Introducing OWASP SAMM at a Fortune 500 company: Lessons Learned
Aram Hovsepyan
CodificCEO
Abstract
Software security is an essential concern worldwide and as the saying goes: you don’t manage what you can’t measure. Measurability stands as one of the foundational principles of OWASP SAMM. SAMM is open source framework that is technology, process and organization agnostic. These fundamental qualities have convinced us to implement SAMM across our entire organization. Despite encountering a few challenges along the way, SAMM has proven its worth by delivering on its promises. It has become a cornerstone of our security assurance programme.In this presentation, we are excited to share our experiences and the valuable lessons we’ve gained from implementing SAMM.
Speaker bio
Aram is the founder, CEO of Codific and a security and privacy expert. He has over 15 years of professional experience in designing and building complex software systems by explicitly focusing on security. He believes application security is a holistic discipline. Aram has a PhD in cybersecurity from DistriNet, KULeuven which provides him with a broad knowledge of the security landscape. Throughout his academic years he has mainly focused on privacy threat modelling and streamlining the LINDDUN methodology.