OWASP Integration Standards
The goal of the Integration Standards project is to enable alignment between software security initiatives inside OWASP and outside. This alignment is much needed as initiatives can benefit from each other’s content, to save work in development and maintenance, but also to attain more consistency in the industry. This consistency is necessary to address the fragmentation of standards which has been making it hard for developers, testers, and clients to set and apply appropriate standards. More consistency allows for a shared understanding of security details, between developers, testers, and procurement.
One deliverable for this project is a repository that maps standards on a technical requirement level, bringing together requirements, testing strategies, countermeasures, and links to existing repositories of threats and weaknesses.
Another deliverable is a standardisation on how security initiatives can be integrated by exchanging data regarding different elements of the software development lifecycle (instructions, requirements, tests, test results, threats, findings).
The below is a rough estimation as it is dependent on other projects’ time and availability.
- End of Q1 2020: Design phase; the project has a clear vision on its deliverables, with proper feedback on its way forward.
- Start of Q2 2020: Plan the setup of the project and start tackling it, by first identifying the feeding projects and the links to be done between frameworks.
- End of Q3 2020: MVP release where a proper requirements set has been established and released for testing to be conducted on the standard being proposed.
The roadmap will be adjusted as the project moves forward.
OWASP Projects Map
In an effort to provide a high level map of how OWASP’s projects link to the SDLC, a document detailing OWASP in the SDLC was done. In addition, we performed a study detailing OWASP in the Software Development LifeCycle, summarized in the WayFinder diagram: