Learn how to contribute data and improve software security using evidence-based standards to build assurance in from the get-go, with each and every build.
All too often, security is stuck in the 1960s doing slow desk checks, the results of which are out of date before the PDF report lands on an auditor’s desk. If developers see this report, they’ll find it’s full of hot garbage. Security folks must become agile, thinking like developers and helping build secure applications, not criticizing and using recommendations from the last century.
In this talk, you’ll learn how you can contribute data, offer better remediation advice, and use modern evidence-based standards such as the forthcoming OWASP Top 10 2020 and the OWASP Application Security Verification Standard 4.0 in your development pipeline. Security professionals have heard this all before, but we persist in doing the wrong things. Let’s not do security like it’s 1998; let’s build assurance in from the get-go, with each and every build.
What: Using Evidence-Based Security in Your Secure Development Life Cycle
When: Available on demand
Who: Andrew van der Stock, senior principal consultant, Synopsys