Opening Keynote - Flipping the script: Fighting Advanced Threats at their Software Roots

No ratings

Presented at owaspapseccalifornia 2018 by

Eric Baize

Abstract: For almost two decades, software security practitioners have successfully defined advanced techniques and tools that can effectively be applied to develop secure software. Yet, all recent major security breaches can be linked to a software vulnerability - either left unpatched or a zero day – that made the attacker's job easier. Today, with tens of millions of developers creating code for all kinds of software-enabled devices, mobile apps and cloud services, it is time to expand the fight against advanced threats and focus on how to scale software security. Scaling software security will require expanding the security conversation beyond developers. This talk will challenge the entire software ecosystem to play their part in building more secure software and deliver software security at scale. Learning from the collected real-world experience of SAFECode's members, we will review short term strategies for development organizations to adopt a secure software development process. For the longer term, we will discuss the drastic changes required in how we teach, develop, test, govern and purchase software-based products to permanently change the software culture and deliver software security at scale.