Last year the concept of OpenKAT was presented when the project wasn’t
open source yet. Meanwhile it is, used in practice, expanded and new subprojects have been added while preserving our feline elements. Also the focus isn’t just technical compliance alone, but also compliance with standards based on technical facts and corresponding documents.
In the talk we touch on the technology and show how the approach of OpenKAT supports many aspects of your security (and compliance) need just by selecting sensible open source tools. Ultimate for security it is key how we deal with getting the PDCA-cycle effectively in use.
We also touch what the projects delivers for security, transparency, community-driven development, and access to experts. The talk also introduces many lessons learnt and security observations we put into source code to the best of our ability.