Between helpful guidance and overwhelming information: 5 lessons learned when kickstarting security with SAMM
Clemens Hübner
inovex GmbHSoftware Security Engineer
Abstract
In the last two years, we started using OWASP SAMM at several clients with multiple teams. In this talk, we will report our experiences with the framework from the perspektive of different teams with various maturity. We will discuss the guidance SAMM offers, the biggest issues when ramping up a new organization and things we do different today than we did some years ago. The talk gives some perspectives of security professionals relatively new to SAMM and hopefully will contribute to some discussions afterwards.
Speaker bio
For more than ten years, Clemens Hübner has been working at the interface between software and security. After roles as a software developer and in penetration testing, he joined inovex in 2018 as a software security engineer. Today, he supports development projects at the conception and implementation level, trains colleagues, and advises on DevSecOps.