User day

Strategic use of OWASP SAMM and OWASP DSOMM

speaker picture

Timo Pagel


From a startup to a multinational corporation the software development industry is currently dominated by agile frameworks and product teams and as part of it DevOps strategies.

It has been observed that during implementation, security aspects can be missed. The OWASP Software Assurance Maturity Model and the OWASP DevSecOps Maturity Model, which are presented in the talk, show security measures which are applied when using DevOps strategies and how these can be prioritized. With the help of DevOps strategies security can also be enhanced. Under the guidance of the forward-looking DevSecOps Maturity Model, appropriate principles and measures can defend against attacks.

In this session Timo will give an introduction and answer questions like when to use OWASP SAMM and when and how to use DSOMM.

Speaker bio

Timo has been in the IT industry for over twenty years. After being a system administrator and web developer in his early times, he became involved in OWASP. He now advises his clients on DevOps security, either hands on or as a trainer, with the focus on security test automation for software and infrastructure.