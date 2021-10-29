



Charlie Osborne October 29, 2021 12:35 UTC Updated: October 29, 2021 12:37 UTC

Collaboration focuses on creating vendor-neutral security standards

Industry giants, including Google and Salesforce, have announced the creation of a vendor-neutral security baseline for enterprises.

Googles Royal Hansen, Vice President of Security, called Minimal Executable Secure Product (MVSP), said in a blog post Wednesday that the scheme would establish a minimum permissible security baseline for the enterprise.

In particular, this project focuses on protecting companies that outsource to inter-company software developers and suppliers.

According to a survey conducted by Opus and the Ponemon Institute, 59% of US organizations suffer from data breaches caused by third parties, including vendors.

In a report published by ENISA on software supply chain attacks in Europe, 62% of incidents began with malware deployments and more than 60% of attacks abused customer trust in suppliers. In total, 58% of reported attacks were focused on data theft.

The MVSP baseline focuses on the minimum standards considered necessary for a rational security regime. Its creators include Google, Salesforce, Okta, and Slack.

To keep things simple, the group has adopted a checklist to help users get things done. This includes:

Vulnerability Report Website Contact Response to Vulnerability Report Managed in a Reasonable Period Annual Penetration Test NIST SP800-88 or Equivalent Data Sanitization Establish a Minimal Tolerance Content Security Policy Secure backup

Appropriate to stay competitive and be considered suitable for future business by creating basic standards that organizations are expected to maintain, regardless of the cybersecurity solution they employ or their favorite vendors. You can put pressure on your enterprise to maintain a good level of security. relationship.

MVSP highlights[s] Opportunities for improvement [can] Executives commented that they would use well-defined benefits to increase visibility within the organization.

Hansen added that these controls also reduce the complexity of contracts, legal negotiations and compliance.

We recommend that all companies building B2B software or processing sensitive information under its broadest definition implement the listed controls.

Google and other project members are also seeking feedback from the community and contributions to the MVSP baseline.

Together, we can raise the minimum security standards for the industry as a whole and make everyone safer, Hansen added.

