OWASP Integration Standards

The goal of the Integration Standards project is to enable alignment between software security initiatives inside OWASP and outside. This alignment is much needed as initiatives can benefit from each other’s content, to save work in development and maintenance, but also to attain more consistency in the industry. This consistency is necessary to address the fragmentation of standards which has been making it hard for developers, testers, and clients to set and apply appropriate standards. More consistency allows for a shared understanding of security details, between developers, testers, and procurement.

One deliverable for this project is a repository that maps standards on a technical requirement level, bringing together requirements, testing strategies, countermeasures, and links to existing repositories of threats and weaknesses.

Another deliverable is a standardisation on how security initiatives can be integrated by exchanging data regarding different elements of the software development lifecycle (instructions, requirements, tests, test results, threats, findings).

Project roadmap

The below is a rough estimation as it is dependent on other projects’ time and availability.

  • End of Q1 2020: Design phase; the project has a clear vision on its deliverables, with proper feedback on its way forward.
    • ✔ Project repository was set with the clear intentions of the project
  • Start of Q2 2020: Plan the setup of the project and start tackling it, by first identifying the feeding projects and the links to be done between frameworks.
    • ✔ A list of OWASP projects and standards that are external to OWASP were chosen to launch the first iteration of the project.
  • End of Q3 2020: MVP release where a proper requirements set has been established and released for testing to be conducted on the standard being proposed.
    • ❌ This was pushed back due to several hardships, find below its new expectations.
    • ✔ WayFinder diagram was created and published.
    • ✔ OWASP in the SDLC article was written, reviewed, and published.
  • End of Q2 2021: Release of the backend APIs that will provide consumers with the requirements mapping based on pre-written sheets by the team.
  • End of Q3 2021: Release of the frontend MVP to help the community and consumers better visualize the requirements maps.

The roadmap will be adjusted as the project moves forward.

OWASP Projects Map

In an effort to provide a high level map of how OWASP’s projects link to the SDLC, a document detailing OWASP in the SDLC was done. In addition, we performed a study detailing OWASP in the Software Development LifeCycle, summarized in the WayFinder diagram: