Are you working on security requirements in software development, test or procurement? There is no need to re-invent the wheel. See the talk on how OWASP Application Security Verification Standard (ASVS) can help.
At the BSides Oslo conference, 23 May 2019, Erlend Andreas Gjære held a talk on OWASP ASVS. See his presentation in the video below, and download our ASVS spreadsheet to get started yourself.
You may already be familiar with OWASP Top 10, which is well suited for creating awareness about the most common security vulnerabilities in web applications. However, OWASP ASVS provides a more proactive approach to application security, offering detailed requirements based on a chosen risk profile.
The talk shows both how OWASP ASVS is appropriate as a template for security requirements in both code you develop yourself, and for applications that are procured from others.
We have in addition expanded the ASVS spreadsheet with a few columns which allow us to measure status over time, relative to a maturity scale which is similar to what we do for ISO27001 controls in our company.
If you are interested in learning more about the security in our own cloud services, feel free to ask. And please use our dedicated channel if you happen to have found a potential security vulnerability with us.