Opinions/suggestions regarding security testing framework and approach targeting EdgeX California release?

Zeng, Tingyu <tingyu.zeng@...>

Hello community,


We just had our first security testing group meeting this morning and there are two security testing guides discussed.


1.       OWASP IoT top 10 and IoT security guidance https://www.owasp.org/index.php/IoT_Security_Guidance

OWASP is a collaboration of application security community and it’s top 10 list are well recognized and followed.


2.        IIC Endpoint security best practices https://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf

It was released about two weeks ago and categorizes the aspects of security of endpoint



As an initial efforts we are trying to map these guidance into EdgeX and evolve the security testing along future EdgeX releases. Let us know if you have different idea or suggestions. A draft will be provided to reflect our approach later.







Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.