Guest:

• Chris John Riley, Senior Security Engineer and a Technical Debt Corrector @ Google

Topics:

• We've heard of MVP, what is MVSP or Minimal Viable Secure Product?

• What problem is MVSP trying to solve for the industry, community, planet, etc?

• How does MVSP actually help anybody?

• Who is the MVSP checklist for? Leaders or engineers?

• How does MVSP differ from compliance standards like ISO 27001, or even SOC 2?

• How does Google use MVSP? Has it improved our security in some way?

• How to balance the dynamic nature of security with minimal security basics?

• The working group has recently completed a control refresh for 2022, what are some highlights?

Resources:

• Mvsp.dev

• SLSA Levels

• MVSP (Minimum Viable Secure Product) Compliance

• "Phantoms in the Brain" book

• "Strengthen Basic Security Hygiene With a Two-Pronged Security Architecture Approach"

• FIRST Impressions podcast