This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Working Session - OWASP Intra Governmental Affairs

Revision as of 12:51, 7 November 2008 by Dc (talk | contribs) (Intra Government Affairs Working Group EU Summit Portugal 2008)

Jump to: navigation, search
Working Sessions Operational Rules - Please see here the general frame of rules.
Work Session Name OWASP Intra Governmental Affairs
Short Work Session Description Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors.
Related Projects

If any, add a link.

Email Contacts & Roles Chair
David Campbell
Colin Watson , Puneet Mehta , Dhruv Soi
Mailing list
Subscription Page
  • Identify top reasons and driving factors to work with Government of different countries,
  • Identify potential areas where OWASP and Government can work together,
  • Discuss Measurable benefits,
  • Identify possible ways on how to approach this initiative.
Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
November 5 & 7, 2008
Time TBD
Discussion Model
"Everybody is a Participant"
Projector, also wireless connection for conferencing in remote participants. NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively.

FIXME: UPDATE Presentation prepared by Puneet and DC to seed discussion and summarize outcomes.

UPDATE Ideas Captured during Session

UPDATE Notes Captured during Session

Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. After the Board Meeting - fill in here.
Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards After the Board Meeting - fill in here.
Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee. Assign a primary point of contact for gov't interaction for each country. Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP. After the Board Meeting - fill in here.
Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira After the Board Meeting - fill in here.
Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD After the Board Meeting - fill in here.
Fill in here. After the Board Meeting - fill in here.

Working Session Participants

(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)

Name Company Notes & reason for participating, issues to be discussed/addressed
1 David Campbell OWASP Denver Experience w/ US Govt. agencies
2 Puneet Mehta OWASP Delhi Experience w/ India Govt. Agencies
3 Sion Camilleri OWASP Belgium Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies
4 Colin Watson Watson Hall Raising awareness of OWASP in government agencies
5 Rex Booth Grant Thornton LLP Experience with US gov. agencies
6 Lucas C. Ferreira Brazilian Parliament Work for Brazilian government
7 Arturo 'Buanzo' Busleiman Independent I have certain vinculations with the Argentinian government.
8 Fabio Cerullo AIB Bank interested in the topic

If needed add here more lines.