In this second post of two, we’re carrying on our discussion about how we can measure our security maturity. There are a couple of distinct approaches to this emerging: lifecycle security maturity, and product security maturity.
What came first: security built into your software development lifecycle or security built into the design and implementation of your code?
When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.
As the dust settles on the release of the latest version of the OWASP Top 10, our team has been talking about the inclusion of insecure design on the list. Specifically, we’ve been thinking about what that means for everyone involved in the delivery of software products.
This is a big week for those of us in the application security industry. One of our iconic foundation organisations, the Open Web Application Security Project (OWASP), reaches its 20th anniversary and that’s a time for us all to celebrate.
<movie narrator voice> In a world where software... rules the... *cough* ... world and where hackers are the biggest threat the world has ever.... no wait One organisation stands alone... Together... with all developers.... and testers... architects.... ... at least 2m apart... ... but most likely online. ...or in animal crossing </movie narrator voice>