A short while ago we blogged on the importance to us of sharing with the wider security community in relation to our NIST / ASVS mapping donation to OWASP.
Of course the OWASP Foundation exemplify the sharing philosophy as its many open source projects are run by volunteers and their knowledge base and tools leveraged in all types of institutions.
Our very own threat modeling platform IriusRisk comes complete with an expansive security knowledge base which includes OWASP security controls from the Application Security Verification Standard (ASVS) and The Mobile Application Security Verification Standard (MASVS) alongside other industry standards for our customers to design and develop secure applications.
In view of the sterling work done by OWASP we were pleased to make our financial donation and renew as a Corporate Contributing Member.
In making our donation we had the opportunity to earmark 40% of the funds for a project close to our heart and we chose the Cloud Security Project. As we wanted to leverage this opportunity to publicise the Cloud project we asked the project lead Fraser Scott to pen a few thoughts for this blog post:
The OWASP Cloud Security project is hugely honoured and grateful to Continuum Security for the donation.
The project came to life at the Open Security Summit in 2016 with the aim of bringing together the cloud security experience and expertise of the development, operations and security communities. Cyber security is fundamentally about people – it’s not just a never-ending process, it’s also a conversation. This project was created to enable that conversation.
We have big plans for 2019 and Continuum Security’s donation will really help us to deliver an awesome project backed by a vibrant community. We will be developing and delivering a workshop that teaches people how to threat model using the OWASP Cloud Security project content. Participants will come away with experience of threat modeling a cloud environment, a greater understanding of the threats and controls that apply in the cloud, and will have the opportunity to learn how to write new threat and control stories using BDD.
We look forward to seeing you at a workshop at a security conference near you soon!