The World Needs “Open Source Security Best Practices”

Continuously, there are client questions about best practices on a myriad of different ideas, technologies and strategies. Put four or five information security teams together and some of the basics shake out but the higher-level best practices remain “under discussion”.

We need a better way to make this happen. We need a wikipedia-like, open source discussion mechanism for best practices that can bring people together, establish baselines and encourage discussion of the sticking points. I would have MSI attempt this, but as a vendor, it should be viewed as a conflict of interest. That said though, someone needs to support an interactive way to make this discussion feasible, free, open and accessible. SANS, OWASP, CISecurity and others are all good starts and highly powerful as organizations, but we need some open group to establish an open forum that creates, revises and reaches consensus on best practices for everything from system settings to physical access processes.

Perhaps this exists already and I just can’t seem to find it. But, neither can the other folks that ask for this type of information. If it is out there, we as infosec professionals need to do a better job of making it known.

If you have an organization willing to undertake such a project, or are willing to lead a group to undertake such a task – drop us a line. We would love to contribute.

This entry was posted in General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply