Click here to Download this video
OpenCRE.org - Universal Translator for Security
OWASP Foundation OWASP Foundation
63.9K subscribers
203 views
0

 Published On Feb 14, 2024

Slides: https://static.sched.com/hosted_files...

In security, it is important to understand the whole chain: from regulation to business risk, to requirement, to code example, to vulnerability, to test method, to tool configurations. However, so far there hasn’t been a solid way to interconnect standards, documentation, and tooling. Standards writers often work in isolation, and tooling authors rightly focus on quality results instead of comprehensive information about those results. The open source initiative OpenCRE.org connects all these sources of information: It links topics across multiple standards, including the Top 10, ASVS, Pro-active controls, Testing guide, Cheat sheets, SAMM, SSDF, ISO27001, CSA CCMv3, CWE, CAPEC, PCI-DSS, NIST 800-53 and 63b. It further links code samples and offensive tooling configurations or rules. That way it serves as a universal translator, to connect every role involved: executive, compliance officer, procurement, architect, developer,and tester. This talk takes you through how openCRE.org works, how we have brought all these standards together, how we used AI in a revolutionary way, and how you can benefit in your work as a manager, builder, breaker, buyer, or standard maker! The intended audience for this talk is anyone involved with Application Security and looking for an easy-to-use guide, mapping standards to regulations to code and configurations.

Spyros Gasteratos
OWASP
Security Engineer

Spyros is an OWASP volunteer and professionally is currently helping Fintechs with AppSec. He maintains several Open Source projects including Dracon, opencre.org and others. Also, he usually doesn’t speak about himself in the third person.

Rob van der Veer
Software Improvement Group
Principal consultant
Amsterdam Area, Netherlands

Rob van der Veer has a 30 year background in building secure software and running software businesses. AI, cyber security and privacy have been constant themes in his career, from hacking into the British RAF in 1986, to building AI solutions for national security. At the Software Improvement Group, Rob established the practices for AI, security and privacy. He is also involved in several standardization initiatives (e.g. OWASP SAMM, ENISA, ISO/IEC 5338, CIP, AI security & privacy guide, EU AI-act, and the EU Cyber Resilience Act). He co-leads the OWASP integration project, with OpenCre.org as a key result.

Managed by the OWASP® Foundation
https://owasp.org/

show more

Share/Embed

Up next Autoplay