Topics

Opinions/suggestions regarding security testing framework and approach targeting EdgeX California release?

Zeng, Tingyu
 

Hello community,

 

We just had our first security testing group meeting this morning and there are two security testing guides discussed.

 

1.       OWASP IoT top 10 and IoT security guidance https://www.owasp.org/index.php/IoT_Security_Guidance

OWASP is a collaboration of application security community and it’s top 10 list are well recognized and followed.

 

2.        IIC Endpoint security best practices https://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf

It was released about two weeks ago and categorizes the aspects of security of endpoint

 

 

As an initial efforts we are trying to map these guidance into EdgeX and evolve the security testing along future EdgeX releases. Let us know if you have different idea or suggestions. A draft will be provided to reflect our approach later.

 

 

Thanks,

Tingyu

 

 

Andrew Foster
 

Folks,

 

We’ve setup a Security Testing Subgroup page on the WikI  at https://wiki.edgexfoundry.org/display/FA/Security+Testing+Subgroup to keep track of future scheduled meetings, recordings, minutes, work items, documents etc.

 

Regards,

 

Andy

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Zeng, Tingyu
Sent: Tuesday, April 10, 2018 4:44 PM
To: EdgeX-TSC-Security@...
Subject: [Edgex-tsc-security] Opinions/suggestions regarding security testing framework and approach targeting EdgeX California release?

 

Hello community,

 

We just had our first security testing group meeting this morning and there are two security testing guides discussed.

 

  1. OWASP IoT top 10 and IoT security guidance https://www.owasp.org/index.php/IoT_Security_Guidance

OWASP is a collaboration of application security community and it’s top 10 list are well recognized and followed.

 

  1.  IIC Endpoint security best practices https://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf

It was released about two weeks ago and categorizes the aspects of security of endpoint

 

 

As an initial efforts we are trying to map these guidance into EdgeX and evolve the security testing along future EdgeX releases. Let us know if you have different idea or suggestions. A draft will be provided to reflect our approach later.

 

 

Thanks,

Tingyu