Software Security 5D Framework - Evolution of Security Verification

Explore the evolution of software security verification in this 31-minute OWASP Global AppSec Tel Aviv conference talk. Discover the OWASP Software Security 5D Framework and examine assessment data from various international companies. Learn how security practices have progressed from static reports to integrated lifecycle management of security bugs. Gain insights from Matteo Meucci, CEO and co-founder of Minded Security, as he shares his extensive experience in Application Security and his contributions to OWASP projects. Delve into topics such as application security dimensions, processes, testing, team dynamics, and industry standards. Understand why traditional security reports are becoming obsolete and explore more effective approaches to software security. Examine case studies from major companies and discuss the benefits and challenges of modern security practices. Conclude with a Q&A session addressing the trade-offs in implementing comprehensive software security measures.

Agenda
Questions
Example
The best approach
Application security dimensions
Framework
Processes
Testing
Team
Security
Standard
Big picture
Assessment results
Independent software vendor
Facebook
Comcast
PCI
Why your reports are dead
Why your reports are there
Why it works
Benefits
Vendor requirements
Presentation testing
Certificate of achievement
Conclusion
QA
Trade off