This talk highlights important lessons in scaling the software security touchpoints described in the book Software Security and making them work efficiently and effectively in a global software security initiative. The talk will focus on the top three touchpoints, discussing tools, technology, people and processes for each:
These questions and others will be addressed head on using examples from the 95+ BSIMM firms and many years of real world experience. (Firms in the BSIMM include, Adobe, Aetna, ANDA, Autodesk, Axway, Bank of America, Betfair, BMO Financial Group, Black Knight Financial Services, Box, Canadian Imperial Bank of Commerce, Capital One, Cisco, Citigroup, Citizen’s Bank, Comerica Bank, Cryptography Research, Depository Trust & Clearing Corporation, Elavon, Ellucian, EMC, Epsilon, Experian, F-Secure, Fannie Mae, Fidelity, Freddie Mac, General Electric, Highmark Health Solutions, Horizon Healthcare Services, Inc., HP Fortify, HSBC, Independent Health, iPipeline, JPMorgan Chase & Co., Lenovo, LGE, LinkedIn, Marks and Spencer, McKesson, Morningstar, Navient, NetApp, NetSuite, Neustar, Nokia, NVIDIA, NXP Semiconductors N.V., Principal Financial Group, Qualcomm, Royal Bank of Canada, Siemens, Sony Mobile, Splunk, Symantec, Target, The Advisory Board, The Home Depot, The Vanguard Group, Trainline, U.S. Bank, Visa, Wells Fargo, and Zephyr Health.)