This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Industry:Minutes 2011-02-25

Revision as of 15:16, 28 February 2011 by Sarah Baso (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Minutes of the Global Industry Committee meeting held by conference call on 25 February 2011 at 17:00 GMT.


  • Joe Bernik (Chair)
  • Sarah Baso (Secretary)
  • Colin Watson
  • Eoin Keary
  • Mauro Flores
  • Nishi Kumar
  • Tony UcedaVelez
  • Lorna Alamri
  • Alexander Fry
  • Kate Hartmann


  • Mateo Martinez
  • Rex Booth
  • George Hess
  • Sherif Koussa
  • David Campbell
  • Jerry Hoff
  • Michael Scovetta

Discussions, Actions and Results

Review GIC Mission

  • Mission currently exists as follows: To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.
  • The word “awareness” is not right -- proposal to replace with “engagement” (JB), which represents a more active 2 way relationship between the GIC members and industry personnel (CW)
  • Drop “Academia” since there is now a separate committee that deals with that area – Global Education Committee (CW)
  • Mission should also include something about the GIC maintaining industry “relevancy”
  • Action item: JB to work with SB to re-write mission and then will send out to committee for comment and vote

Summit Recap

  • Industry Meeting Notes drafted by SB and CW sent out and posted to wiki

2011 GIC Initiatives

  • Distinguish GIC initiatives (strategic) from current work in progress as listed in wiki page.
  • Industry Survey:
    • CW has finished survey, now needs to be put on survey monkey
    • Target audience is people working in industry and not appsec services community. We need to be careful about who we ask to complete survey so results are not skewed.
  • Industry workshops or working sessions to occur at AppSec EU, AppSec USA, and AppSec SA
    • Reach out to PCI, possibly have a working session with them. Need to be careful not to necessarily “align ourselves” with PCI, instead it is a conversation about working together
  • Create a spreadsheet containing Industry verticals and then populate with names and emails for people in each vertical
    • This can be used to shape industry workshop invites at AppSec conferences
    • Used as a list to contact for survey
  • Come up with a standard definition of list of industry verticals to include: financial services, power & energy, government, health care, communication, retail, pharma, agriculture, legal
    • SB to come up with draft list
    • Share with EK to use as registration data collected for AppSec EU
  • Create short deck/presentation for GIC marketing and outreach.
    • This will include what OWASP does (generally) and current initiatives and uses. EX: ESAPI - who is using this tool with success in the industry?
    • NK to provide a presentation she put together for use as an example in drafting ours
  • Reach out to chapter leaders to determine level of engagement with industry verticals
    • Gather information from chapter leaders on interaction with various industry verticals – who is coming to meetings, what is working (LA)
    • Possibly come up with “model chapters” for Industry – share with other chapters what those “model chapters” are doing, metrics
  • Expand breadth of GIC outreach
    • Work on increasing GIC (and general OWASP) presence at non-traditional conferences and events – “Feet on the Street”
    • SB to compile list of large conferences occurring that may fit the bill for outreach
    • Consider budget for handouts (such as OWASP Top 10, or about other OWASP tools) to use in outreach
    • Use “Code of Conduct” created at Summit as a starting point/rules of engagement when pro-actively approaching industry organizations
  • Feedback to various standards organizations – this is something we have done in the past, how much time and energy to we want to continue giving for this area? Maybe it can be an action item for specific GIC members.
  • Proposed to have defined roles and responsibilities for each GIC member – assign tasks and deadlines (JB), and all agreed this was a good idea.
    • SB to create spreadsheet to use for documenting each member’s focus, deliverables, and deadlines

Define GIC Objectives

  • Increased membership
  • Increased involvement
  • Determine new areas for involvement (industry verticals)
  • Determine what is relevant
  • Determine ways to maintain/sustain industry relationships

Should we create a logo for GIC outreach, initiatives, and marketing?

  • JB is in favor as it would create a branded identity for the group
  • NK also in favor as long as the logo bears semblance to the basic OWASP logo
  • TUV and RB think a different logo would be destructive and hinder by confusing people and separating us from OWASP as a whole
  • CW – logo discussion is a distraction and the GIC is working on outreach (and other items) on behalf of OWASP, so we should be using the basic OWASP logo not something of our own
  • Agreed to table discussion of logo for now

Discuss budget for 2011

  • JB and SB to work on draft GIC budget , format to be similar to that created (and made publicly available by Conferences Committee)

One hour time limit for meeting reached – Budget and other agenda items to be tabled until next week

  • Budget (con't)
  • Ground rules for working with organizations
  • AppSec EU (Dublin) conference- June 2011
  • Appsec US (Minneapolis) conference – September 2011

Next Meeting

Friday, 4 March 2011 at 17:00 GMT

  • +1 877 534 8500 or International +1 513 534 8500
  • Passcode 410105 #


Post-Meeting Deliverables for JB and SB

  1. Draft of new mission statement for comment (and eventual vote)
  2. Create standard comprehensive list of industry verticals
  3. Create spreadsheet with industry verticals and people/emails listed for outreach in each vertical
  4. Create short deck/presentation for GIC marketing and outreach
  5. Create list of non-traditional conferences to target for GIC outreach
  6. Create spreadsheet for tracking GIC member roles and responsibilities (to include each member’s focus, deliverables, and deadlines)
  7. Draft GIC Budget

Deliverables for others

  1. CW and EK to put Industry Survey on Survey monkey
  2. NK to provide sample PP presentation she has used regarding use of OWASP tools /ESAPI in industry

Return to Global Industry Committee or Global Committee Pages.