How to Implement an SDL in a Large Company

Learn how to implement a Secure Development Lifecycle (SDL) in a large company through this comprehensive conference talk. Explore the challenges and strategies for integrating security practices into the development process, using Bosch as a case study. Discover the importance of SDL, shared security responsibilities, and effective change management. Gain insights into coding guidelines, security tooling, review processes, and the Product Excellence Process. Examine lessons learned, including the value of collaboration, leveraging existing infrastructure, and avoiding the pitfall of trying to do everything at once. Understand the significance of governance, quality argumentation, and measurable results in achieving faster approvals and overall success in implementing an SDL in a large corporate environment.

Intro
Introduction
About Bosch
Business Sectors
How to Implement an SDL
Why an SDL
Security Shared Responsibility
Example
Change Management
How did we do
Bosch example
Coding guidelines
Security tooling
Review process
App review
Guidelines
Product Excellence Process
The Future
Lessons Learned
Collaboration
Reuse Existing Process Infrastructure
Do Everything at Once
Governance
Quality argumentation
Conclusion
Measureable Results
Faster Approval
Questions