michael.coates at owasp.org
Tue Sep 20 16:16:32 UTC 2016
Thanks Tom. Happy to chat more with anyone who's interested.
Overall I think VSA will be another organization to help provide visibility
and standardization to the security landscape. Instead of having each
company (who is doing diligence on a potential vendor) apply a their own
custom security evaluation of a potential vendor, which are often in unique
formats and cause vendors to start from ground zero, the idea is to move to
a standardized approach. Through standardization there's an opportunity to
provide greater visibility to expectations, advance the state of security,
and enable vendors to prepare for a standard approach with customers
(enables speed and simplifies engagements).
"In collaboration with the VSA, top security experts and experienced
compliance officers will release a yearly questionnaire to benchmark their
risk. Companies can leverage this questionnaire to qualify vendors and
ensure the appropriate controls are in place to improve security for
More to come there.
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board
On Tue, Sep 20, 2016 at 8:26 AM, Tom Brennan - OWASP <tomb at owasp.org> wrote:
> Michael, congratulations on the VSA effort
>> Look forward on understanding how OWASP can help support this community
>> discussion effort as soon as AppSecUSA
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board