Rob van der Veer
Rob van der Veer
The problem this change addresses is that the current 'is the same as' is a wrong description. For the normal links we have the description of 'is linked to'. The...
@aramhovsepyan SSDF and SP800 are about different worlds. SSDf PO.1.2 refers to requirement to have the process of identifying security requirements and documenting them. The SP800-53 SA-8 is NOT about...
@northdpole done?
Dunno where this came from, but the hyperlink seems like a key element in the data to me, for users of the endpoint.
@northdpole If you would put SAMM left and CRE right, you will get a list of SAMM controls and how it is linked to OpenCRE. That can be helpful. For...
@northdpole done?
@northdpole I think the board is keen to use OpenCRE and to unlock OWASP content. Making it mandatory perhaps to achieve a certain project status: that would help. So we...
Does it also provide the second option: providing an optional topic text for us to harvest? And how do you link to a NIST section, with all the spaces?
Let's then go for CAPEC first, as it is oriented towards appsec and not networks - the Att&ck framework is about that. More info: https://capec.mitre.org/about/attack_comparison.html I believe Christian from Core...