What is a software security initiative and do I need one?

Building an AppSec program or software security initiative is going to involve a combination of the right tools, the right activities, and the right culture. In this talk I will present an overview of the various building blocks for a successful software security initiative.

When it comes to building secure software there is no single technique or tool that will solve the challenge for you. Many tools and techniques help you find issues, and this is often where there is a lot of focus. Fixing the issues and preventing them from happening in the first place can be harder challenges to solve. I will discuss some lessons learned from the past 20 years of software security, and introduce a variety of activities that will help you strike the balance between finding, fixing and preventing security issues in your software.

Is your boss looking a little pale after meeting with some auditors? Are you getting tired of penetration testing reports that show the same old security issues? Did someone just find an embarrassing vulnerability in your web app / microservice / smart home device? Are you looking for how to avoid this happening again, or curious about how to avoid it in the first place? Then this talk is for you!