Crawl, Walk, Run: Living the PSIRT Framework

Crawl, Walk, Run: Living the PSIRT Framework

With its June, 2017 draft release, the PSIRT Framework from FIRST established a new era in product security formalization. A quick search of FIRST member organizations show a 5:1 disparity of CSIRT-to-PSIRT members represented, providing a data point to what many industry experts already know -- formal product security programs are much more rare than their corporate counterparts.

This presentation will detail the journey, hurdles, and outcomes of using the PSIRT Framework to take a hard look at formalizing an existing application security team's efforts into a more holistic program. Topics will include executing a program gap analysis, deciding on how to re-mediate identified gaps, organizing a PSIRT across functional teams, processes we utilize, execution of a product security advisory process, and other parts of our organization's implementation of the framework to guide our program maturity.

Curious how to take your team's best-effort product security and level it up? Attend this talk and you'll gain real-world value from the experiences our team took to do just that.

9eaada9384c46142a8fd246f11cb9bef?s=128

Mark Stanislav

June 27, 2018
Tweet

Transcript

  1. 1.
  2. 7.
  3. 9.

    Labs Corporate Security Application Security Security Researchers Product R&D Data

    Science Security Analysts Trust & Compliance Offensive Security Application Security Engineers Corporate Security Engineers Cloud Security Engineers
  4. 11.
  5. 12.
  6. 16.
  7. 17.
  8. 19.
  9. 20.
  10. 25.
  11. 26.
  12. 27.
  13. 32.