OWASP Integration Standards

The goal of the Integration Standards project is to facilitate technical interaction between software security initiatives inside OWASP and outside: links between documents and exchange between tools. More interaction reduces fragmentation and complexity of the standard landscape which has been making it hard for developers, testers, and procurement to set and apply appropriate standards and attain a shared understanding.

This project produced three results:

• The Open Common Requirement Enumeration or OpenCRE: a revolutionary mechanism to link standards and guidelines together on multiple levels of topics, providing a harmonized resource for requirements, testing strategies, tool rules, countermeasures, and links to existing repositories of threats and weaknesses. OpenCRE is live at opencre.org. Where all standards come together.
• The Security wayfinder (see below): an interactive overview of OWASP projects and how they are related
• A study of OWASP in the SDLC (see report)

The Security wayfinder

We mapped OWASP projects in a diagram of the Software Development LifeCycle, summarized in the interactive WayFinder below, which is featured on multiple key locations on the OWASP website: