Difference between revisions of "Industry:Minutes 2011-06-16"

From OWASP
Jump to: navigation, search
m
Line 6: Line 6:
  
 
Present:  
 
Present:  
 
+
*Lorna Alamri
 +
*Sherif Koussa
 +
*Jerry Hoff
 +
*Kelly SantaLucia
 +
*Kate Hartman
 +
*Sarah Baso
  
  
 
Absent:  
 
Absent:  
 
+
*Joe Bernik (Chair)
 +
* Rex Booth
 +
*David Campbell
 +
*Colin Watson
 +
*Mauro Flores
 +
*Mateo Martinez
 +
*Alexander Fry
 +
*Nishi Kumar
  
  
Line 16: Line 28:
  
 
===Follow up on GIC Working Sessions at AppSec EU===
 
===Follow up on GIC Working Sessions at AppSec EU===
*3 sessions on Friday, June 10 2011 (second day of the conference)
+
3 sessions on Friday, June 10 2011 (second day of the conference)
**1st session:GIC Outreach Presentation 10:15-11:00 am, Lorna Alamri
+
*1st session:GIC Outreach Presentation 10:15-11:00 am
**2nd session: Gathering Information - Industry CISO Survey 12:05-12:50 pm, presented by Rex Booth
+
**Lorna Alamri replaced Nishi Kumar, who had a last minute work conflict and had to cancel her trip. 
**3rd session: Industry Roundtable discussion 3:00-3:45 pm, presented by Sarah Baso with remote participation by Joe Bernik<br/>
+
**Nishi provided the slide show and Lorna presented to about 5 people who were in attendance
 +
**Lorna Alamri - will follow up with email to attendees regarding industry outreach
 +
*2nd session: Gathering Information - Industry CISO Survey 12:05-12:50 pm, presented by Rex Booth
 +
**3 people in attendance (in addition to committee members - Lorna Alamri and Colin Watson)
 +
**Report/session notes from Rex Booth pending
 +
*3rd session: Industry Roundtable discussion 3:00-3:45 pm, presented by Sarah Baso with remote participation by Joe Bernik
 +
**Unattended
  
  
 
===Plans for AppSec USA===
 
===Plans for AppSec USA===
*Are we going to have Industry outreach session(s)/track?
+
Are we going to have Industry outreach session(s)/track?
 +
*Jerry Hoff is attending AppSec USA and is happy to assist with Industry Outreach, Sherif Koussa does not know yet if he will attend
 +
*If GIC wants to have outreach session(s) here similar to appsec EU, more planning and marketing needs to occur around the sessions to ensure their success
  
  
 
===SANS workshop in Washington DC===
 
===SANS workshop in Washington DC===
 +
*If interested, reply to [[mailto:rex.booth@owasp.org Rex Booth]] (email thread) who is coordinating this initiative
  
  
Line 35: Line 56:
  
 
*https://lists.owasp.org/pipermail/global_industry_committee/2011-May/000710.html
 
*https://lists.owasp.org/pipermail/global_industry_committee/2011-May/000710.html
 +
 +
*Any interest in comment on the NIST cloud computing guide? Sarah Baso to send out email reminder to GIC list to see if anyone is interested in taking this on.
 +
  
  
Line 42: Line 66:
  
  
===Are we doing anything with PCI Security Standards===
+
===Are we doing anything with PCI Security Standards?===
 
*https://lists.owasp.org/pipermail/global_industry_committee/2011-May/000711.html
 
*https://lists.owasp.org/pipermail/global_industry_committee/2011-May/000711.html
 
*https://www.pcisecuritystandards.org/communitymeeting/2011/  
 
*https://www.pcisecuritystandards.org/communitymeeting/2011/  
  
 +
*No current comments/interest in this initiative.
  
  
 
===GIC Governance Policies===
 
===GIC Governance Policies===
 
Currently listed here: https://www.owasp.org/index.php/Global_Industry_Committee_Governance
 
Currently listed here: https://www.owasp.org/index.php/Global_Industry_Committee_Governance
 
+
*Will be implemented based on no response from committee members, policies may be superceded by policies applying to all
  
 
==Next Meeting==
 
==Next Meeting==
TBA
+
2 weeks
 +
* 30 June, 2011 16:00 UTC/GMT
 +
*Dial in: +1-866-534-4754, code: 69277
 +
*Industry Outreach activities for AppSec USA will be priority discussion (considering lessons learned from AppSec EU).

Revision as of 11:10, 16 June 2011

Contents

Purpose

The Global Industry Committee was created during the OWASP EU Summit in Portugal 2008. The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.

Roll Call

Global Industry Committee Call: June 16, 2011 at 16:00 UTC/GMT

Present:

  • Lorna Alamri
  • Sherif Koussa
  • Jerry Hoff
  • Kelly SantaLucia
  • Kate Hartman
  • Sarah Baso


Absent:

  • Joe Bernik (Chair)
  • Rex Booth
  • David Campbell
  • Colin Watson
  • Mauro Flores
  • Mateo Martinez
  • Alexander Fry
  • Nishi Kumar


Open GIC Action Items

Follow up on GIC Working Sessions at AppSec EU

3 sessions on Friday, June 10 2011 (second day of the conference)

  • 1st session:GIC Outreach Presentation 10:15-11:00 am
    • Lorna Alamri replaced Nishi Kumar, who had a last minute work conflict and had to cancel her trip.
    • Nishi provided the slide show and Lorna presented to about 5 people who were in attendance
    • Lorna Alamri - will follow up with email to attendees regarding industry outreach
  • 2nd session: Gathering Information - Industry CISO Survey 12:05-12:50 pm, presented by Rex Booth
    • 3 people in attendance (in addition to committee members - Lorna Alamri and Colin Watson)
    • Report/session notes from Rex Booth pending
  • 3rd session: Industry Roundtable discussion 3:00-3:45 pm, presented by Sarah Baso with remote participation by Joe Bernik
    • Unattended


Plans for AppSec USA

Are we going to have Industry outreach session(s)/track?

  • Jerry Hoff is attending AppSec USA and is happy to assist with Industry Outreach, Sherif Koussa does not know yet if he will attend
  • If GIC wants to have outreach session(s) here similar to appsec EU, more planning and marketing needs to occur around the sessions to ensure their success


SANS workshop in Washington DC

  • If interested, reply to [Rex Booth] (email thread) who is coordinating this initiative


Nist Draft on Cloud Computing

  • NIST wants comments on its cloud computing guide, which includes

security concerns. The announcement is here: http://www.nist.gov/itl/csd/20110512_cloud_guide.cfm

  • Any interest in comment on the NIST cloud computing guide? Sarah Baso to send out email reminder to GIC list to see if anyone is interested in taking this on.


Nomination of IS Pros for the 2011 GISLAs


Are we doing anything with PCI Security Standards?

  • No current comments/interest in this initiative.


GIC Governance Policies

Currently listed here: https://www.owasp.org/index.php/Global_Industry_Committee_Governance

  • Will be implemented based on no response from committee members, policies may be superceded by policies applying to all

Next Meeting

2 weeks

  • 30 June, 2011 16:00 UTC/GMT
  • Dial in: +1-866-534-4754, code: 69277
  • Industry Outreach activities for AppSec USA will be priority discussion (considering lessons learned from AppSec EU).