Press Release

OASIS Launches Initiative to Standardize Exposure Management Practices in Cybersecurity

GuidePoint Security, IBM, Tenable, and Industry Partners Collaborate to Establish Framework for Preventing, Assessing, and Resolving Technology Exposures

BOSTON, MA, 30 October 2025 — As cybersecurity organizations face increasingly complex technology footprints and evolving cyber threats, a unified approach to exposure management has never been more critical. OASIS Open, the global open source and standards organization, is launching the Open Exposure Management Framework (OEMF) Technical Committee (TC) to create a community-driven, standards-based framework to prevent, assess, and resolve organizational exposures in organizational technology.

“Having focused on find-and-fix security for the last decade, I understand the importance of having specific guidance on managing technology exposure,” said Chris Peltz, GuidePoint Security and OEMF TC Convener. “I’m excited to be part of this group of stellar professionals building the Open Exposure Management Framework, which will deliver guidance on best practices and enable organizations to finally begin preventing exposure at scale.”

The OEMF TC will develop a comprehensive exposure management lifecycle and capability requirements that integrate with existing cybersecurity frameworks such as NIST, CIS, and Gartner. Its deliverables will include vendor-agnostic best practices, a maturity assessment model, and tactical implementation guidance to help organizations maximize their security investments.

The TC’s work will also address data inconsistencies across disparate exposure sources and bridge secure design practices with operational security activities. By establishing a functional lifecycle, mapping capability requirements to recognized frameworks, and defining an industry-accepted maturity scale, the framework will equip organizations with the tools to prevent, assess, and resolve technology exposures. These resources will be particularly valuable for larger enterprises, public entities, and organizations that design their own infrastructure and applications.

The OEMF TC welcomes contributions from cybersecurity professionals, security vendors, enterprise practitioners, and anyone committed to advancing exposure management practices. The first meeting is Friday, 31 October 2025. To learn more about how to get involved in this collaborative effort, contact join@oasis-open.org.

Support for the OEMF Technical Committee

GuidePoint Security
“GuidePoint Security is proud to contribute to the development of the Open Exposure Management Framework, helping define what effective Exposure Management looks like across the industry. This collaboration marks a key milestone in uniting the cybersecurity community around a common approach to reducing exposure and commitment to staying ahead of evolving threats.”
-Chris Peltz, Director, Strategy and Solutions Architecture at GuidePoint Security

Tenable
“Exposure management is a transformational mindset shift and strategic approach to how organizations measure and reduce cyber risk. Instead of reacting, exposure management enables organizations to get ahead of attackers by resolving issues before they can be exploited. This is why it’s so important that Tenable collaborates with cybersecurity luminaries to build an exposure management framework that empowers organizations to successfully implement exposure management practices and focus on what matters most.” 
-Eric Doerr, Chief Product Officer, Tenable

Additional Information
OEMF Project Charter
OEMF TC Homepage

Media Inquiries:
OASIS Open: communications@oasis-open.org

The work of OASIS is supported by organizations from around the world. Members include:

View all our members