Software security maturity is often diluted down to the OWASP Top 10, leaving organizations with a simplistic & ineffective view of risks represented by their real-world attack surface. Where do these organizations then go, to realize a strategy that considers the complexity of their production stacks, including frameworks, platforms, languages, & libraries? This talk will focus on leveraging a software assurance maturity model to benchmark coverage & consistency of application security across the software development lifecycle.
If your organization has been considering formalizing your application security program, or just don’t know where to start, come to this talk to find out the pitfalls and opportunities of using a maturity model to guide a successful and ever-maturing application security program. Learn from Duo Security’s Application Security team about the benefits, challenges, and outcomes of what it takes to enable engineering & product teams to excel at their jobs, while providing world-class security.