This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Global Industry Committee"

From OWASP
Jump to: navigation, search
(Work in Progress)
(Completed Items)
Line 235: Line 235:
 
! Description  
 
! Description  
 
! Who
 
! Who
 +
|-
 +
| [[Industry:DOJ Nondiscrimination on the Basis of Disability|DOJ Nondiscimination on the Basis of Disability]]
 +
| 24 Jan 2011
 +
| Standards
 +
| In progress
 +
| Provide response to US DOJ's "Accessibility of Web Information and Services of State and Local Government Entities and Public Accommodations"
 +
| AF/LA
 +
|
 
|-
 
|-
 
| [[Industry:e-Consumer Protection Consultation|e-Consumer Protection Consultation]]  
 
| [[Industry:e-Consumer Protection Consultation|e-Consumer Protection Consultation]]  

Revision as of 23:51, 30 November 2010

The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.

Mission Statement

To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities. Powerpoint of Accomplishments


Committee Plan

Step 1: Identify specific organizations worth working with to spread the OWASP gospel

Step 2: Prioritize the proposed liasons based on potential impact, and also realistic likelihood of the organization actively working with us

Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact

Step 4: Evaluate progress & repeat Step 1-3

Committee Members


Committee Members:

Name Email Location
Lorna Alamri lorna.alamri 'at' owasp dot org US
Joe Bernik bernik 'at' gmail dot com US
Rex Booth rex.booth 'at' gt dot com US
David Campbell dcampbell 'at' owasp dot org US
Alexander Fry alexander.fry 'at' owasp dot org US
Georg Hess georg.hess 'at' artofdefence dot com Germany
Eoin Keary eoin.keary 'at' owasp dot org Ireland
Yiannis Pavlosoglou yiannis 'at' owasp dot org UK
Colin Watson colin.watson 'at' owasp dot org UK

The committee chair (from Nov 2010) is Yiannis Pavlosoglou. Previous chairs:

  • Colin Watson (Nov 2009 to Oct 2010)

Monthly Report

Date of last update: 31 October 2010 Updated by: CW

Accomplishments for this Month

  • Response submitted to UK Office of Fair Trading consultation
  • Began work on response to DOJ Nondiscimination on the Basis of Disability
  • Began work on response to ICO Data Sharing CoP
  • Some further follow-up work on Common Assurance Maturity Model in conjunction with OWASP Cloud 10 project (with ENISA, CSA, etc)
  • Committee plan for OWASP Summit 2011 submitted

Planned for Next Month

  • Yiannis Pavlosoglou takes over GIC chair from 1 Nov 2010
  • Submit response to DOJ Nondiscimination on the Basis of Disability
  • Submit response ICO Data Sharing CoP
  • Meeting with (ISC)^2
  • Respond to IETF enquiry
  • Follow up outreach efforts

Issues/Risks/Challenges

  • Difficulty getting enough engagement with good contacts in all priority sectors

Financial costs to OWASP for calender year ending 31 Dec 2010 (2009)

  • Budget: nil (nil)
  • Actual: nil (nil)
  • OWASP staff time: negligible (negligible)

Getting Involved

Mailing List

Join our mailing list

Meetings

The next Global Industry Committee meeting will be:

  • TBC
    • Dial in number: +1 866 534 4754
    • Call code 192341

Minutes of previous meetings are:

Membership

Membership explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see How to Join a Committee and Global Committee Pages. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.

Other ongoing initiatives

Current Activity

Work in Progress

The current activities being undertaken:

Task Deadline Type Status Description Who
Reconnecting with past Industy Committee connections 1 Feb 2011 Follow up In progress YP and LA to follow up with Industry Committee past contacts. YP/LA
(ISC)^2 Application Security Advisory Board (ASAB) 19 Nov 2010 Outreach In progress YP is now a member of the (ISC)^2 ASAB, with the first meeting to be held in FL on the above stated date. YP
Data Sharing CoP 5 Jan 2011 Standards In progress Provide response to UK ICO's "Data Sharing Code of Practice Consultation" CW
BCS London Central 17 Feb 2011 Outreach New Present a talk about OWASP. CW
BCS 3 Sep 2010 Outreach In Progress Write article for BCS ITnow magazine about application security and OWASP Top Ten. YP
Appsec DC 2010 8-11 Nov 2010 Outreach In Progress Conference organisation - special effort to engage with US Federal sector RB
USMMA 1 Jan 2011 Outreach New Make contact. Present a talk about OWASP to the USMMA computer club or security teams. AF
USNA 1 Jan 2011 Outreach New Make contact. Present a talk about OWASP to the USNA computer science faculty and students or interest group. AF
AusCERT - Outreach In Progress Make contact and discuss opportunities for OWASP to contribute to their work YP
OWASP Financial Services SIG - Outreach In Progress Working with Fabio Cerullo, Eoin Keary, Jim Routh, Jerry Kickenson and others on forming a SIG. Arranging a financial panel for AppSec in Washington, DC in November JB/EK
Secure POS Vendor Alliance (SPVA) - Outreach In Progress Begin dialogue about possibility of working together. Have had trouble getting through to them but have a good lead now. Updates soon :) DC

Completed Items

Task Completed Type Status Description Who
DOJ Nondiscimination on the Basis of Disability 24 Jan 2011 Standards In progress Provide response to US DOJ's "Accessibility of Web Information and Services of State and Local Government Entities and Public Accommodations" AF/LA
e-Consumer Protection Consultation 13 Oct 2010 Standards Closed Review and provide official OWASP response to UK Office of Fair Trading e-Consumer Protection Consultation. YP
ENISA Common Assurance Maturity Model 8 Oct 2010 Standards Closed Work with Category:OWASP Cloud ‐ 10 Project to contribute to the development of Common Assurance Maturity Model for ENISA/Cloud Security Alliance/etc joint initiative. CW
Mobile Web Application Best Practices Working Draft 6 Aug 2010 Standards Closed Review and provide official OWASP response to W3C's Mobile Web Best Practices Working Group. DC
UK Office of Fair Trading 23 Jul 2010 Standards Closed Ask to be added to official consultation list CW
BusinessLink 1 Jul 2010 Outreach Closed Offer to contribute to development of IT security information about application security on the BusinessLink website for UK SMEs. Outcome - no help required at present, but BusinessLink system to be disbanded. CW
Veracode 28 Jun 2010 Outreach Closed Discuss use of Open SAMM to classify Secure SDL maturity in Veracode's code analysis summary reports. Outcome - positive response received. CW
OWASP Leeds/North 16 Jun 2010 Outreach Closed Presentations at chapter meeting in Newcastle-upon-Tyne about ENISA CAMM and OWASP Appsensor CW
Front Range OWASP Conference (FROC) 2010 2 Jun 2010 Outreach Closed Conference organisation Vids & presentations online DC
OWASP Presentation at ISACA Denver Annual Meeting 27 May 2010 Outreach Closed Presentation Presentation online DC
ISSA-UK 13 May 2010 Outreach Closed Presentation YP
Personal Information Online COP 5 Mar 2010 Legislation Closed Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice" YP
ENISA Mobile Apps Mar 2010 Outreach Closed Identify and introduce OWASP contact for ENISA's Mobile Apps Project, in conjunction with Dinis Cruz. CW
Technology Strategy Board Secure Software Development Partnership 18 Feb 2010 Outreach Closed Liaise with the UK Technology Strategy Board about the Secure Software Development Partnership (SSDP) in conjunction with the London chapter leader Justin Clarke CW
US Information Systems Security Association Northern Virginia Chapter (ISSA-NOVA) 21 Jan 2010 Outreach Closed Provide presentation covering CSSLP, fundamentals of AppSec and Intro to OWASP and Global Industry Committee AF
ENISA Jan 2010 Outreach Closed Discuss opportunities for OWASP to work with ENISA, in conjunction with Dinis Cruz. CW
NIST SP 800-37 Revision 1 FPD Review Project 30 Dec 2009 Standards Closed Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach" RB
CREST CRESTCon 15 Dec 2009 Outreach Closed Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th. YP
SDL Pro Network 30 Nov 2009 Outreach Closed Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way CW
Draft NIST IR 7628 25 Nov 2009 Standards Closed Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements" CW
Appsec DC 2009 10-13 Nov 2009 Outreach Closed Conference organisation - special effort to engage with US Federal sector RB
UK Ministry of Justice - Legislation Closed Ask to be added to official consultation list CW
IT-SA 13-15 Oct 2009 Outreach Closed OWASP booth at trade show GH
OWASP AppSec Germany 2009 13 Oct 2009 Outreach Closed Conference organisation GH
US Library of Congress 28 Sep 2009 Outreach Closed Presentation about OWASP RB
OWASP Ireland AppSec 2009 10 Sep 2009 Outreach Closed Conference organisation EK
OWASP Citations 7 Sep 2009 Other Closed Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: Industry:Citations CW
US Library of Congress 26 Aug 2009 Outreach Closed Presentation about OWASP RB
OWASP webcast at Brighttalk Data and Privacy in Web 2.0 Summit 13 Aug 2009 Outreach Closed Deliver OWASP presentation on XSS, client side exploitation, and countermeasures. DC
SAFECode Secure Development Practices (update to Oct 2008 version) 31 Jul 2009 Standards Closed Response to SAFECode "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." CW
OWASP CSA Project 8 Jul 2009 Standards Closed Response to RFC Cloud Security Alliance Guidance v1.0 TB
Scotland 25 Jun 2009 Outreach Closed Presentation about the Global Industry Committee, its role and recent activities (presentation slides File:Owasp-scotland-industry-committee-june-2009.ppt and written notes File:Owasp-scotland-industry-committee-june-2009-notes.pdf) CW
OWASP Presentation at CFP Con 2009 1 Jun 2009 Outreach Closed Deliver presentation on web threats and countermeasures. See CFP tutorial page grep OWASP for more info. DC
ENISA Who-Is-Who Directory - Outreach Closed Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters. CW
IIL Insurance Institute of London 2 Jun 2009 Outreach Closed Contact IIL regarding future input to their publication Insurance Aspects of E-Commerce CW
Draft NIST SP 800-118 29 May 2009 Standards Closed Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management" CW/EK/RB/DC
German IT Industry Association 15 May 2009 Outreach Closed Presentation on OWASP GH
Outreach Presentation to Frontier Airlines 7 May 2009 Outreach Closed Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP DC
DPC BS 10012 31 Mar 2009 Standards Closed Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC) CW
Draft NIST SP 800-53 Revision 3 27 Mar 2009 Standards Closed Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations" RB
Draft NIST SP 800-122 13 Mar 2009 Standards Closed Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)" CW
London 12 Mar 2009 Outreach Closed Presentation about the Global Industry Committee, its role and recent activities (presentation slides File:Owasp-london-industry-committee-march-2009.ppt and written notes File:Owasp-london-industry-committee-march-2009-notes.pdf) CW
Digital Britain Interim Report 11 Mar 2009 Legislation Closed Provide response to UK Government's "Digital Britain Interim Report Jan 2009" CW
SnowFROC Front Range 5 Mar 2009 Outreach Closed Conference organisation DC
US Department of Commerce 25 Feb 2009 Outreach Closed Presentation about OWASP to Economic Security Working Group RB
DPC BS 8878:2009 31 Jan 2009 Standards Closed Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC) Puneet/CW
AppSec Presentation Delivered to Infragard, Dec 2008 Dec 2008 Outreach Closed Infragard is a collaboration between the US FBI and maintainers of critical infrastructure. Presentation here. Email DC for full PPT with speaker notes DC
The Register Google Analytics — Yes, it is a security risk Nov 2008 Outreach Closed Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website DC

General Presentations and Reports

Summit 2009

Summaries (for inclusion into other full OWASP presentations):


Other Global Committees