Explore key insights from implementing software security programs in this 38-minute conference talk. Discover the challenges, timing considerations, and data quality issues faced during implementation. Learn about essential components such as software security training, threat modeling, design review, and security testing. Understand the importance of vendor management, vulnerability management, and aggregation in maintaining a robust security program. Examine the tradeoffs involved and how to effectively use metrics to measure success. Gain valuable knowledge on best practices and lessons learned to enhance your organization's software security initiatives.
Overview
Syllabus
Intro
Overlap
Challenges
Timing
Data Quality
Software Security
Software Security Training
Threat Modeling
Design Review
Security Testing
Vendor Management
Vulnerability Management
Aggregation
Tradeoffs
Metrics
Key Points
Conclusion
