CHAPTER TENIndustry and Government Standards and Regulations
If you make ten thousand regulations you destroy all respect for the law.
– Winston Churchill
REGULATIONS IS AN IMMENSE TOPIC and this chapter covers the most popular and widely known that impact cybersecurity for start-ups. Each of these topics have books dedicated to those specific frameworks, regulations, and laws. So as you read through this chapter and find those that are applicable to you I recommend reading more about that specific topic.
These are also the most common standards and regulations you will see referenced in terms and conditions, which we reviewed in Chapter 9. You should be aware of each of these and be familiar with any that are mentioned in legally binding contracts with customers, partners, etc.
OPEN SOURCE
OWASP
The Open Web Application Security Project® (OWASP) is a community that has created a set of standards for writing secure code. Every few years they publish a list, called the OWASP Top 10, of the top vulnerabilities in software; these are mostly web applications. This is an important standard to know and follow if you are building a software-as-a-service product or any type of web or mobile application. Most penetration testing firms will evaluate you based on this standard or you can ask that it be evaluated when negotiating your statement-of-work (SOW).
There is no specific certification a company can get for this standard. Figure 10.1 provides a description of each application ...
Get Start-Up Secure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
