OWASP IoT Project: A Great Ally for the IoT Candidate Schemes
The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.
The project team released the 2018 IoT Top 10 in December 2018 and the IoT Top 10 2018 Mapping Project in March 2019 with several on-going subproject releases scheduled for the end of the year. Although OWASP is not related to an information security certification scheme, OWASP methodologies, tools, and resources are widely recognized as an authoritative source within the industry.
One goal of the Cybersecurity Act is improving the state of IoT security. OWASP’s efforts are often used to develop security guidelines for developers and manufacturers alike but also for boosting IoT security assessment methodologies for later use on commercial IoT certification schemes. The experience and activities of the technical communities can be of great help in the development of the IoT candidate schemes.