Cloud Vulnerabilities Working Group

Overview of CSA Cloud Vulnerabilities Working Group

Founded by the CSA APAC region in May 2013, the CSA Cloud Vulnerabilities Working Group is global working group chartered to conduct research in the area of cloud computing vulnerabilities, with the goals of understanding and educating the classification and exact causes of cloud computing vulnerabilities, recommendations and best practices for the reduction of top vulnerabilities, reporting of vulnerabilities and the development of related tools and standards.

What's New about Cloud Vulnerabilities?

While cloud computing offers features such as 24/7 availability and elasticity, it faced a new dimension of challenges and vulnerabilities caused by scale, and the challenges of keep systems live and dynamic. It is therefore of maximum benefit to the cloud computing community and industry, if a global vulnerability working group focuses on cloud-related problems and not disparate vulnerability research in the areas of network, storage or systems. It is most effective if we target the problems as a 'cloud' problem, as the underlying backend of many cloud systems have dependency relationships between different components, levels of services (IaaS, PaaS, SaaS), backend physical infrastructure and human processes.

Vision and Goals

This is a challenging area, which requires careful planning and research, and a strong participation from a global community. As such, this working group aims to conduct its research in three phases:

Phase 1. Establishment of a taxonomy for Cloud Vulnerabilities based on statistical data.
Phase 2. Creation of a cloud vulnerability feed documentation mechanism/ format/ protocol.
Phase 3. Portal established for cloud vulnerability reporting and tools.

Cloud Vulnerabilities Working Group Leadership

Dr Ryan Ko, Cyber Security Lab, University of Waikato, New Zealand

Cloud Vulnerabilities Working Group Calendar | Events in Pacific Time

Download Cloud Vulnerabilities Working Group Related Documents

Cloud Computing Vulnerability Incidents:  A Statistical Overview

Cloud Computing Vulnerability Incidents: A Statistical Overview

In an attempt to ascertain Cloud Computing reliability, 11,491 news articles on cloud computing-related outages from 39 news sources between Jan 2008 and Feb 2012 – effectively covering the first five years of cloud computing – were reviewed.

Release Date: May 31, 2013

Cloud Vulnerabilities Working Group News

May 21, 2014


Updates include Vulnerabilities Working Group publications, support of academic research conferences, and highlights from the CSA Hong Kong and Macau Chapter.

May 16, 2013

Cloud Security Alliance APAC Defines 2013-2014 Research Roadmap

The APAC region leadership team has published its research roadmap for 2013-2014.