OWASP AppSec DC 2012/Integrating Application Security into your Lifecycle andProcurement

The Presentation
The panel aims to explore how organizations track and improve their coverage of vulnerabilities when they assess the software they build and/or buy. How do your organizations select the most effective tools and techniques to find each kind of vulnerability? What factors aid in choosing whether or not to automate or manually seek out particular vulnerabilities? ...finally, how does your organization track the above selection of assessment tools and techniques, attest to review compliance, and track quality vs cost? =============================== We can populate this panel with vendors, yes, or we can populate it with organizations that use those vendors and get clearer, more actionable advice. I have some people in mind.

The Speakers
John Steven