On this week’s episode of Reimagining Cyber about launching the OWASP Verification Standard (OVS), Stan Wisseman and Rob Aragao talk with Tom Brennan, CIO for Mandelbaum Barrett law firm and North America Executive Director for CREST. The three of them talk about the history of CREST, the new OWASP Verification Standard (OVS), and its connection with the OWASP Application Security Verification Standard (ASVS).

CREST was established in 2006 as an international non-profit organization that represents the global cyber security industry. The organization’s goal is to help create a secure digital world for all by quality assuring its members and delivering professional certifications to the cyber security industry through a rigorous quality assurance process so others can have confidence in the cyber security services they consume. CREST Americas offers programs across six cyber security communities, which include: government, regulators, buying community, service suppliers, training and academia, and professional bodies.

Recently, CREST collaborated with the Open Web Application Security Project, better known as OWASP, to launch the OWASP Verification Standard (OVS). OVS is a new quality assurance standard for the global AppSec industry. It is designed to provide mobile and web app developers with superior security assurance and accredited organizations with improved access to the expanding application development industry. Brennan gave an overview of OVS’s ability to execute and deliver assessments related to the different levels of the OWASP Application Security Verification Standard (ASVS). ASVS provides a source for testing web application technical controls and provide developers a list of secure development requirements. Its aim is to normalize the variety of coverage and level of rigor accessible in the market to verify web application security by using a commercially workable open standard. By including ASVS, CREST was able to support the open-source community to build and support global standards.

Brennan believes that OVS is useful to many organizations, as long as they meet the qualifications needed. It gives you the opportunity to conduct assessments against existing codebases and determine where issues may exist before the buyer gets involved in code quality issues or licensing problems. Brennan also goes to say that “OVS allows not only the Americas, but for organizations around the world [to] demonstrate taking something that is a global, acceptable best practice by the OWASP individuals and experts… [so it] can be utilized in a commercial way very easily and quite honestly very accepted.” OVS is providing a global standard of expectations for consumers of software.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.