Sign up to save your podcasts
Or
Share Chris John Riley -- MVSP: Minimum Viable Secure Product
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Chris John Riley -- MVSP: Minimum Viable Secure Product
Chris John Riley joins Chris and Robert to discuss the Minimum Viable Secure Product. MVSP is a minimalistic security checklist for B2B software and business process outsourcing suppliers. It was designed by a team that included experts from Google, Salesforce, Okta, and Slack. The MVSP objectives are targeted at startups and other companies creating new applications, helping such organizations meet security standards expected by larger enterprises like Google. The MVSP is designed to be accessible for users, as a way to streamline the process of vendor assessment and procurement from the start to the contractual control stages.
Using MVSP, developers and application security enthusiasts can establish a baseline for building secure applications. MVSP includes controls about business operations, application design, implementation, and operational controls. For instance, it encourages third-party penetration testing on applications, as it believes that every product has an issue somewhere and needs regular testing to maintain a good security posture. The controls are designed to be reasonable and achievable, but also evolutionary to keep up with changes in the cybersecurity landscape.
Moving forward, MVSP intends to continue updating its guidelines to reflect the realities of the software development landscape but to keep the number of controls manageable to maintain wide acceptance. Chris encourages firms to consider MVSP as a baseline during the Request for Proposal (RFP) process to ensure prospective vendors meet the required security guidelines.
Links:
- Minimum Viable Secure Product: https://mvsp.dev/
Recommended Books:
- Cybersecurity Myths and Misconceptions... by Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra:
- https://www.pearson.com/en-us/subject-catalog/p/cybersecurity-myths-and-misconceptions-avoiding-the-hazards-and-pitfalls-that-derail/P200000007269/9780137929238
- Phantoms in the Brain: Probing the Mysteries of the Human Mind by V.S. Ramachandran
- https://www.harpercollins.com/products/phantoms-in-the-brain-v-s-ramachandran?variant=32130994110498
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View all episodes
By Chris Romeo and Robert Hurlbut
5
3636 ratings
Chris John Riley joins Chris and Robert to discuss the Minimum Viable Secure Product. MVSP is a minimalistic security checklist for B2B software and business process outsourcing suppliers. It was designed by a team that included experts from Google, Salesforce, Okta, and Slack. The MVSP objectives are targeted at startups and other companies creating new applications, helping such organizations meet security standards expected by larger enterprises like Google. The MVSP is designed to be accessible for users, as a way to streamline the process of vendor assessment and procurement from the start to the contractual control stages.
Using MVSP, developers and application security enthusiasts can establish a baseline for building secure applications. MVSP includes controls about business operations, application design, implementation, and operational controls. For instance, it encourages third-party penetration testing on applications, as it believes that every product has an issue somewhere and needs regular testing to maintain a good security posture. The controls are designed to be reasonable and achievable, but also evolutionary to keep up with changes in the cybersecurity landscape.
Moving forward, MVSP intends to continue updating its guidelines to reflect the realities of the software development landscape but to keep the number of controls manageable to maintain wide acceptance. Chris encourages firms to consider MVSP as a baseline during the Request for Proposal (RFP) process to ensure prospective vendors meet the required security guidelines.
Links:
- Minimum Viable Secure Product: https://mvsp.dev/
Recommended Books:
- Cybersecurity Myths and Misconceptions... by Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra:
- https://www.pearson.com/en-us/subject-catalog/p/cybersecurity-myths-and-misconceptions-avoiding-the-hazards-and-pitfalls-that-derail/P200000007269/9780137929238
- Phantoms in the Brain: Probing the Mysteries of the Human Mind by V.S. Ramachandran
- https://www.harpercollins.com/products/phantoms-in-the-brain-v-s-ramachandran?variant=32130994110498
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More shows like The Application Security Podcast
View all
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,020 Listeners
Thoughtworks Technology Podcast
43 Listeners
Darknet Diaries
8,066 Listeners
Application Security Weekly (Audio)
12 Listeners
Application Security Weekly (Video)
4 Listeners
Cybersecurity Today
179 Listeners
CISO Series Podcast
189 Listeners
The Peter Attia Drive
8,493 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners
The Rundown
413 Listeners
The Security Table
2 Listeners