...what is the activity that both OpenSAMM and BSIMM both consider to be the most important things with developing secure software? Pentesting? Code review?Note: emphasis kept from the original document.
Nope - it's having someone who is championing and driving software security within the organization. Having a group of folks who are ready and willing to shepherd and drive through all of the various changes to how the organization works over time. These are sometimes (in BSIMM in particular) referred to as the Software Security Group (SSG), and in many cases can be make or break in getting adoption and use of security initiatives within the organization.
After all of that, it turns out the best thing for software security in your organization may well be you...
Src: The Fallacy of Secure Software | fudsec.com
No comments:
Post a Comment