March 27, 2023

EP114 Minimal Viable Secure Product (MVSP) - Is That a Thing?

28 minutes

Guest:

Chris John Riley, Senior Security Engineer and a Technical Debt Corrector @ Google

Topics:

We’ve heard of MVP, what is MVSP or Minimal Viable Secure Product?
What problem is MVSP trying to solve for the industry, community, planet, etc?
How does MVSP actually help anybody?
Who is the MVSP checklist for? Leaders or engineers?
How does MVSP differ from compliance standards like ISO 27001, or even SOC 2?
How does Google use MVSP? Has it improved our security in some way?
How to balance the dynamic nature of security with minimal security basics?
The working group has recently completed a control refresh for 2022, what are some highlights?

Resources:

Mvsp.dev
SLSA Levels
MVSP (Minimum Viable Secure Product) Compliance
“Phantoms in the Brain” book
”Strengthen Basic Security Hygiene With a Two-Pronged Security Architecture Approach”
FIRST Impressions podcast

...more

By Anton Chuvakin

4.8

3838 ratings

March 27, 2023

28 minutes

Guest:

Chris John Riley, Senior Security Engineer and a Technical Debt Corrector @ Google

Topics:

We’ve heard of MVP, what is MVSP or Minimal Viable Secure Product?
What problem is MVSP trying to solve for the industry, community, planet, etc?
How does MVSP actually help anybody?
Who is the MVSP checklist for? Leaders or engineers?
How does MVSP differ from compliance standards like ISO 27001, or even SOC 2?
How does Google use MVSP? Has it improved our security in some way?
How to balance the dynamic nature of security with minimal security basics?
The working group has recently completed a control refresh for 2022, what are some highlights?

Resources:

Mvsp.dev
SLSA Levels
MVSP (Minimum Viable Secure Product) Compliance
“Phantoms in the Brain” book
”Strengthen Basic Security Hygiene With a Two-Pronged Security Architecture Approach”
FIRST Impressions podcast