Opinions/suggestions regarding security testing framework and approach targeting EdgeX California release?
Zeng, Tingyu <tingyu.zeng@...>
We just had our first security testing group meeting this morning and there are two security testing guides discussed.
1. OWASP IoT top 10 and IoT security guidance https://www.owasp.org/index.php/IoT_Security_Guidance
OWASP is a collaboration of application security community and it’s top 10 list are well recognized and followed.
2. IIC Endpoint security best practices https://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf
It was released about two weeks ago and categorizes the aspects of security of endpoint
As an initial efforts we are trying to map these guidance into EdgeX and evolve the security testing along future EdgeX releases. Let us know if you have different idea or suggestions. A draft will be provided to reflect our approach later.