Project Talk: OWASP OpenSAMM Project

Presented at AppSec USA 2013, Nov. 20, 2013, 1 p.m. (50 minutes)

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in: ◊ Evaluating an organization's existing software security practices ◊ Building a balanced software security program in well-defined iterations ◊ Demonstrating concrete improvements to a security assurance program ◊ Defining and measuring security-related activities within an organization SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project. Project Leader, Sebastien Deleersnyder, will be speaking about the project in depth in this talk.

Presenters:

• Pravir Chandra - Security Architect at Bloomberg - Bloomberg
  Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.
• Seba Deleersnyder - managing partner application security - Toreon
  Co-founder & managing partner application security at Toreon.com As application security specialist for more than 10 years, Sebastien has helped various companies improve their ICT-, Web- and Mobile Security, including BNP Paribas Fortis, Atos Worldline, KBC, NationaleNederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, co-project leader of the OpenSAMM project, served on the OWASP Foundation Board member (2007-2013) and performed several presentations and trainings on Web Application, Mobile and Web Services Security. Furthermore Sebastien co-organizes the yearly BruCON conference in Ghent (Belgium).

Links:

• https://appsecusa2013.sched.com/event/1b2Cfij/project-talk-owasp-opensamm-project

Similar Presentations:

• AppSec USA 2013 / Project Summit: Open SAMM Session
• AppSec USA 2014 / OpenSAMM Workshop Play-books, PCI-SAMM Matrix, Project QA Workshop
• Global AppSec - DC 2019 / SAMM