AppSecEU08 Software Security State of the Practice 2008

Jump to: navigation, search


Using the framework described in my book “Software Security: Building Security In”---built around the three pillars of software security: risk management, the touchpoints, and knowledge---I will discuss and describe the state of the practice. This talk is peppered with real data from the field, based on my work with several large financial services companies as a Cigital consultant. Really, the software security field is just getting started, but we are making important forward progress, and the future looks bright.

More information: