Read the Community Blog

New data security pattern

I finally got round to finishing the draft of the data security pattern.

Fortunately (perhaps less so for the civil servants concerned) the UK government has had some major data protection issues of late, and consequently have issued some great guidance materials in the form the of Poynter and Hannigan reports, which I have used to form the backbone of the pattern.

Interested in getting a sense if you think this is a worthy architectural topic, and if this is a hot spot for you. We're planning to move this into the pattern section in the next couple of days.


OSA presentation at OWASP chapter meeting

At the recent OWASP Switzerland chapter meeting, I have presented OSA. We have got some positive and constructive feedback and look forward to more contributors :-).  Most importantly we have heard again that also for security architecture pattern applies: "the more the merrier" Laughing

You can find the presentation here:

OSA Presentation 2009 April


ISO and COBIT mapping

I've spent the last couple of days adding ISO17799 and COBIT mappings to the controls catalog. If you check any of the controls you will now see the mapping details at the bottom. You can also search for ISO or COBIT references using the search function in the menu bar to return a list of controls if you want to do a reverse lookup!

In the coming week I will also generate a table that lists controls and mappings in a single table.

We've been meaning to do this for a while now, but it's taken some time, as it made sense to get the underlying controls into a database so we can easily add mappings in future and regenerate the catalog really fast. Now the control catalog is in the database we can start to consider some neat tricks with web services and client side queries, which would allow us to start thinking about browser based design tools.

If you have any thoughts on additional mappings, or ways we could develop in the coming months let us know.

Looking for contributors for the secure development pattern

We just started the discussion on secure development lifecycle.
We would be very happy if you could post your experience in this field.
Which expectations are realistic?
Which activities paid back?

the OSA core team

OSA News January 09

Please find a short summary of recent changes on the Open Security Architecture website:

-> We have just published a draft of the Cloud Computing pattern. This covers the issues you will face if you are looking to exploit the new wave Cloud Computing services. We would still welcome additional comments before the pattern is finally approved.

-> A secure development pattern is being started.

-> The new icon packs and templates have been uploaded which make the patterns clearer to understand and use.

-> We continue to work on the first release of the OSA threat catalog. Progress has been slow but we hope to have something ready for the first quarter of 2009.

Our membership and visitors continue to grow with a great representation across industry sectors and global geography. We'd really appreciate feedback on progress we have made, and further improvements you want to see. Write a sentence or two and send to This email address is being protected from spambots. You need JavaScript enabled to view it. to let us know!

Best regards
The OSA core team