Amsterdam, The Netherlands – Monday 02-09-2024
The National Cyber Security Centre (NCSC-NL), part of the Dutch Ministry of Justice and Security, has collaborated with Software Improvement Group (SIG) to innovate its newly updated security guidelines for web applications.
Since 2012, the
National Cyber Security Centre (NCSC-NL) has been publishing its
ICT security guidelines for web applications. The guidelines emphasize the importance of measures to prevent digital breaches and to enhance organizational digital resilience.
In its latest update, the guidelines now reference existing standards through the
OpenCRE platform for the first time. OpenCRE, an open-source platform founded through the
OWASP foundation coordinates security initiatives by linking various standards and guidelines into a single resource.
“New security standards often overlap with existing ones, not always being of much added value in the overall landscape. NCSC-NL gladly helps the users of our guidelines to link the measures to other existing standards via OpenCRE. If you already comply with another standard, you do not have to take the same measure twice." – Koen Sandbrink from the NCSC-NL
OpenCRE was created by software security professionals Rob van der Veer (SIG) and Spyros Gasteratos (Smithy). CRE stands for Common Requirement Enumeration. It harmonizes security standards and guidelines into a single resource at OpenCRE.org. For the framework of the Common Requirements,
Software Improvement Group (SIG), donated the
SIG software security model, which is peer-reviewed, and based on
ISO/IEC 25010. The model has been tried and tested since 2013 in numerous research projects and security engagements with SIG clients.
"We commend NCSC-NL for their vision and are extremely proud that OpenCRE is now used as the main reference mechanism to link to other standards. In addition, it’s great to see that SIG is acknowledged as a contributor to such an important resource.” – Rob van der Veer, co-founder of OpenCRE, and Senior Principal Expert at Software Improvement Group
OpenCRE is accelerating as a platform. Next to the NCSC-NL, organizations around the world are adopting OpenCRE, such as the Cloud Security Alliance, vendors such as Iriusrisk, Codific, and also SIG to enhance the recently released
AI explanation feature in their software assurance platform,
Sigrid®.
For more information, please visit
OpenCRE,
NCSC, or
Software Improvement Group’s website.
About Software Improvement Group
Software Improvement Group (SIG) leads in traditional and AI software quality assurance, empowering businesses and governments worldwide to drive success with reliable and robust IT systems. Sigrid® - its software excellence platform - analyzes the world’s largest benchmark database of over 200 billion lines of code across more than 18,000 systems in 300+ technologies, and intelligently recommends the most crucial initiatives for organizations. SIG complies with multiple ISO/IEC standards, including ISO/IEC 27001 and 17025, and has co-developed ISO/IEC 5338, the new global standard for AI lifecycle management. SIG was founded in 2000 and has offices in New York, Copenhagen, Brussels, and Frankfurt, and is headquartered in Amsterdam.
Sigrid, together with expert consultants, and nearly 25 years of industry-leading research, position SIG as the foremost authority on software excellence.
For more information, please visit Software Improvement Group's website or social media channels.
About OpenCRE
OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van der Veer, who joined forces to tackle the complexities and segmentation in current security standards and guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp Top 10 project. OpenCRE is an open-source platform overseen by the OWASP foundation