In security it is important to understand the whole chain: from weakness to requirement, to code examples to tests. However, so far there hasn’t been a solid way to interconnect Standards, Documentation and Tooling. Standards writers often work in isolation, Tooling authors rightly focus on quality results instead of comprehensive information about those results. The open source initiative openCRE.org helps you connect Standards with several other sources of information: It links topics across multiple standards, including the OWASP: Top 10, ASVS, Pro-active controls, Testing guide, Cheat sheets,CSA CCMv3, CWE, NIST 53 and 63b, in order to achieve end to end visibility of application security, from requirements to implementation and testing.
Spyros is an OWASP volunteer and is currently helping Fintechs with AppSec. He maintains several Open Source projects including the security automation framework Dracon, and opencre.org. Also, he usually doesn’t speak about himself in the third person.