"OWASP SAMM 2.0: Your Dynamic Software Security Journey"
Building security into the software development and management practices of a company can be a daunting task. There are many elements to the equation: company structure, technology stacks, tools and processes, different stakeholders, competing priorities, etc. Implementing software assurance will have a significant, positive impact on an organization, yet trying to achieve this without a good framework often leads to marginal and unsustainable improvements.
The OWASP Software Assurance Maturity Model (OWASP SAMM) is a versatile maturity model for software assurance that provides a structural and measurable framework to guide you through these challenges. It provides an effective and measurable way to analyze and improve your software security posture, and enables you to formulate and implement an actionable strategy that is tailored to the risk profile of your organization.
After three years of preparation, the project team has delivered version 2.0 of OWASP SAMM! In this talk, we give an overview of the latest activities and cover:
(i) the core structure of the 2.0 model, which was redesigned and extended to align with modern development practices;
(ii) the new security practice streams & activities grouped in maturity levels;
(iii) the improved measurement model, now providing assessment of both coverage and quality;
(iv) the new & improved tools available, including the new OWASP SAMM toolbox, web application, and Benchmark project.
Speaker:
Sebastien Deleersnyder (OWASP SAMM co-leader, CEO Toreon)
Talk language: English
About the Speaker:
*********************
Seba ( / sebadele ) is co-founder and CEO of Toreon. He started the Belgian OWASP chapter, co-leads the OWASP SAMM project, and co-founded the yearly BruCON conference. With a background in development and many years of experience in security, Seba has trained countless developers to create more secure software. He adapts application security models to the evolving field of DevOps and brings Threat Modeling to a wider audience (including teaching Whiteboard Hacking at Black Hat).