Open Source Auditing Framework
For service organizations this is a widely recognized internal control auditing standard.
Open source auditing framework. Fossid fulfils any security and confidentiality requirements as source code is never exposed to anyone but the rightful owner not to the acquiring company nor fossid as the auditing company. Audit4j is an open source auditing framework and specifically designed to capture audit events generated and triggered from various components throughout the enterprise applications. Audit4j is more focussed on business audit events however it also can be used to capture system audit events through extentions. These scale tools map warnings about possible code flaws i e alerts from code analysis tools to taxonomies of code flaws e g cert secure coding rules and common weakness enumeration cwe.
The scale auditing framework aggregates output from commercial open source and experimental analysis tools. The problem with open source software in general is that a few months years down the road chances of stagnation or death are high. Open source audits for maximum security and confidentiality. And from this came the statement on auditing standards sas no.
The book included how to document edp audits and examples of how to process internal control reviews. Fossid doesn t even need to know the identity of the target company. The result of this was the release of auditing edp.