SAMM for Devs: What’s in it for Me?
Clemens Hübner
Abstract
To developers, security frameworks often feel like top-down friction and annoying additional work. This talk tries to flip the script, showing how to transform OWASP SAMM activities from an audit checklist into an engineering enabler. We’ll explore the developer’s “What’s In It For Me?” and demonstrate how to pragmatically tailor SAMM activities to reduce rework, automate feedback, and seamlessly integrate security into daily dev workflows.
Speaker bio
For more than fifteen years, Clemens Hübner has been working at the interface between software and security. After working in pentesting and as a software security engineer, he started focusing on building secure development processes. Today, he supports development organisations, focussing at conception and implementation level, advises on DevSecOps, and gives trainings.