010
 
| Standards  
 
| In Progress
 
| Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Maturity Model for [http://www.enisa.europa.eu/ ENISA]'s [http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework?searchterm=cloud Cloud Computing Information Assurance Framework].
 
 
| CW
 
| CW
 
|-
 
|-
| [http://www.spva.org Secure POS Vendor Alliance (SPVA)]
 
| -
 
| Outreach
 
| In Progress
 
| Begin dialogue about possibility of working together
 
| DC
 
|}
 
 
=== Completed Items  ===
 
 
{| class="prettytable"
 
|-
 
! Task
 
! Completed
 
! Type
 
! Status
 
! Description
 
! Who
 
|-
 
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010 Front Range OWASP Conference (FROC) 2010]
 
| 2 Jun 2010
 
| Outreach
 
| Completed.  [http://tinyurl.com/froctalks Vids & presentations online]
 
| Conference organisation
 
| DC
 
 
|-
 
|-
| [http://www.isaca-denver.org/meetings/MAY_2010_CHPT_MTG.shtml OWASP Presentation at ISACA Denver Annual Meeting]
+
| ENISA Who-Is-Who Directory
| 27 May 2010
+
| Sep 2012
| Outreach  
+
| Outreach
| Completed. [https://docs.google.com/fileview?id=0B_-vbfka88vFNjIwY2IwYjItZmYyNi00MmNiLWFhOWItYmQ4OGZmZjVmZWUx&hl=en Presentation online]
+
| New
| Conference organisation
+
| Request update to ENISA Who-Is-Who directory ([http://www.enisa.europa.eu/publications/who-is-who-directory-2011 2011 version]) for OWASP and OWASP UK; promote other EU chapters to submit information
| DC
 
|-
 
| [http://www.issa-uk.org/ ISSA-UK]
 
| 13 May 2010
 
| Closed
 
| In Progress
 
| Presentation
 
| YP
 
|-
 
| [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]]
 
| 5 Mar 2010
 
| Legislation
 
| Closed
 
| Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice"
 
| YP
 
|-
 
| [http://www.enisa.europa.eu/ ENISA] Mobile Apps
 
| Mar 2010
 
| Outreach
 
| Closed
 
| Identify and introduce OWASP contact for ENISA's Mobile Apps Project, in conjunction with Dinis Cruz.
 
 
| CW
 
| CW
 
|-
 
|-
| [[Industry:Technology Strategy Board Secure Software Development Initiative|Technology Strategy Board Secure Software Development Partnership]]
+
| [https://www.owasp.org/index.php/Industry:DECC_Smart_Metering_Implementation Smart Metering Implementation Draft Licence Condition Relating to Security]
| 18 Feb 2010
+
| 18 Jul 2012
| Outreach
+
| Standards
 
| Closed
 
| Closed
| Liaise with the UK [http://www.innovateuk.org/ Technology Strategy Board] about the Secure Software Development Partnership (SSDP) in conjunction with the [http://www.owasp.org/index.php/London London chapter] leader Justin Clarke
+
| Submit response to UK smart meter security consultation
| CW
+
| CW, TG
 
|-
 
|-
| US [http://www.issa-nova.org Information Systems Security Association Northern Virginia Chapter (ISSA-NOVA)]
+
| Industry Outreach Sessions at OWASP AppSec EU 2012
| 21 Jan 2010
+
| 12 Jul 2012
| Outreach  
+
| Outreach
| Closed
 
| Provide presentation covering CSSLP, fundamentals of AppSec and Intro to OWASP and Global Industry Committee 
 
| AF
 
|-
 
| [http://www.enisa.europa.eu/ ENISA]
 
| Jan 2010
 
| Outreach  
 
 
| Closed
 
| Closed
| Discuss opportunities for OWASP to work with ENISA, in conjunction with Dinis Cruz.
+
| Conduct industry outreach sessions at AppSec EU to educate about OWASP initiatives and solicit feedback
 
| CW
 
| CW
 
|-
 
|-
| [[:Industry:Draft NIST SP 800-37 Revision 1|NIST SP 800-37 Revision 1 FPD]] Review Project
+
| [https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs AppSec Guide For CISO]
| 30 Dec 2009
+
| June 2013
| Standards
+
| Outreach
| Closed
+
| In progress, draft 75% completed
| Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach"
+
| Guide to help CISOs (Chief Information Security Officers) to manage application security programs
| RB
+
| MM
 
|-
 
|-
| [http://www.crest-approved.org/ CREST] CRESTCon
+
| [https://www.owasp.org/index.php/Industry:GIC_CISO_Survey_2013 CISO Survey 2013 on Application Security - Draft]
| 15 Dec 2009
+
| Feb 2013
| Outreach  
+
| Outreach
| Closed
+
| In progress
| Already an oversubscribed event, YP &amp; CW have been placed on the reserve list. Update: Positions secured for the 15th.
+
|  
| YP
+
| TG
 
|-
 
|-
| [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network]
+
| Industry Outreach Sessions at OWASP AppSec US 2012
| 30 Nov 2009
+
| 25 Oct 2012
| Outreach  
+
| Outreach
| Closed  
+
| Closed
| Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way
+
| Conduct industry outreach sessions at AppSec US to educate about OWASP initiatives and solicit feedback
| CW
+
| TG
 
|-
 
|-
| [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]]
 
| 25 Nov 2009
 
| Standards
 
| Closed
 
| Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements"
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009]
 
| 10-13 Nov 2009
 
| Outreach
 
| Closed
 
| Conference organisation - special effort to engage with US Federal sector
 
| RB
 
|-
 
| [http://www.justice.gov.uk/ UK Ministry of Justice]
 
| -
 
| Legislation
 
| Closed
 
| Ask to be added to official consultation list
 
| CW
 
|-
 
| [http://www.it-sa.de/ IT-SA]
 
| 13-15 Oct 2009
 
| Outreach
 
| Closed
 
| OWASP booth at trade show
 
| GH
 
|-
 
| [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009]
 
| 13 Oct 2009
 
| Outreach
 
| Closed
 
| Conference organisation
 
| GH
 
|-
 
| US [http://www.loc.gov Library of Congress]
 
| 28 Sep 2009
 
| Outreach
 
| Closed
 
| Presentation about OWASP
 
| RB
 
|-
 
| [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009]
 
| 10 Sep 2009
 
| Outreach
 
| Closed
 
| Conference organisation
 
| EK
 
|-
 
| OWASP Citations
 
| 7 Sep 2009
 
| Other
 
| Closed
 
| Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]]
 
| CW
 
|-
 
| US [http://www.loc.gov Library of Congress]
 
| 26 Aug 2009
 
| Outreach
 
| Closed
 
| Presentation about OWASP
 
| RB
 
|-
 
| OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit]
 
| 13 Aug 2009
 
| Outreach
 
| Closed
 
| Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures].
 
| DC
 
|-
 
| [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]]
 
| 31 Jul 2009
 
| Standards
 
| Closed
 
| Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today."
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project]
 
| 8 Jul 2009
 
| Standards
 
| Closed
 
| Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0]
 
| TB
 
|-
 
| [[Scotland]]
 
| 25 Jun 2009
 
| Outreach
 
| Closed
 
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]])
 
| CW
 
|-
 
| OWASP Presentation at [http://cfp2009.org/ CFP Con 2009]
 
| 1 Jun 2009
 
| Outreach
 
| Closed
 
| Deliver presentation on web threats and countermeasures. See [http://www.cfp2009.org/wiki/index.php/Tutorials/Workshops CFP tutorial page] grep OWASP for more info.
 
| DC
 
|-
 
| ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory]
 
| -
 
| Outreach
 
| Closed
 
| Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters.
 
| CW
 
|-
 
| IIL [http://www.iilondon.co.uk/ Insurance Institute of London]
 
| 2 Jun 2009
 
| Outreach
 
| Closed
 
| Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce]
 
| CW
 
|-
 
| [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]]
 
| 29 May 2009
 
| Standards
 
| Closed
 
| Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management"
 
| CW/EK/RB/DC
 
|-
 
| German IT Industry Association
 
| 15 May 2009
 
| Outreach
 
| Closed
 
| Presentation on OWASP
 
| GH
 
|-
 
| [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines]
 
| 7 May 2009
 
| Outreach
 
| Closed
 
| Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP
 
| DC
 
|-
 
| [[Industry:DPC BS 10012|DPC BS 10012]]
 
| 31 Mar 2009
 
| Standards
 
| Closed
 
| Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC)
 
| CW
 
|-
 
| [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]]
 
| 27 Mar 2009
 
| Standards
 
| Closed
 
| Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations"
 
| RB
 
|-
 
| [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]]
 
| 13 Mar 2009
 
| Standards
 
| Closed
 
| Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)"
 
| CW
 
|-
 
| [[London]]
 
| 12 Mar 2009
 
| Outreach
 
| Closed
 
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]])
 
| CW
 
|-
 
| [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]]
 
| 11 Mar 2009
 
| Legislation
 
| Closed
 
| Provide response to UK Government's "Digital Britain Interim Report Jan 2009"
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range]
 
| 5 Mar 2009
 
| Outreach
 
| Closed
 
| Conference organisation
 
| DC
 
|-
 
| US [http://www.commerce.gov/ Department of Commerce]
 
| 25 Feb 2009
 
| Outreach
 
| Closed
 
| Presentation about OWASP to Economic Security Working Group
 
| RB
 
|-
 
| [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]]
 
| 31 Jan 2009
 
| Standards
 
| Closed
 
| Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC)
 
| Puneet/CW
 
|-
 
| AppSec Presentation Delivered to Infragard, Dec 2008
 
| Dec 2008
 
| Outreach
 
| Closed
 
| [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. [http://docs.google.com/Present?docid=ddkr62qv_0cn7km4c3&skipauth=true Presentation here]. Email DC for full PPT with speaker notes
 
| DC
 
|-
 
| The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk]
 
| Nov 2008
 
| Outreach
 
| Closed
 
| Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website
 
| DC
 
 
|}
 
|}
  
=== General Presentations and Reports ===
+
=== Other ongoing initiatives ===
 +
 
 +
*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
 +
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
 +
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.
 +
 
 +
 
 +
=== Completed Items  ===
 +
 
 +
[[Global_Industry_Committee/Completed_Initiatives|View the GIC's past initiatives]]
 +
 
  
[[Summit 2009]]  
+
==== GIC Records ====
 +
 
 +
 
 +
=== Committee Working Documents ===
 +
*'''[https://spreadsheets.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en_US&authkey=CPjLgdwN 2011 GIC Budget]
 +
* [https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEZ1NmNHRGZOX3E0V2F2T2lUZ0RyVkE&hl=en&authkey=CN3toL0F GIC Member Task List]
 +
* [https://docs.google.com/document/d/1ow_XZ_chhopu0yAYuMnmGXfdTRhlrKJEdqKZZ-pHloo/edit?hl=en&authkey=CPWb-csP Comprehensive List of Industry Verticals]
 +
* [http://code.google.com/p/owasp-cbt-project/downloads/list Security For Managers And Executives - Industry Outreach Presentation ]&nbsp;
 +
 
 +
 
 +
=== Monthly Reports ===
 +
*[https://docs.google.com/present/edit?id=0AZZ9zE0hx0LNZGczZ3B4YnpfMTJnMmh6ZjJmYg&hl=en_US Ppt template for Monthly Board Meeting updates]
 +
*[[Media:GIC_update_4_29_2011.pdf| May Industry Committee Update]]
 +
*[http://www.owasp.org/index.php/File:GIC_update.pptx April Industry Committee Update]
 +
 
 +
 
 +
===OWASP Summits and Working Sessions===
 +
*[https://docs.google.com/a/owasp.org/document/d/1WTTmmpc2bx3IZ9f5zU2ubTG_BrCxxrXzVHnUQUIzAWI/edit?hl=en_US Notes from Industry Outreach Sessions at AppSec EU - Dublin, 2011]
 +
*From Industry Outreach Session at 2011 AppSec EU - [https://docs.google.com/leaf?id=1UFf0Fuqhg_0u49E4s6iNxmEwNP8358M36sXs1mwLg3O3oQC7fFSwAxKMUoYW&hl=en_US Ppt presentation on CISO Survey, Rex Booth]
 +
*From Industry Outreach Session at 2011 AppSec EU -[https://docs.google.com/leaf?id=1ZFUaqj7fVSFm1BwEMnVCAS_Zi5xJUbugVHZP54hULIdEUYJYVkQ93vzsuY3o&hl=en_US Ppt presentation on Industry Outreach, Lorna Alamri]
 +
*[[Summit 2011]] ([[Media:Summit2011-industry-committee-outcomes.pdf|Working session outcomes]])
 +
*[[Summit 2009]]
 +
 
 +
 
 +
===About the GIC===
  
 
*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]
 
*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]
  
Summaries (for inclusion into other full OWASP presentations):  
+
 
 +
===Summaries===
 +
(for inclusion into other full OWASP presentations):  
  
 
*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]  
 
*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]  
Line 444: Line 250:
 
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]
 
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]
  
<br>
 
  
Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees]
+
 
 +
<headertabs/>
 +
<br>
 +
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] | [[How to Join a Committee]] | [[Global_Committee_Pages|Learn about other Global Committees]]

Latest revision as of 08:23, 2 April 2013

As of April 1, 2013 the Global Committees were retired in order to enable wider community involvement and volunteerism through the OWASP Global Initiatives. 

Want to get involved with OWASP, but not sure where to start? Check out the OWASP Global Initiatives Page.

Thank you to everyone who participated in, and contributed to, the Global Industry Committee up until 1st April 2013.

About the Committee

Mission Statement

The Global Industry Committee was created during the OWASP EU Summit in Portugal. The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities. The committee is governed by the Global Industry Committee Governance document.


Committee Members


Members:

Name Email Location
Tobias Gondrom tobias.gondrom 'at' owasp dot org HK, UK and DE
Rex Booth rex.booth 'at' owasp dot org DC, USA
Mauro Flores mauro.flores 'at' owasp dot org Uruguay
Alexander Fry alexander.fry 'at' owasp dot org USA
Eoin Keary eoin.keary 'at' owasp dot org Dublin, Ireland
Mateo Martinez mateo.martinez 'at' owasp dot org Uruguay
Colin Watson colin.watson 'at' owasp dot org UK
Marco Morana marco.m.morana 'at' citi dot com Italy
Christian Papathanasiou christian.papathanasiou 'at' owasp dot org Greece


§ The committee chair is Tobias Gondrom. The previous chairs were:

  • Rex Booth (July 2011 to September 2012)
  • Joe Bernik (Feb 2011 to July 2011)
  • Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
  • Colin Watson (Nov 2009 to Oct 2010)


Former members of the committee:

  • David Campbell
  • Georg Hess
  • Eoin Keary
  • Yiannis Pavlosoglou
  • Joe Bernik
  • Nishi Kumar
  • Lorna Alamri
  • Sherif Koussa


Meetings and Getting Involved

Mailing List

Join our mailing list - this is the best way to find out what's going on day-to-day, and to provide input.


Meetings

Currently, the Global Industry Committee conference call meetings approximately every 4 weeks and last no longer than an hour.


The next Global Industry Committee meeting will be: Monday Oct-15, 2012, 18:00 UTC / GMT.

Global Meeting Time Planner - Click Here

Meeting agenda

  • CISO Guide
  • CISO Survey
  • Industry Table at AppSec US
  • industry bodies contacts?
  • ...?


Minutes of previous meetings are:

Membership

Membership explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see How to Join a Committee and Global Committee Pages. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.


Current Activity

Work in Progress

The current activities being undertaken:

Task Deadline Type Status Description Who
Nominet Consultation Jan 2013 Standards New Submit response to proposed security aspects of Nominet's consultation on a new .uk domain name service CW
ENISA Who-Is-Who Directory Sep 2012 Outreach New Request update to ENISA Who-Is-Who directory (2011 version) for OWASP and OWASP UK; promote other EU chapters to submit information CW
Smart Metering Implementation Draft Licence Condition Relating to Security 18 Jul 2012 Standards Closed Submit response to UK smart meter security consultation CW, TG
Industry Outreach Sessions at OWASP AppSec EU 2012 12 Jul 2012 Outreach Closed Conduct industry outreach sessions at AppSec EU to educate about OWASP initiatives and solicit feedback CW
AppSec Guide For CISO June 2013 Outreach In progress, draft 75% completed Guide to help CISOs (Chief Information Security Officers) to manage application security programs MM
CISO Survey 2013 on Application Security - Draft Feb 2013 Outreach In progress TG
Industry Outreach Sessions at OWASP AppSec US 2012 25 Oct 2012 Outreach Closed Conduct industry outreach sessions at AppSec US to educate about OWASP initiatives and solicit feedback TG

Other ongoing initiatives


Completed Items

View the GIC's past initiatives


GIC Records

Committee Working Documents


Monthly Reports


OWASP Summits and Working Sessions


About the GIC


Summaries

(for inclusion into other full OWASP presentations):



Join our mailing list | How to Join a Committee | Learn about other Global Committees