Industry:Minutes 2011-06-16

Purpose
The Global Industry Committee was created during the OWASP EU Summit in Portugal 2008. The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.

Roll Call
Global Industry Committee Call: June 16, 2011 at 16:00 UTC/GMT

Present:
 * Lorna Alamri
 * Sherif Koussa
 * Jerry Hoff
 * Kelly SantaLucia
 * Kate Hartman
 * Sarah Baso

Absent:
 * Joe Bernik (Chair)
 * Rex Booth
 * David Campbell
 * Colin Watson
 * Mauro Flores
 * Mateo Martinez
 * Alexander Fry
 * Nishi Kumar

Follow up on GIC Working Sessions at AppSec EU
3 sessions on Friday, June 10 2011 (second day of the conference)
 * 1st session:GIC Outreach Presentation 10:15-11:00 am
 * Lorna Alamri replaced Nishi Kumar, who had a last minute work conflict and had to cancel her trip.
 * Nishi provided the slide show and Lorna presented to about 5 people who were in attendance
 * Lorna Alamri - will follow up with email to attendees regarding industry outreach
 * 2nd session: Gathering Information - Industry CISO Survey 12:05-12:50 pm, presented by Rex Booth
 * 3 people in attendance (in addition to committee members - Lorna Alamri and Colin Watson)
 * Report/session notes from Rex Booth pending
 * 3rd session: Industry Roundtable discussion 3:00-3:45 pm, presented by Sarah Baso with remote participation by Joe Bernik
 * Unattended

Plans for AppSec USA
Are we going to have Industry outreach session(s)/track?
 * Jerry Hoff is attending AppSec USA and is happy to assist with Industry Outreach, Sherif Koussa does not know yet if he will attend
 * If GIC wants to have outreach session(s) here similar to appsec EU, more planning and marketing needs to occur around the sessions to ensure their success

SANS workshop in Washington DC

 * If interested, reply to [mailto:rex.booth@owasp.org Rex Booth] (email thread) who is coordinating this initiative

Nist Draft on Cloud Computing
security concerns. The announcement is here: http://www.nist.gov/itl/csd/20110512_cloud_guide.cfm
 * NIST wants comments on its cloud computing guide, which includes


 * https://lists.owasp.org/pipermail/global_industry_committee/2011-May/000710.html


 * Any interest in comment on the NIST cloud computing guide? Sarah Baso to send out email reminder to GIC list to see if anyone is interested in taking this on.

Nomination of IS Pros for the 2011 GISLAs

 * https://www.isc2awards.org/

Are we doing anything with PCI Security Standards?

 * https://lists.owasp.org/pipermail/global_industry_committee/2011-May/000711.html
 * https://www.pcisecuritystandards.org/communitymeeting/2011/


 * No current comments/interest in this initiative.

GIC Governance Policies
Currently listed here: https://www.owasp.org/index.php/Global_Industry_Committee_Governance
 * Will be implemented based on no response from committee members, policies may be superceded by policies applying to all

Next Meeting
2 weeks
 * 30 June, 2011 16:00 UTC/GMT
 * Dial in: +1-866-534-4754, code: 69277
 * Industry Outreach activities for AppSec USA will be priority discussion (considering lessons learned from AppSec EU).