OpenCRE

Calling all security professionals: Let’s connect standards! We're excited to take OpenCRE to the next level by inviting the community to add standards to the system, using a new easy method. What is OpenCRE? OpenCRE.org is a free open-source initiative by the OWASP? Foundation that connects all security standards in one place. It includes: - An easy way for you to link to all the resources on a specific security topic. - Browse, search, explore, map analysis, and AI: - The world’s first security chatbot, powered by this comprehensive knowledge base. - Adoption by major initiatives: a range of 15 standards,?the Cloud Security Alliance, Nationaal Cyber Security Centrum (NCSC-NL), and tool vendors such as CODIFIC, IriusRisk, Software Improvement Group and Smithy. New contribution opportunity! We have just launched a streamlined way for you to contribute mappings of your favourite standards to the OpenCRE catalog. By contributing: ?? The standard will be instantly connected to all other standards in OpenCRE. ?? Links to it will appear alongside related topics. ?? Users will be able to map the standard completely to each of the other standards, using the map analysis tool. ?? The standard's content is used as input to OpenCRE chat. No more mapping everything to everything! Just link to OpenCRE. Together, let’s make OpenCRE’s the Rosetta stone of security, creating clarity across the board. Want to know more? For more background on OpenCRE, watch our talk at the OWAP Global Appsec 2024 conference in Lisbon: https://lnkd.in/ezCZXDAZ The talk also covers MyOpenCRE, which allows you to run OpenCRE on your premises and integrate your own security policies and guidelines. We currently are piloting this with a user group and plan to launch it soon. How to contribute: Read the instructions: https://lnkd.in/epD9ds4J To see the mapping template that ls linked from the instructions(Excel): - On your desktop: https://lnkd.in/eK7R8Xf7 - On your mobile: LinkedIn will not allow you and give an error. Please share this post to let others know about this unique opportunity to shape the future of security standards. In the picture below you see from left to right the OpenCRE core team: Spyros G., Paola Garcia Cardenas, and Rob van der Veer. Notice the OpenCRE polo with the new logo and a part of our taxonomy graph ?? . #security #appsec #securitycompliance #cybersecrity

Calling all security professionals: Let’s connect standards! We're excited to take OpenCRE to the next level by inviting the community to add standards to the system, using a new easy method. What is OpenCRE? OpenCRE.org is a free open-source initiative by the OWASP? Foundation that connects all security standards in one place. It includes: - An easy way for you to link to all the resources on a specific security topic. - Browse, search, explore, map analysis, and AI: - The world’s first security chatbot, powered by this comprehensive knowledge base. - Adoption by major initiatives: a range of 15 standards,?the Cloud Security Alliance, Nationaal Cyber Security Centrum (NCSC-NL), and tool vendors such as CODIFIC, IriusRisk, Software Improvement Group and Smithy. New contribution opportunity! We have just launched a streamlined way for you to contribute mappings of your favourite standards to the OpenCRE catalog. By contributing: ?? The standard will be instantly connected to all other standards in OpenCRE. ?? Links to it will appear alongside related topics. ?? Users will be able to map the standard completely to each of the other standards, using the map analysis tool. ?? The standard's content is used as input to OpenCRE chat. No more mapping everything to everything! Just link to OpenCRE. Together, let’s make OpenCRE’s the Rosetta stone of security, creating clarity across the board. Want to know more? For more background on OpenCRE, watch our talk at the OWAP Global Appsec 2024 conference in Lisbon: https://lnkd.in/ezCZXDAZ The talk also covers MyOpenCRE, which allows you to run OpenCRE on your premises and integrate your own security policies and guidelines. We currently are piloting this with a user group and plan to launch it soon. How to contribute: Read the instructions: https://lnkd.in/epD9ds4J To see the mapping template that ls linked from the instructions(Excel): - On your desktop: https://lnkd.in/eK7R8Xf7 - On your mobile: LinkedIn will not allow you and give an error. Please share this post to let others know about this unique opportunity to shape the future of security standards. In the picture below you see from left to right the OpenCRE core team: Spyros G., Paola Garcia Cardenas, and Rob van der Veer. Notice the OpenCRE polo with the new logo and a part of our taxonomy graph ?? . #security #appsec #securitycompliance #cybersecrity

For any who missed our software engineer Dimitar Raichev’s talk at the OWASP? Foundation event in San Francisco, we have just published an article summarising insights on bridging compliance standards. Most organisations have to deal with multiple security standards and frameworks, therefore bridging compliance standards is extremely valuable for them. In this article, learn why mapping between security frameworks is essential, the different mapping types, how to approach it manually, and more. Check it out here: https://lnkd.in/eM2YSiiV

I'm immensely proud to have forged a coalition between the global security community and formal standardization bodies, to create more robust and effective standards. ?? OWASP? Foundation and standardization organization CEN and CENELEC have established an official liaison partnership, effectively opening up formal standards development to the open-source collaboration of security practitioners and researchers everywhere. ?? In today’s rapidly evolving landscape, especially with AI, it is critical to bring in as much expertise as possible to create robust standards. But traditionally it has been challenging for Standard Development Organizations and experts to find each other and collaborate, especially researchers and small to medium enterprises. I experienced this firsthand when writing the ISO/IEC 5338 AI lifecycle standard. Simultaneously, OWASP? Foundation has been looking for good ways to disseminate the great work of their 8,000-people security community, including fabulous tools, guidelines, and frameworks. So, we hooked them up ?? The final signature of this partnership was put on paper last Friday, after a process that took eight months. What a moment! Press releases will follow after the summer holidays, but I couldn’t wait to share this with you. The bridge we've built has already produced magnificent results. We managed to get 70 pages of our work accepted into the global standard on AI security: ISO/IEC 27090. Additionally, the same work from the OWASP AI Exchange plays a key role in the AI Act security standards. This was possible as I'm a member of various working groups and lead the OWASP AI Exchange, but we needed to secure this relationship independently of my involvement. So we started a formal liaison procedure with CEN/CENELEC leading to all member countries voting unanimously on OWASP collaboration. Currently, the focus is on AI security, but more OWASP initiatives will follow. If you lead an OWASP project and are interested, or if you want to start an OWASP project to contribute to security standards, send me a message. I am the liaison representative until OWASP’s standardization committee becomes active. This is excellent news for practitioners, standard makers, and citizens. It adds to recent OWASP successes, such as the standardization of OWASP CycloneDX SBOM/xBOM Standard and the adoption of OpenCRE by the Cloud Security Alliance, vendors, and the Dutch government. This wouldn’t have been possible without the vision of the OWASP global board, my all-star OpenCRE team, the amazing group at the OWASP AI Exchange, the many great OWASP projects including the OWASP Top 10 For Large Language Model Applications, and the drive of Software Improvement Group, who support my mission and donated AI and security frameworks. I love it when a plan comes together. ISO - International Organization for Standardization/ IEC (International Electrotechnical Commission) #ai #securitystandards #aisecurity #security

I'm immensely proud to have forged a coalition between the global security community and formal standardization bodies, to create more robust and effective standards. ?? OWASP? Foundation and standardization organization CEN and CENELEC have established an official liaison partnership, effectively opening up formal standards development to the open-source collaboration of security practitioners and researchers everywhere. ?? In today’s rapidly evolving landscape, especially with AI, it is critical to bring in as much expertise as possible to create robust standards. But traditionally it has been challenging for Standard Development Organizations and experts to find each other and collaborate, especially researchers and small to medium enterprises. I experienced this firsthand when writing the ISO/IEC 5338 AI lifecycle standard. Simultaneously, OWASP? Foundation has been looking for good ways to disseminate the great work of their 8,000-people security community, including fabulous tools, guidelines, and frameworks. So, we hooked them up ?? The final signature of this partnership was put on paper last Friday, after a process that took eight months. What a moment! Press releases will follow after the summer holidays, but I couldn’t wait to share this with you. The bridge we've built has already produced magnificent results. We managed to get 70 pages of our work accepted into the global standard on AI security: ISO/IEC 27090. Additionally, the same work from the OWASP AI Exchange plays a key role in the AI Act security standards. This was possible as I'm a member of various working groups and lead the OWASP AI Exchange, but we needed to secure this relationship independently of my involvement. So we started a formal liaison procedure with CEN/CENELEC leading to all member countries voting unanimously on OWASP collaboration. Currently, the focus is on AI security, but more OWASP initiatives will follow. If you lead an OWASP project and are interested, or if you want to start an OWASP project to contribute to security standards, send me a message. I am the liaison representative until OWASP’s standardization committee becomes active. This is excellent news for practitioners, standard makers, and citizens. It adds to recent OWASP successes, such as the standardization of OWASP CycloneDX SBOM/xBOM Standard and the adoption of OpenCRE by the Cloud Security Alliance, vendors, and the Dutch government. This wouldn’t have been possible without the vision of the OWASP global board, my all-star OpenCRE team, the amazing group at the OWASP AI Exchange, the many great OWASP projects including the OWASP Top 10 For Large Language Model Applications, and the drive of Software Improvement Group, who support my mission and donated AI and security frameworks. I love it when a plan comes together. ISO - International Organization for Standardization/ IEC (International Electrotechnical Commission) #ai #securitystandards #aisecurity #security

On behalf of the OpenCRE team, I am very proud to share a significant milestone in streamlining security standards: The Netherlands has selected OpenCRE for the latest update of its NCSC government guidelines to secure web applications. OpenCRE is OWASP? Foundation's unifying framework for security standards. It allows the Dutch guidelines to focus on their main message, and use single OpenCRE links to refer to the wealth of information available in key security standards for developers, testers, security officers, etc. The open-source community ensures the links don’t break, and the content grows and remains up-to-date. The Dutch guidelines are here: https://lnkd.in/e4tQKr_4 I congratulate the Nationaal Cyber Security Centrum (NCSC-NL), part of the Ministry of Justice and Security. The key principle is shown in the diagram: The guidelines describe the basics, and then, for more information, they use links to OpenCRE(OpenCRE.org/cre/470-731) to direct readers to an overview of the common requirement ‘Minimize session life’, which outlines what to do. Each underlying requirement includes clickable deep links to detailed information on verification, implementation, testing, and related resources. OpenCRE offers numerous advantages: ? Comprehensive access: With one simple link, readers can access more information on a topic across a growing list of 15 key standards, using deep links to go straight to the content. ? Reference clarity: The common requirement makes the purpose of the reference clear. ? Open: OpenCRE is open-source, and its community continually extends content and updates links. ? Insightful: Users can click through related topics to learn more, search, browse, and explore. ? Compliance: OpenCRE provides map analysis to see how standards link to each other. ? AI assistance: OpenCRE-chat is an AI that answers security questions and provides links to the corresponding standards. ? MyOpenCRE: This upcoming feature allows OpenCRE to be deployed internally within organizations, linking their policies, guidelines, and requirements. Once a guideline, like the new NCSC document, links to OpenCRE, it automatically links to the related internal resources as well. With Spyros G. I founded OpenCRE to create more clarity and alignment in the security industry. We link all security standards together and offer a gateway: a universal security translator for developers, testers, security officers, procurement, and auditors. Kudos to everybody who helped along the way, including Software Improvement Group who were key contributors to the OpenCRE structure, and assisted the NCSC with the recent OpenCRE integration. The continued success of OpenCRE is a testament to the tremendous strength of worldwide collaboration between security professionals—powered by OWASP. #security #cybersecurity #appsec #standards