CWRAF – Common Weakness Risk Assessment Framework

500px-Risk_Management_Framework.svg
Source: Wikipedia

Anything which needs to be managed before an event occurs termed to be Risk. When it comes to building or using software in a business scenario needs lot of assessment of risk. I came across CWRAF from a not-for-profit organization MITRE which provides a comprehensive framework to address security risk for application in the business context using Vignettes.Typical risk management framework from wikipedia is given in wikipedia.

There is also an excellent paper which refer information security in analogy with “Clean Water Act” and how CWRAF can help in the process. Its worth reading. Interestingly CWRAF framework starts from weakness where any other risk framework starts from the Threat. Its always weakness becomes a Threat so CWRAF addresses the risk from that perspective.

Also its very important to understand that there could be generic Security guidelines such as OWASP Top 10 which are followed while developing or implementing a product, but there are very high chances that those security guidelines are CWRAF Framework Stepseither not sufficient or not needed. This is to be determined based completely on the business need. This is were CWRAF using the CWSS (Common Weakness Scoring System) comes to the rescue.

The steps outlined in the below given picture will hep you to understand the steps involved in establishing risk assessment for a business need. Please note that already vignettes are available form the CWRAF website for E-Commerce, Banking, SCADA based applications which can be refined or reused.

Advertisements

Setting up cloud my Devstack experience

In this post I will share my experience with setting up cloud in a virtual box with Devstack.

My Environment:

  • Ubuntu 14.04 Trusty
  • Virtualbox
  • Intel x86 64-bit
  • 8GB RAM
  • 150 GB HDD

Steps followed:

1. Completed acquiring an Ubuntu OVA image from virtualbox.org

2. Used the username and password as provided and logged in to the virtal machine

3. http://docs.openstack.org/developer/devstack/ is the guide which is to be adopted

4. you need to install git by using apt-get install git-core before the next step

5. Issue the command git clone https://git.openstack.org/openstack-dev/devstack

6. This will create a folder devstack

6. Navigate to devstack for issuing ./stack.sh to start the cloud

7. you might get an error message when you run the ./stack.sh as die, make sure you use FORCE=yes ./stack.sh

8. Once you overcome these hurdles it will check for different password for nova, horizon, etc., then the build of the devstack will be in progress

and finally…


Top 5 reasons to adopt cloud strategy

You have developed innovative products for Client/Server or Platform Specific. Still not moved to cloud ? There are very high chances that you are already silo’ed in the market out or your product is still ¬†going strong with existing market. Must you can find the top 5 reasons why your product development must adopt cloud strategy.

1. Product to suit ubiquitous computing

The product development can be made to suit different devices and still can tap wide market. Makes selling easier.

2. Quicker upgrades to product

Same set of features available to all the customer on single deployment. Means less support headaches.

3. Staying ahead with technology

Since the product is on cloud, you are forced to stay ahead or in alignment with technology. Less technical debt.

4. Scale as your customers grow

No upfront investments. Scale the product and its capability as your grow. Growth at will. Dev ops will help.

5. Make money based on want and needs

Modular your product and deploy in cloud. Give what the customers want not what you have. More ways to make money.