EP114 Minimal Viable Secure Product (MVSP) - Is That a Thing?

Guest: Chris John Riley, Senior Security Engineer and a Technical Debt Corrector  @ Google  Topics: We’ve heard of MVP, what is MVSP or Minimal Viable Secure Product? What problem is MVSP trying to solve for the industry, community, planet, etc? How does MVSP actually help anybody? Who is the MVSP checklist for? Leaders or engineers? How does MVSP differ from compliance standards like ISO 27001, or even SOC 2? How does Google use MVSP? Has it improved our security in some way? How to balance the dynamic nature of security with minimal security basics? The working group has recently completed a control refresh for 2022, what are some highlights?  Resources: Mvsp.dev  SLSA Levels MVSP (Minimum Viable Secure Product) Compliance “Phantoms in the Brain” book ”Strengthen Basic Security Hygiene With a Two-Pronged Security Architecture Approach” FIRST Impressions podcast