Why Secure Development Programs Are Essential for Application Security

Explore the critical components of a successful Secure Development Program in this AppSecUSA 2015 conference talk. Delve into the integration of security practices with various development lifecycles, including Waterfall, Agile, and DevOps. Learn how to effectively allocate limited resources, establish security requirements early in the development process, and create a comprehensive application security strategy. Discover practical insights from both public and private sector experiences, and understand how a robust Secure Development Program can justify its existence while supporting risk management initiatives. Gain valuable knowledge on balancing security needs with development speed, implementing proactive security measures, and fostering a security-conscious culture within your organization.

Introduction
Johns background
Family
What is SDLC
Goal of a Knapsack Program
Knapsack Program Components
Executive Sponsorship
Develop a Hammer
Know Your Baseline
Maturity
Build the bridge
Eat your own policy
Application portfolio
What do we expect
Testing
What is secure
What defines secure
Authorization
Architecture Reference
Training and Awareness
Chris Romeo
Security activities
Security integration strategies
Maturity path
Waterfall SDLC example
Scale
Continuous Improvement
Know Your Tools
Benchmark OS
Integration Model
Continuous Integration Model
The Future of DevOps
Distribution
Team Expansion
Vulnerability Analysis
Best Practices
Summary
Questions