Problems You'll Face When Building a Software Security Program

Discover common challenges in implementing software security programs and learn effective strategies to overcome them in this 36-minute LASCON conference talk. Gain insights from nearly a decade of experience in building security initiatives, understand the complexities of integrating security into development processes, and explore practical tips for improving your company's software security. Learn how to engage with various teams, handle email communications, address meta problems, conduct security training, manage inventories, work with operations, perform security assessments, and deal with external researchers. Acquire valuable knowledge on vulnerability management and scanning techniques to enhance your organization's overall security posture.

Intro
Outline
Security Engagement
First real world story
Engaging other teams
Email deals
Meta problems
QA
Security training
References
Inventory
Work with Ops
Scanning
Unmap
Security Assessment
Scanning Tips
External Researchers
Blackmail
Vuln Management