Rugged Software was an attempt to get application security unstuck and beyond the .0001% who were already seeking more defensible infrastructure. Over the past 3 years of experimentation, working outside of the security community, and this spring's Rugged Summit... now is the time to bring Rugged to the OWASP community.
Our dependence upon software is growing at a rate faster than our ability to secure it. While it's disappointing to see routine compromises by 13 yr old SQLi attacks, it is far more serious to see vulnerable SW permeate our cars, our critical infrastructure, and even our bodies (via medical devices). Despite excellent and valiant technical advances within the security community, the broader business and development communities remain largely unchanged.
This is more than a technical issue, but also a cultural challenge.To the business, "Security" has become a toxic and dirty word for at least 2 reasons: 1) It is a cost and 2) it is often an inhibitor - preventing the business from doing things it wants to do. People don't care how to do something until they know why it matters or how it is valuable.
This talk will explain the success that Rugged has had in driving more business value and adoption of security. We'll attempt to clear up misconceptions and apprehensions - as well as contextualize how Rugged complements existing bodies of work. We will explain how Rugged has found in DevOps an unexpected ally, blueprint, and invitation to have more substantive impact. Lastly we'll introduce and discuss the just-published "Rugged Handbook" straw man - and invite it to be beaten/enhanced.