We all know that behind every breach story in the press is an organization that probably should have done more to build secure software. Yet, organizations struggle mightily to focus resources on building software securely from the outset and, as a result, software security remains an after the fact “nice to do” and not a “have to do” activity in many organizations. How can organizations determine the right sets of activities or appropriate resource allocation levels that it should undertake to adequately address software risk? Organizations can make these determinations by benchmarking via OWASP’s Open Software Assurance Maturity Model (OpenSAMM) framework.
A coalition of leading application security industry vendors recently contributed benchmarking data in order to enhance OpenSAMM and its assessment framework. These efforts will enable organizations to step up their software security game and identify hurdles by using OpenSAMM as a powerful benchmarking tool. John will provide details on an ongoing industry effort to improve OpenSAMM by providing more comparative data to encourage broader use throughout industry.