Talk:Summit 2011 Working Sessions/Session036
As Information Security, Software Assurance, and Supply Chain Risk Management become more and more important to governments around the world, there is a great need for guidance and expertise to assist in these missions.
OWASP has generated a wide array of documents and resources that apply to all walks of Application Security and Software Assurance, not just web applications, and while government agencies in some countries have seen the importance of what OWASP has to offer, there are still many out there who are ignorant of OWASP, the OWASP mission, or OWASP offerings which may provide assistance and starting points for a wide variety of software assurance efforts around the world.
With this session, we hope to build on the outreach that has been done with several governments around the world (The US, Brazil, Greece, and others just to name a few) and events such as AppSec DC where government agencies have contributed content to OWASP events in an attempt at collaboration and cross-pollination. I look forward to those who work with governments or can bring their messages to the table to get started on what is hopefully a long-term dialog which strengthens both OWASP and forward-thinking governments around the world.
The initial recommendations of the working group are as follows:
- OWASP should establish entities outside of the US that other governments will respect and be comfortable interacting with. Being a "US Only" entity legally is hurting the organization in terms of being able to really interact with governments outside the US.
- OWASP should present simple, accessible, digestible and actionable programs and frameworks for the consumption of governments worldwide.
- OWASP should look into partnering with other coalitions with similar goals and small standards bodies that already interact with government, and/or drawing best practices from these bodies.
- OWASP should research the viability of liaisons to/from various government agencies that have an interest in working with OWASP.