Minutes of the Global Industry Committee meeting held by conference call on 18 May 2010.
- Yiannis Pavlosoglou
- Colin Watson
- David Campbell
- Eoin Keary
- Puneet Mehta and Dhruv Soi (IAB)
Discussions, Actions and Results
AF had given a presentation about application security (including OWASP and the Global Industry Committee) at ISSA Northern Virginia Chapter (ISSA-NOVA). YP has spoken about OWASP to ISSA UK's recent event at Bletchley Park which was received well. CW and YP had been involved with providing a response to the UK Information Commissioner's Office draft "Personal Information Online Code of Practice" and meeting with the UK Technology Strategy Board about the Secure Software Development Partnership (SSDP) following a lead from Justin Clarke.
There was no information about the Financial Services SIG.
CW is continuing to work on the ENISA Common Assurance Maturity Model with members of the OWASP Cloud ten project.
India Advisory Board (IAB)
Puneet Mehta and Dhruv Soi sent a summary of the the IAB's activities:
- IAB was formed in 2009 and consists of Leaders from IT, ITES, Academics and Government bodies.The complete list is available at http://www.owasp.org/index.php/OWASP_India_Advisory_Board.
- OWASP India along with Securitybyte launched a special CxO forum called India Technology Leadership Summit , a platform to discuss Information Security issues faced by CxO's today. The First in its series ITLS was a part of OWASP AppSec Asia 2009 that was held in India , Nov 2009 and focused on theme "Information Security concerns in Off-shoring". the platform brought together Panel of leaders representing Outsourcers, Service Providers and Regulators. The session was moderated by Prof. Howard Schmidt , the Special Cyber Security Strategist for White house. Some media coverage on the same is available at http://searchsecurity.techtarget.in/news/article/0,289142,sid204_gci1374697,00.html
- IAB is currently working with various Academics and Government bodies to standardize their Information Security Programs and align the same with established standards such as OWASP.
- Various awareness sessions have been conducted by IAB in the first quarter 2010 . The recent ones include
- Sessions conducted by Dhruv at CERT-India, CERT Army and various other Govt. agencies.
- Introductory Sessions conducted by me (Puneet) on OWASP Top 10 for Comptroller and Auditor General of India during their International IT Audit program 2010.
- The IAB meet up is being planned but the dates are not yet decided. Shall share the same once confirmed.
The GIC congratulated the IAB on its efforts.
DC will be undertaking a presentation about OWASP at the ISACA Denver Annual Meeting, and is organising the upcoming Front Range OWASP Conference 2010.
YP and CW will be at http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden AppSec Research EU] in Sweden next month.
Work with ENISA on their CAMM continues.
YP is trying to engage with AusCERT.
DC is continue to try to engage with Secure POS Vendor Alliance (SPVA).
The meeting wishes to discuss plans when more members are available.