CWRAF – Common Weakness Risk Assessment Framework

Source: Wikipedia

Anything which needs to be managed before an event occurs termed to be Risk. When it comes to building or using software in a business scenario needs lot of assessment of risk. I came across CWRAF from a not-for-profit organization MITRE which provides a comprehensive framework to address security risk for application in the business context using Vignettes.Typical risk management framework from wikipedia is given in wikipedia.

There is also an excellent paper which refer information security in analogy with “Clean Water Act” and how CWRAF can help in the process. Its worth reading. Interestingly CWRAF framework starts from weakness where any other risk framework starts from the Threat. Its always weakness becomes a Threat so CWRAF addresses the risk from that perspective.

Also its very important to understand that there could be generic Security guidelines such as OWASP Top 10 which are followed while developing or implementing a product, but there are very high chances that those security guidelines are CWRAF Framework Stepseither not sufficient or not needed. This is to be determined based completely on the business need. This is were CWRAF using the CWSS (Common Weakness Scoring System) comes to the rescue.

The steps outlined in the below given picture will hep you to understand the steps involved in establishing risk assessment for a business need. Please note that already vignettes are available form the CWRAF website for E-Commerce, Banking, SCADA based applications which can be refined or reused.


Need for Bridge in IoT world

Goshree_bridge_kochiBridges has a got significance in our lives:

  • It connect two cities or locations
  • It handles multiple transport (Two Wheeler, Four Wheeler, Pedestrians)
  • It helps crosses hurdles such as water, traffic, sea, hills, etc.,

Who would not have crossed bridges in their lifetime. Bridges in fact saves lot of time when you you build, consume it right!!

In the future there could be various devices need to talk to each other in different protocols using approaches like OPC, STOMP,, MQTT, etc., At that juncture bridging will be very much essential to succeed in IOT Projects

What is Bridging with respect to IoT?

My own definition of Bridging means “connecting interfaces of two brokers to communicate with each other seamlessly”.

When bridging is  required?

One broker has special capabilities than the other. Broker A might be very good at handling Text based protocols and Broker B may be very good with Pub/Sub mechanism and very light weight. These brokers A and B might be required to give a optimal solution. These kind of scenarios demand Bridging.

Real-time use cases could be:

  • Devices may be using some data formats and protocols due to connectivity constraints such as latency. We can use bridge to use the transfer data to anther broker which can handle or convert to another data format.
  • To aggregate data to one central location
  • To create restrain for the client directly not connect to the Broker for security reasons.

Top 5 reasons to adopt cloud strategy

You have developed innovative products for Client/Server or Platform Specific. Still not moved to cloud ? There are very high chances that you are already silo’ed in the market out or your product is still  going strong with existing market. Must you can find the top 5 reasons why your product development must adopt cloud strategy.

1. Product to suit ubiquitous computing

The product development can be made to suit different devices and still can tap wide market. Makes selling easier.

2. Quicker upgrades to product

Same set of features available to all the customer on single deployment. Means less support headaches.

3. Staying ahead with technology

Since the product is on cloud, you are forced to stay ahead or in alignment with technology. Less technical debt.

4. Scale as your customers grow

No upfront investments. Scale the product and its capability as your grow. Growth at will. Dev ops will help.

5. Make money based on want and needs

Modular your product and deploy in cloud. Give what the customers want not what you have. More ways to make money.