How mature is your software security process?

Starts: Wednesday 09 June 2010, 5:15PM

Finishes: Wednesday 09 June 2010, 7:00PM

Venue: Ernst and Young, 11 Mounts Bay Road, Perth WA 6000

Topic: How mature is your software security process?

As the security industry continues to change its focus to application security a lot of companies who rely on software, developed either internally or externally, are wondering what they can do reduce the risk of security flaws.

Microsoft's Security Development Lifecycle (SDL) model can look appealing, however without a clear understanding of what your software security processes look like, it may be difficult to achieve any real improvements.

Implementing a holistic end-to-end software security process can often look like an impossible task, and while the end picture resembles Eden, it's often the first steps that everyone stumbles on. As the saying goes "You can't manage what you can't measure", and without a clear understanding of what your software security processes look like now it's unlikely that you can achieve any real improvements.

OWASP's Open Software Assurance Maturity Model, or OpenSAMM, aims to assist organisations, both big and small, in evaluating their existing software security practices and constructing a measurable, balanced program to increase their software security.

Wondering how this can help your internal development processes? Want to have a more rigid process to audit your externally developed software processes? Then perhaps OWASP's OpenSAMM project can assist.

Speaker: Christian Frichot

Christian Frichot is an active AISA member and OWASP member, currently employed by BankWest working within the Security Consulting Services team. His core responsibilities include phishing and online fraud response, security assessments, information risk assessments and other ad-hoc information security consulting.

Many thanks to our sponsors:

AISA thanks Ernst & Young for providing the venue for our Perth Branch meetings.