OWASP IoT Security Verification Standard
The OWASP Internet of Things Security Verification Standard (ISVS) is a community effort to establish a framework of security requirements for Internet of Things (IoT) applications. The requirements provided by the ISVS can be used at many stages during the product development life cycle including design, development, and testing of IoT applications.
IoT applications are often composed of many interconnected applications that together form a complex ecosystem. Securing an IoT application thus boils down to securing the ecosystem. The ISVS, therefore, specifies security requirements for embedded applications and the IoT ecosystem in which these reside while referring to existing industry-accepted standards as much as possible.
The ISVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, improve existing content, or provide your feedback, we suggest that you do so through:
- The OWASP ISVS Slack channel. You can sign up here.
- Through creating an issue or a pull request.
Before you start contributing, please check our contribution guide which should get you started.
Project Classification
Github Repository
https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS
OWASP Slack
Licensing
The guide is licensed under the Creative Commons Attribution-ShareAlike 4.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.