🦝 A Sneak Peak Into Security Reviews with the Community

Conference: Cloud Native SecurityCon North America 2023

Authors: Ragashree MC

Summary

The presentation discusses the importance of security assessment in software development and how to perform one. It also introduces the Security Assurance Framework (SAF) and how it can be used to improve the security posture of software projects.

Security assessment is about examining the architecture and posture of a software project to give a holistic view of its security goals and alignment.
Assets, actors, and goals are important factors to consider in performing a security assessment.
The prioritization of threats is based on their impact and likelihood, and the response should be preventive, recovery-based, or detection-based.
The Security Assurance Framework (SAF) is a community resource that provides a process for projects to perform self-assessment and joint assessment with volunteers from the Technical Advisory Group (TAG).
The SAF aims to improve the security posture of software projects and make the assessment process more transparent and accessible.

The speaker shared that before the SAF was introduced, the process of joining the TAG and performing a security assessment was not transparent. As a student, it was unclear how to get started and who to approach. The SAF was created to provide a clear visibility of what needs to be done and to make the assessment process more accessible to everyone. The SAF also aims to make security assessment a community resource by encouraging feedback and improvement suggestions from all stakeholders.

Abstract

In this talk, we explore the need for open source security reviews, how they are different from audits, and how they are used. We will share the TAG contributions with respect to the upcoming Security guide and provide a sneak peek into its contents. Finally, we also start the dialog on to get onboard and involve in the development of this guide

Materials:

Tags: