OWASP Working Session - OWASP Intra Governmental Affairs

De OWASP
Saltar a: navegación, buscar
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name OWASP Intra Governmental Affairs
Short Work Session Description Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors.
Related Projects

If any, add a link.

Email Contacts & Roles Chair
David Campbell
Secretary
Colin Watson , Puneet Mehta , Dhruv Soi
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  • Identify top reasons and driving factors to work with Government of different countries,
  • Identify potential areas where OWASP and Government can work together,
  • Discuss Measurable benefits,
  • Identify possible ways on how to approach this initiative.
Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
Date&Time
November 5 & 7, 2008
Time TBD
Discussion Model
"Everybody is a Participant"
WORKING SESSION OPERATIONAL RESOURCES
Projector, also wireless connection for conferencing in remote participants. NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively.
WORKING SESSION ADDITIONAL DETAILS

Presentation prepared by Puneet and DC to seed discussion and summarize outcomes, updated with outputs of working group.

Working Session Notes

Ideas to put up for Vote Captured during Session

WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. After the Board Meeting - fill in here.
Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards After the Board Meeting - fill in here.
Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee. Assign a primary point of contact for gov't interaction for each country. Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP. After the Board Meeting - fill in here.
Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira After the Board Meeting - fill in here.
Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD After the Board Meeting - fill in here.
Fill in here. After the Board Meeting - fill in here.

Working Session Participants

(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
1 David Campbell OWASP Denver Experience w/ US Govt. agencies
2 Puneet Mehta OWASP Delhi Experience w/ India Govt. Agencies
3 Sion Camilleri OWASP Belgium Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies
4 Colin Watson Watson Hall Raising awareness of OWASP in government agencies
5 Rex Booth Grant Thornton LLP Experience with US gov. agencies
6 Lucas C. Ferreira Brazilian Parliament Work for Brazilian government
7 Arturo 'Buanzo' Busleiman Independent I have certain vinculations with the Argentinian government.
8 Fabio Cerullo AIB Bank interested in the topic
9
10

If needed add here more lines.