Security Testing Subgroup
Key Sub-Group Facts
Subgroup Creation Date: April 10, 2017
Subgroup Chair: Andy Foster (IOTech)
Mailing Lists
- QA/Test team’s mail alias: edgex-tsc-qa-test@lists.edgexfoundry.org
- To subscribe or unsubscribe via the World Wide Web, visit: https://lists.edgexfoundry.org/g/EdgeX-TSC-QA-Test
and
- Security team’s mail alias: edgex-tsc-security@lists.edgexfoundry.org
- To subscribe or unsubscribe via the World Wide Web, visit: https://lists.edgexfoundry.org/g/EdgeX-TSC-Security
Discussion Forums
- #qa-test on https://chat.edgexfoundry.org/
and
- #security on https://chat.edgexfoundry.org/
Meeting Time
Security Testing Meetings are are open to the public.
- The next Security Testing meeting will be posted here.
Work Items
We just had our first security testing group meeting this morning and there are two security testing guides discussed.
OWASP IoT top 10 and IoT security guidance https://www.owasp.org/index.php/IoT_Security_Guidance . OWASP is a collaboration of application security community and it’s top 10 list are well recognized and followed.
IIC Endpoint security best practices https://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf .It was released about two weeks ago and categorizes the aspects of security of endpoint
As an initial efforts we are trying to map these guidance into EdgeX and evolve the security testing along future EdgeX releases. Let us know if you have different idea or suggestions. A draft will be provided to reflect our approach later.
Meeting Minutes & Recordings
- April 10, 2018: Meeting Recording