Difference between revisions of "Global Industry Committee"

From OWASP
Jump to: navigation, search
m (Work in Progress: removed SPVA liason - no progress for too long)
(Thank you added)
 
(98 intermediate revisions by 10 users not shown)
Line 1: Line 1:
'''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.'''
+
__NOTOC__
 +
{{Global_Committee_Retirement}}
  
== Mission Statement  ==
+
Thank you to everyone who participated in, and contributed to, the Global Industry Committee up until 1st April 2013.
  
''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' [https://www.owasp.org/index.php/Global_Industry_Committee#General_Presentations_and_Reports Powerpoint of Accomplishments]
+
==== About the Committee ====
  
 +
=== Mission Statement ===
 +
 +
The Global Industry Committee was created during the OWASP EU Summit in Portugal. '''The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.'''  The committee is governed by the [[Global Industry Committee Governance]] document.
 
<br>
 
<br>
  
== Committee Plan  ==
 
 
Step 1: [[Industry:Organizations for Outreach|Identify specific organizations]] worth working with to spread the OWASP gospel
 
 
Step 2: Prioritize the proposed liaisons based on potential impact, and also realistic likelihood of the organization actively working with us
 
 
Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact
 
  
Step 4: Evaluate progress &amp; repeat Step 1-3
+
=== Committee Members ===
 
+
<br>Members:  
== Committee Members ==
 
 
 
<br>Committee Members:  
 
  
 
{| class="prettytable FCK__ShowTableBorders"
 
{| class="prettytable FCK__ShowTableBorders"
Line 27: Line 21:
 
! Location
 
! Location
 
|-
 
|-
| Lorna Alamri
+
| Tobias Gondrom
| lorna.alamri 'at' owasp dot org  
+
| tobias.gondrom 'at' owasp dot org  
| US
+
| HK, UK and DE
 
|-
 
|-
| Joe Bernik
+
| Rex Booth
| bernik 'at' gmail dot com
+
| rex.booth 'at' owasp dot org
| US
+
| DC, USA
 
|-
 
|-
| Rex Booth
+
| Mauro Flores
| rex.booth 'at' gt dot com
+
| mauro.flores 'at' owasp dot org  
| US
+
| Uruguay
|-
 
| David Campbell
 
| dcampbell 'at' owasp dot org  
 
| US
 
 
|-
 
|-
 
| Alexander Fry  
 
| Alexander Fry  
 
| alexander.fry 'at' owasp dot org  
 
| alexander.fry 'at' owasp dot org  
| US
+
| USA
 
|-
 
|-
| Georg Hess
+
| Eoin Keary
| georg.hess 'at' artofdefence dot com
+
| eoin.keary 'at' owasp dot org
| Germany
+
| Dublin, Ireland
 
|-
 
|-
| Yiannis Pavlosoglou
+
| Mateo Martinez
| yiannis 'at' owasp dot org  
+
| mateo.martinez 'at' owasp dot org  
| UK
+
| Uruguay
 
|-
 
|-
 
| Colin Watson  
 
| Colin Watson  
 
| colin.watson 'at' owasp dot org  
 
| colin.watson 'at' owasp dot org  
 
| UK
 
| UK
|}
 
 
<br>Board Member Representative:
 
 
{| class="prettytable FCK__ShowTableBorders"
 
 
|-
 
|-
! Name
+
| Marco Morana
! Email
+
| marco.m.morana 'at' citi dot com
! Location
+
| Italy
 
|-
 
|-
| Matt Tesauro
+
| Christian Papathanasiou
| matt.tesauro 'at' owasp dot org  
+
| christian.papathanasiou 'at' owasp dot org
| USA
+
| Greece
 
|}
 
|}
  
<br>Committee Secretary:
 
 
{| class="prettytable FCK__ShowTableBorders"
 
|-
 
! Name
 
! Email
 
! Location
 
|-
 
| [[User:Sarah_Baso |Sarah Baso]]
 
| sarah.baso 'at' owasp dot org
 
| USA
 
|}
 
  
The committee chair (from Nov 2010) is Yiannis Pavlosoglou. Previous chairs:  
+
'''§ The committee chair is Tobias Gondrom.'''  The previous chairs were:  
  
 +
*Rex Booth (July 2011 to September 2012)
 +
*Joe Bernik (Feb 2011 to July 2011)
 +
*Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
 
*Colin Watson (Nov 2009 to Oct 2010)
 
*Colin Watson (Nov 2009 to Oct 2010)
  
  
= Monthly Report Format =
+
Former members of the committee:
 +
*David Campbell
 +
*Georg Hess
 +
*Eoin Keary
 +
*Yiannis Pavlosoglou
 +
*Joe Bernik
 +
*Nishi Kumar
 +
*Lorna Alamri
 +
*Sherif Koussa
  
See below...
 
  
== Getting Involved  ==
+
 
 +
==== Meetings and Getting Involved  ====
  
 
=== Mailing List  ===
 
=== Mailing List  ===
  
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list]  
+
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] - this is the best way to find out what's going on day-to-day, and to provide input.
 +
 
  
 
=== Meetings  ===
 
=== Meetings  ===
 +
Currently, the Global Industry Committee conference call meetings approximately every 4 weeks and last no longer than an hour.
  
The next Global Industry Committee meeting will be:
 
  
*TBC
+
The '''next Global Industry Committee meeting''' will be:
**Dial in number: +1 866 534 4754
+
'''Monday Oct-15, 2012, 18:00 UTC / GMT.'''
**Call code 192341
+
 
 +
Global Meeting Time Planner - [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20121015T19&p1=136&ah=1 Click Here]
 +
 
 +
'''Meeting agenda'''
 +
* CISO Guide
 +
* CISO Survey
 +
* Industry Table at AppSec US
 +
* industry bodies contacts?
 +
* ...?
 +
 
  
 
Minutes of previous meetings are:  
 
Minutes of previous meetings are:  
 
+
* [[Industry: Minutes_2013-03-01|1.March 2013]]
 +
* December 2012 (call on the CISO Guide and CISO Survey project)
 +
* October 2012
 +
*[[Industry:Minutes_2012-06-13|13 June 2012]]
 +
* 19 April 2012
 +
* 02 September 2011
 +
* 28 July 2011
 +
*[[Industry:Minutes_2011-06-16|16 June 2011]]
 +
*[[Industry:Minutes_2011-05-13|13 May 2011]]
 +
*[[Industry:Minutes_2011-04-29|29 Apr 2011]]
 +
*[[Industry:Minutes_2011-04-08|08 Apr 2011]]
 +
*[[Industry:Minutes 2011-03-18|18 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03182011.pdf| PDF of 18 Mar 2011 Meeting Minutes]])
 +
*[[Industry:Minutes 2011-03-04|04 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03042011.pdf| PDF of 04 Mar 2011 Meeting Minutes]]) ([https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN Proposed GIC Budget for 2011])
 +
*[[Industry:Minutes 2011-02-25|25 Feb 2011]] ([[Media:GIC_Meeting_Minutes_02252011.pdf| PDF of 25 Feb 2011 Meeting Minutes]])
 +
*[[Media:Summit2011-industry-committee-outcomes.pdf|9 Feb 2011]] (Summit outcomes)
 
*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])  
 
*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])  
 
*[[Industry:Minutes 2010-05-18|18 May 2010]]  
 
*[[Industry:Minutes 2010-05-18|18 May 2010]]  
Line 123: Line 131:
 
The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.  
 
The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.  
  
=== Other ongoing initiatives  ===
 
  
*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
+
==== Current Activity ====
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
 
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.
 
  
== Current Activity  ==
 
  
 
=== Work in Progress  ===
 
=== Work in Progress  ===
Line 144: Line 148:
 
! Who
 
! Who
 
|-
 
|-
| DoJ Secure Coding Guide
+
| Nominet Consultation
| ?
+
| Jan 2013
 
| Standards
 
| Standards
 
| New
 
| New
| Provide response
+
| Submit response to proposed security aspects of Nominet's [http://www.nominet.org.uk/how-participate/policy-development/current-policy-discussions-and-consultations/consultation-new-uk consultation on a new .uk domain name service]
| ??
+
| CW
 
|-
 
|-
| NIST SP 800-137
 
| 15 Mar 2011
 
| Standards
 
| New
 
| Provide response to "NIST SP 800-137 DRAFT Information Security Continuous Monitoring for Federal Information Systems and Organizations"
 
| ??
 
 
|-
 
|-
| Scholarship for AppSecUSA Attendance of women
+
| ENISA Who-Is-Who Directory
| On-going
+
| Sep 2012
 
| Outreach
 
| Outreach
 
| New
 
| New
| Raise funds and create model for funds disbursement
+
| Request update to ENISA Who-Is-Who directory ([http://www.enisa.europa.eu/publications/who-is-who-directory-2011 2011 version]) for OWASP and OWASP UK; promote other EU chapters to submit information
| LA/YP
+
| CW
 
|-
 
|-
| ISC(2)Presentation at OWASP Summit 2011
+
| [https://www.owasp.org/index.php/Industry:DECC_Smart_Metering_Implementation Smart Metering Implementation Draft Licence Condition Relating to Security]
| 8 Feb 2011
+
| 18 Jul 2012
 
| Standards
 
| Standards
| New
+
| Closed
| Dr. Vehbi Tasar, CISSP, CSSLP Director of Professional Programs Development ISC (2), Speaking on ISC(2)credentials: CSSLP and ASAB
+
| Submit response to UK smart meter security consultation
| LA/YP
+
| CW, TG
 
|-
 
|-
| [[Industry:FTC Protecting Consumer Privacy|FTC Protecting Consumer Privacy in an Era of Rapid Change]]
+
| Industry Outreach Sessions at OWASP AppSec EU 2012
| 31 Jan 2011
+
| 12 Jul 2012
| Standards
+
| Outreach
| New
+
| Closed
| Provide response to "FTC Protecting Consumer Privacy in an Era of Rapid Change - A framework for businesses and policymakers"
+
| Conduct industry outreach sessions at AppSec EU to educate about OWASP initiatives and solicit feedback
 
| CW
 
| CW
 
|-
 
|-
| National Board of Information Security Examiners
+
| [https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs AppSec Guide For CISO]
| Ongoing
+
| June 2013
 
| Outreach
 
| Outreach
| New
+
| In progress, draft 75% completed
| Invite and coordinate OWASP contributions to NBISE
+
| Guide to help CISOs (Chief Information Security Officers) to manage application security programs
| YP/LA
+
| MM
 
|-
 
|-
| OWASP Top 10 Presentation
+
| [https://www.owasp.org/index.php/Industry:GIC_CISO_Survey_2013 CISO Survey 2013 on Application Security - Draft]
| 2/18/11 or 2/25/11
+
| Feb 2013
 
| Outreach
 
| Outreach
| New
 
| OWASP Presentation Royal Holloway, University of London presentation
 
| YP
 
|-
 
| New IETF Web Security working group / W3C Web Application Security Working Group
 
| Ongoing
 
| All Members
 
| New
 
| Invite and coordinate OWASP contributions on this IETF/W3C Group
 
| YP/CW
 
|-
 
| [http://www.owasp.org/index.php/OWASP_Mobile_Security_Project Kickoff OWASP Mobile Security Project]
 
| 2011 Summit
 
| Projects
 
| New
 
| Provide GIC oversight to Mobile Security Project
 
| DC
 
|-
 
| [http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP FedRAMP]
 
| 17 Jan 2011
 
| Standards
 
 
| In progress
 
| In progress
| Provide response to FedRAMP certification and accreditation process
+
|  
| RB
+
| TG
 
|-
 
|-
| [http://hacking-lab.com/ Hacking Lab]
+
| Industry Outreach Sessions at OWASP AppSec US 2012
| 14 Dec 2011
+
| 25 Oct 2012
 
| Outreach
 
| Outreach
| In progress
+
| Closed
| Matt Tesauro has been working with Hacking Lab previously and brought it to the GIC
+
| Conduct industry outreach sessions at AppSec US to educate about OWASP initiatives and solicit feedback
| MAT/YP
+
| TG
|-
 
| Leeds Chapter Leader Presentation
 
| 13 Dec 2011
 
| Outreach
 
| In progress
 
| LA is gathering OWASP overview and project information for OWASP Leeds presentation needs.
 
| LA
 
|-
 
| "Configure SSL" Campaign
 
| 1 Feb 2011
 
| Paper write-up
 
| New
 
| Alexis FitzGerald's idea
 
| AFG
 
|-
 
| [Testimonials]
 
| -
 
| Outreach
 
| In progress
 
| Obtain further testimonials for wiki page
 
| CW/SD
 
|-
 
| Reconnecting with past Industry Committee connections
 
| 1 Feb 2011
 
| Follow up
 
| In progress
 
| YP and LA to follow up with Industry Committee past contacts.
 
| YP/LA
 
|-
 
| [http://www.londoncentral.bcs.org BCS London Central]
 
| 17 Feb 2011
 
| Outreach
 
| New
 
| Present a talk about OWASP.
 
| CW
 
|-
 
| [http://www.bcs.org BCS]
 
| 3 Sep 2010
 
| Outreach
 
| In Progress
 
| Write article for BCS ITnow magazine about application security and OWASP Top Ten.
 
| YP
 
|-
 
| [http://www.usmma.edu/ USMMA]
 
| 1 Jan 2011
 
| Outreach
 
| New
 
| Make contact. Present a talk about OWASP to the USMMA computer club or security teams.
 
| AF
 
|-
 
| [http://www.usna.edu/ USNA]
 
| 1 Jan 2011
 
| Outreach
 
| New
 
| Make contact. Present a talk about OWASP to the USNA computer science faculty and students or interest group.
 
| AF
 
|-
 
| [http://www.auscert.org.au/ AusCERT]
 
| -
 
| Outreach
 
| In Progress
 
| Make contact and discuss opportunities for OWASP to contribute to their work
 
| YP
 
|-
 
| OWASP Financial Services SIG
 
| -
 
| Outreach
 
| In Progress
 
| Working with Fabio Cerullo, Eoin Keary, Jim Routh, Jerry Kickenson and others on forming a SIG. Arranging a financial panel for AppSec in Washington, DC in November
 
| JB/EK
 
 
|-
 
|-
 
|}
 
|}
 +
 +
=== Other ongoing initiatives  ===
 +
 +
*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
 +
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
 +
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.
 +
  
 
=== Completed Items  ===
 
=== Completed Items  ===
  
{| class="prettytable FCK__ShowTableBorders"
+
[[Global_Industry_Committee/Completed_Initiatives|View the GIC's past initiatives]]
|-
+
 
! Task
+
 
! Completed
+
==== GIC Records ====
! Type
+
 
! Status
+
 
! Description
+
=== Committee Working Documents ===
! Who
+
*'''[https://spreadsheets.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en_US&authkey=CPjLgdwN 2011 GIC Budget]
|-
+
* [https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEZ1NmNHRGZOX3E0V2F2T2lUZ0RyVkE&hl=en&authkey=CN3toL0F GIC Member Task List]
| [[Industry:ICO Data Sharing CoP|Data Sharing CoP]]
+
* [https://docs.google.com/document/d/1ow_XZ_chhopu0yAYuMnmGXfdTRhlrKJEdqKZZ-pHloo/edit?hl=en&authkey=CPWb-csP Comprehensive List of Industry Verticals]
| 5 Jan 2011
+
* [http://code.google.com/p/owasp-cbt-project/downloads/list Security For Managers And Executives - Industry Outreach Presentation ]&nbsp;
| Standards
+
 
| In progress
+
 
| Provide response to UK ICO's "Data Sharing Code of Practice Consultation"
+
=== Monthly Reports ===
| CW/AF
+
*[https://docs.google.com/present/edit?id=0AZZ9zE0hx0LNZGczZ3B4YnpfMTJnMmh6ZjJmYg&hl=en_US Ppt template for Monthly Board Meeting updates]
|-
+
*[[Media:GIC_update_4_29_2011.pdf| May Industry Committee Update]]
| CRESTCON
+
*[http://www.owasp.org/index.php/File:GIC_update.pptx April Industry Committee Update]
| 14 Dec 2011
+
 
| Outreach
+
 
| Closed
+
===OWASP Summits and Working Sessions===
| YP is attending CRESTCON in Royal Holloway, Surrey, UK
+
*[https://docs.google.com/a/owasp.org/document/d/1WTTmmpc2bx3IZ9f5zU2ubTG_BrCxxrXzVHnUQUIzAWI/edit?hl=en_US Notes from Industry Outreach Sessions at AppSec EU - Dublin, 2011]
| YP
+
*From Industry Outreach Session at 2011 AppSec EU - [https://docs.google.com/leaf?id=1UFf0Fuqhg_0u49E4s6iNxmEwNP8358M36sXs1mwLg3O3oQC7fFSwAxKMUoYW&hl=en_US Ppt presentation on CISO Survey, Rex Booth]
|-
+
*From Industry Outreach Session at 2011 AppSec EU -[https://docs.google.com/leaf?id=1ZFUaqj7fVSFm1BwEMnVCAS_Zi5xJUbugVHZP54hULIdEUYJYVkQ93vzsuY3o&hl=en_US Ppt presentation on Industry Outreach, Lorna Alamri]
| (ISC)^2 Application Security Advisory Board (ASAB)
+
*[[Summit 2011]] ([[Media:Summit2011-industry-committee-outcomes.pdf|Working session outcomes]])
| 19 Nov 2010
+
*[[Summit 2009]]
| Outreach
 
| Closed
 
| YP is now a member of the (ISC)^2 ASAB, with the first meeting to be held in FL on the above stated date.
 
| YP
 
|-
 
| [http://www.techexecnetworks.com/event_2010.12.01.asp T.E.N./Fortify Software Security Assurance Summit]
 
| 1 Dec 2010
 
| Outreach
 
| Closed
 
| Discuss quick wins and high impact software assurance activities using the OWASP SAMM model as reference and cite other OWASP projects as resources.
 
| AF
 
|-
 
| [[Industry:DOJ Nondiscrimination on the Basis of Disability|DOJ Nondiscimination on the Basis of Disability]]
 
| 30 Nov 2010
 
| Standards
 
| Closed
 
| Provide response to US DOJ's "Accessibility of Web Information and Services of State and Local Government Entities and Public Accommodations"
 
| AF/LA
 
|
 
|-
 
| [[Industry:e-Consumer Protection Consultation|e-Consumer Protection Consultation]]  
 
| 13 Oct 2010
 
| Standards
 
| Closed
 
| Review and provide official OWASP response to [http://www.oft.gov.uk/ UK Office of Fair Trading] [http://www.oft.gov.uk/OFTwork/consultations/current/eprotection/ e-Consumer Protection Consultation].
 
| YP
 
|-
 
| [[Industry:ENISA Cloud Computing Common Assurance Metrics|ENISA Common Assurance Maturity Model]]
 
| 8 Oct 2010
 
| Standards
 
| Closed
 
| Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Maturity Model for [http://www.enisa.europa.eu/ ENISA]/Cloud Security Alliance/etc joint initiative.
 
| CW
 
|-
 
| [http://www.w3.org/TR/2010/WD-mwabp-20100713/ Mobile Web Application Best Practices Working Draft]
 
| 6 Aug 2010
 
| Standards
 
| Closed
 
| Review and provide official OWASP response to W3C's [http://www.w3.org/2005/MWI/BPWG/ Mobile Web Best Practices Working Group].
 
| DC
 
|-
 
| [http://www.oft.gov.uk/ UK Office of Fair Trading]  
 
| 23 Jul 2010
 
| Standards
 
| Closed
 
| Ask to be added to official consultation list
 
| CW
 
|-
 
| [http://www.businesslink.gov.uk BusinessLink]
 
| 1 Jul 2010
 
| Outreach
 
| Closed
 
| Offer to contribute to development of IT security information about [http://www.businesslink.gov.uk/bdotg/action/layer?topicId=1075421745 application security] on the BusinessLink website for UK SMEs. Outcome - no help required at present, but BusinessLink system to be disbanded.
 
| CW
 
|-
 
| Veracode
 
| 28 Jun 2010
 
| Outreach
 
| Closed
 
| Discuss use of Open SAMM to classify Secure SDL maturity in Veracode's code analysis summary reports. Outcome - positive response received.
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/Leeds_UK OWASP Leeds/North]
 
| 16 Jun 2010
 
| Outreach
 
| Closed
 
| Presentations at chapter meeting in Newcastle-upon-Tyne about ENISA CAMM and OWASP Appsensor
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010 Front Range OWASP Conference (FROC) 2010]  
 
| 2 Jun 2010
 
| Outreach
 
| Closed
 
| Conference organisation [http://tinyurl.com/froctalks Vids &amp; presentations online]
 
| DC
 
|-
 
| [http://www.isaca-denver.org/meetings/MAY_2010_CHPT_MTG.shtml OWASP Presentation at ISACA Denver Annual Meeting]
 
| 27 May 2010
 
| Outreach
 
| Closed
 
| Presentation [https://docs.google.com/fileview?id=0B_-vbfka88vFNjIwY2IwYjItZmYyNi00MmNiLWFhOWItYmQ4OGZmZjVmZWUx&hl=en Presentation online]  
 
| DC
 
|-
 
| [http://www.issa-uk.org/ ISSA-UK]
 
| 13 May 2010
 
| Outreach
 
| Closed
 
| Presentation
 
| YP
 
|-
 
| [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]]  
 
| 5 Mar 2010
 
| Legislation
 
| Closed
 
| Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice"
 
| YP
 
|-
 
| [http://www.enisa.europa.eu/ ENISA] Mobile Apps
 
| Mar 2010
 
| Outreach
 
| Closed
 
| Identify and introduce OWASP contact for ENISA's Mobile Apps Project, in conjunction with Dinis Cruz.
 
| CW
 
|-
 
| [[Industry:Technology Strategy Board Secure Software Development Initiative|Technology Strategy Board Secure Software Development Partnership]]
 
| 18 Feb 2010
 
| Outreach
 
| Closed
 
| Liaise with the UK [http://www.innovateuk.org/ Technology Strategy Board] about the Secure Software Development Partnership (SSDP) in conjunction with the [http://www.owasp.org/index.php/London London chapter] leader Justin Clarke
 
| CW
 
|-
 
| US [http://www.issa-nova.org Information Systems Security Association Northern Virginia Chapter (ISSA-NOVA)]
 
| 21 Jan 2010
 
| Outreach
 
| Closed
 
| Provide presentation covering CSSLP, fundamentals of AppSec and Intro to OWASP and Global Industry Committee  
 
| AF
 
|-
 
| [http://www.enisa.europa.eu/ ENISA]  
 
| Jan 2010
 
| Outreach
 
| Closed
 
| Discuss opportunities for OWASP to work with ENISA, in conjunction with Dinis Cruz.
 
| CW
 
|-
 
| [[:Industry:Draft NIST SP 800-37 Revision 1|NIST SP 800-37 Revision 1 FPD]] Review Project
 
| 30 Dec 2009
 
| Standards
 
| Closed
 
| Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach"
 
| RB
 
|-
 
| [http://www.crest-approved.org/ CREST] CRESTCon
 
| 15 Dec 2009
 
| Outreach
 
| Closed
 
| Already an oversubscribed event, YP &amp; CW have been placed on the reserve list. Update: Positions secured for the 15th.
 
| YP
 
|-
 
| [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network]
 
| 30 Nov 2009
 
| Outreach
 
| Closed
 
| Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way
 
| CW
 
|-
 
| [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]]
 
| 25 Nov 2009
 
| Standards
 
| Closed
 
| Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements"
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009]
 
| 10-13 Nov 2009
 
| Outreach
 
| Closed
 
| Conference organisation - special effort to engage with US Federal sector
 
| RB
 
|-
 
| [http://www.justice.gov.uk/ UK Ministry of Justice]
 
| -
 
| Legislation
 
| Closed
 
| Ask to be added to official consultation list
 
| CW
 
|-
 
| [http://www.it-sa.de/ IT-SA]
 
| 13-15 Oct 2009
 
| Outreach  
 
| Closed
 
| OWASP booth at trade show
 
| GH
 
|-
 
| [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009]
 
| 13 Oct 2009
 
| Outreach
 
| Closed
 
| Conference organisation
 
| GH
 
|-
 
| US [http://www.loc.gov Library of Congress]  
 
| 28 Sep 2009
 
| Outreach  
 
| Closed
 
| Presentation about OWASP
 
| RB
 
|-
 
| [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009]
 
| 10 Sep 2009
 
| Outreach
 
| Closed
 
| Conference organisation
 
| EK
 
|-
 
| OWASP Citations
 
| 7 Sep 2009
 
| Other
 
| Closed
 
| Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]]
 
| CW
 
|-
 
| US [http://www.loc.gov Library of Congress]
 
| 26 Aug 2009
 
| Outreach
 
| Closed
 
| Presentation about OWASP
 
| RB
 
|-
 
| OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit]
 
| 13 Aug 2009
 
| Outreach
 
| Closed
 
| Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures].
 
| DC
 
|-
 
| [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]]
 
| 31 Jul 2009
 
| Standards
 
| Closed
 
| Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today."
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project]
 
| 8 Jul 2009
 
| Standards
 
| Closed
 
| Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0]
 
| TB
 
|-
 
| [[Scotland]]
 
| 25 Jun 2009
 
| Outreach  
 
| Closed
 
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]])
 
| CW
 
|-
 
| OWASP Presentation at [http://cfp2009.org/ CFP Con 2009]
 
| 1 Jun 2009
 
| Outreach
 
| Closed
 
| Deliver presentation on web threats and countermeasures. See [http://www.cfp2009.org/wiki/index.php/Tutorials/Workshops CFP tutorial page] grep OWASP for more info.
 
| DC
 
|-
 
| ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory]
 
| -
 
| Outreach
 
| Closed
 
| Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters.
 
| CW
 
|-
 
| IIL [http://www.iilondon.co.uk/ Insurance Institute of London]
 
| 2 Jun 2009
 
| Outreach
 
| Closed
 
| Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce]
 
| CW
 
|-
 
| [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]]
 
| 29 May 2009
 
| Standards
 
| Closed
 
| Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management"
 
| CW/EK/RB/DC
 
|-
 
| German IT Industry Association
 
| 15 May 2009
 
| Outreach
 
| Closed
 
| Presentation on OWASP
 
| GH
 
|-
 
| [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines]
 
| 7 May 2009
 
| Outreach
 
| Closed
 
| Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP
 
| DC
 
|-
 
| [[Industry:DPC BS 10012|DPC BS 10012]]  
 
| 31 Mar 2009
 
| Standards
 
| Closed
 
| Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC)
 
| CW
 
|-
 
| [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]]  
 
| 27 Mar 2009
 
| Standards
 
| Closed
 
| Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations"
 
| RB
 
|-
 
| [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]]
 
| 13 Mar 2009
 
| Standards
 
| Closed
 
| Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)"
 
| CW
 
|-
 
| [[London]]
 
| 12 Mar 2009
 
| Outreach
 
| Closed
 
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]])
 
| CW
 
|-
 
| [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]]
 
| 11 Mar 2009
 
| Legislation
 
| Closed
 
| Provide response to UK Government's "Digital Britain Interim Report Jan 2009"
 
| CW
 
|-
 
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range]
 
| 5 Mar 2009
 
| Outreach
 
| Closed
 
| Conference organisation
 
| DC
 
|-
 
| US [http://www.commerce.gov/ Department of Commerce]
 
| 25 Feb 2009
 
| Outreach
 
| Closed
 
| Presentation about OWASP to Economic Security Working Group
 
| RB
 
|-
 
| [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]]  
 
| 31 Jan 2009
 
| Standards
 
| Closed
 
| Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC)  
 
| Puneet/CW
 
|-
 
| AppSec Presentation Delivered to Infragard, Dec 2008
 
| Dec 2008
 
| Outreach
 
| Closed
 
| [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. [http://docs.google.com/Present?docid=ddkr62qv_0cn7km4c3&skipauth=true Presentation here]. Email DC for full PPT with speaker notes
 
| DC
 
|-
 
| The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk]  
 
| Nov 2008
 
| Outreach
 
| Closed
 
| Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website
 
| DC
 
|}
 
  
=== General Presentations and Reports  ===
 
  
[[Summit 2009]]
+
===About the GIC===
  
 
*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]
 
*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]
  
Summaries (for inclusion into other full OWASP presentations):  
+
 
 +
===Summaries===
 +
(for inclusion into other full OWASP presentations):  
  
 
*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]  
 
*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]  
Line 684: Line 250:
 
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]
 
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]
  
 +
 +
 +
<headertabs/>
 
<br>
 
<br>
 
+
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] | [[How to Join a Committee]] | [[Global_Committee_Pages|Learn about other Global Committees]]
Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees]
 

Latest revision as of 02:23, 2 April 2013

As of April 1, 2013 the Global Committees were retired in order to enable wider community involvement and volunteerism through the OWASP Global Initiatives. 

Want to get involved with OWASP, but not sure where to start? Check out the OWASP Global Initiatives Page.

Thank you to everyone who participated in, and contributed to, the Global Industry Committee up until 1st April 2013.

About the Committee

Mission Statement

The Global Industry Committee was created during the OWASP EU Summit in Portugal. The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities. The committee is governed by the Global Industry Committee Governance document.


Committee Members


Members:

Name Email Location
Tobias Gondrom tobias.gondrom 'at' owasp dot org HK, UK and DE
Rex Booth rex.booth 'at' owasp dot org DC, USA
Mauro Flores mauro.flores 'at' owasp dot org Uruguay
Alexander Fry alexander.fry 'at' owasp dot org USA
Eoin Keary eoin.keary 'at' owasp dot org Dublin, Ireland
Mateo Martinez mateo.martinez 'at' owasp dot org Uruguay
Colin Watson colin.watson 'at' owasp dot org UK
Marco Morana marco.m.morana 'at' citi dot com Italy
Christian Papathanasiou christian.papathanasiou 'at' owasp dot org Greece


§ The committee chair is Tobias Gondrom. The previous chairs were:

  • Rex Booth (July 2011 to September 2012)
  • Joe Bernik (Feb 2011 to July 2011)
  • Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
  • Colin Watson (Nov 2009 to Oct 2010)


Former members of the committee:

  • David Campbell
  • Georg Hess
  • Eoin Keary
  • Yiannis Pavlosoglou
  • Joe Bernik
  • Nishi Kumar
  • Lorna Alamri
  • Sherif Koussa


Meetings and Getting Involved

Mailing List

Join our mailing list - this is the best way to find out what's going on day-to-day, and to provide input.


Meetings

Currently, the Global Industry Committee conference call meetings approximately every 4 weeks and last no longer than an hour.


The next Global Industry Committee meeting will be: Monday Oct-15, 2012, 18:00 UTC / GMT.

Global Meeting Time Planner - Click Here

Meeting agenda

  • CISO Guide
  • CISO Survey
  • Industry Table at AppSec US
  • industry bodies contacts?
  • ...?


Minutes of previous meetings are:

Membership

Membership explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see How to Join a Committee and Global Committee Pages. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.


Current Activity

Work in Progress

The current activities being undertaken:

Task Deadline Type Status Description Who
Nominet Consultation Jan 2013 Standards New Submit response to proposed security aspects of Nominet's consultation on a new .uk domain name service CW
ENISA Who-Is-Who Directory Sep 2012 Outreach New Request update to ENISA Who-Is-Who directory (2011 version) for OWASP and OWASP UK; promote other EU chapters to submit information CW
Smart Metering Implementation Draft Licence Condition Relating to Security 18 Jul 2012 Standards Closed Submit response to UK smart meter security consultation CW, TG
Industry Outreach Sessions at OWASP AppSec EU 2012 12 Jul 2012 Outreach Closed Conduct industry outreach sessions at AppSec EU to educate about OWASP initiatives and solicit feedback CW
AppSec Guide For CISO June 2013 Outreach In progress, draft 75% completed Guide to help CISOs (Chief Information Security Officers) to manage application security programs MM
CISO Survey 2013 on Application Security - Draft Feb 2013 Outreach In progress TG
Industry Outreach Sessions at OWASP AppSec US 2012 25 Oct 2012 Outreach Closed Conduct industry outreach sessions at AppSec US to educate about OWASP initiatives and solicit feedback TG

Other ongoing initiatives


Completed Items

View the GIC's past initiatives


GIC Records

Committee Working Documents


Monthly Reports


OWASP Summits and Working Sessions


About the GIC


Summaries

(for inclusion into other full OWASP presentations):



Join our mailing list | How to Join a Committee | Learn about other Global Committees