OWASP AppSec DC 2012/Overcoming the Quality vs Quantity Problem in SoftwareSecurity Testing

Revision as of 20:03, 11 March 2012 by Mark.bristow (talk | contribs)

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

The current state of software security poses a very serious problem when it comes to technology. Does the organization strive for more quality, or quantity in uncovering critical software security defects? Unfortunately as a result of the constraints of many security organizations' budgets and available resources these critical components are often mutually exclusive. Organizations shouldn't have to sacrifice quality for quantity, or vice versa their software security programs.
While obtaining good quantity of coverage (both inside a single application from a static and dynamic perspective and across the enterprise application landscape) is critical to understanding the total threat profile of an organization, the organization simply can't forego the quality aspect because a poor test can not only provide a false statement of compliance but create the illusion of security. So what can organizations constrained by resources, capital and knowledge do to balance quantity against quality in their software security programs?
How can people, process, and technologies be leveraged to effectively balance the quantity vs. quality scale? The speaker will address this very critical balance from a vendor-neutral, technology-agnostic perspective, giving developers, quality analysts and security testers the perspective necessary to provide optimal balance.

The Speakers

Rafal Los

Owasp logo normal.jpg

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg