Software Integrity

 

Software security initiative capabilities: Getting started

A software security initiative (SSI) often begins with one of three common security capabilities:

  • Penetration testing
  • Code review
  • Some sort of secure design review (e.g., threat modeling)

During this year’s OWASP AppSec California, Synopsys’ Jim DelGrosso presented on the benefits and drawbacks of these software security initiative capabilities. Watch as he illustrates how each capability fits into building a mature SSI. The presentation also examines when and how tools and people fit into a mature SSI, defect discovery techniques, and how to control risk with third-party software and technology.

You’re just a few steps away from having functional software security initiative capabilities.