Loading…
Thank you for joining us at our 20th Anniversary Event! All sessions were recorded and will be posted in the coming weeks on the OWASP YouTube channel.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, to gain access to the session links.

Back To Schedule
Friday, September 24 • 2:30pm - 3:00pm
The future is simple - introducing the CRE

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Abstract:
​This presentation marks the official go-live of the Common Requirement Enumeration initiative, as an interactive linking platform across standards and guidelines.
Software is becoming more important for us every day, and at the same time software security is complex and not getting any easier. This is our calling as appsec professionals. To deal with this, we have built great tools and helpful standards and guidelines. But because there is no single silver bullet, we now face the big challenge to combine all these separate solutions into an integrated approach – to make it easier for the experts, but above all: to bring application security within reach of a larger group of people. This is essential because the shortage of application security superheroes is not expected to go away. Therefore, the key to a secure future is to make appsec more accessible. More simple.
Unfortunately, making things simple is not easy. Within OWASP, an initiative to drive integration has started in 2020, with the Integration standards project. Its goal is to link and align key standards (OWASP and others), by providing a unified framework to attain more consistency, completeness, overview and clarity.
One of the results has been the Appsec wafyinder: an interactive map of the key OWASP projects.
Another, more substantial effort is the Common Requirement Enumeration(CRE): a semantic web that links standards at the level of topics, within OWASP and beyond (NIST, PCI-DSS, ISO/IEC, MITRE, CIS etc etc). The CRE ties all standards and guidelines together and allows people to jump from source to source to learn more on a specific subject. For example, the CRE links an ASVS check to the corresponding Testing guide section, with the right Cheat sheet, Pro-active control and Top 10 entry.
This meta-mapping is self-maintaining, so when standards refer to other standards using the CRE: those links will automatically stay up to date. The important side-effects of this integration are increased consensus, more clarity and a mutual understanding of what application security is for developers, ops, testers, security teams, management, procurement and other stakeholders, across domains. No more silos. The future is simple.
This presentation officially launches the CRE, discusses the extensive research that has been done on the landscape of appsec standards and describes how alignment is created through the unified CRE framework - positioning OWASP as a driver of community-based global consensus .​​​
​​​​


Speakers
avatar for Rob van der Veer

Rob van der Veer

Principal consultant, Software Improvement Group
Rob van der Veer has a 25-year background in building secure software and running software businesses. Cyber security and privacy have been constant themes in his career, from hacking into the British RAF in 1986, to building AI solutions for national security. Rob is the principal... Read More →
avatar for Spyros Gasteratos

Spyros Gasteratos

AppSec Tech Lead Manager, Thought Machine
Spyros has been helping developers ship secure code for 10 years.He has been an OWASP volunteer since 2012 and he is currently the Product Security lead in the fintech company Thought Machine. He contributes to several Open Source projects including the security automation framework... Read More →


Friday September 24, 2021 2:30pm - 3:00pm EDT
On-Line