Developers and Application Security: Who is Responsible?

In early 2014, an alliance of security organizations including Cigital, DevOps Weekly, DevOps Days, HP, Sonatype, DevOps Cafe and the Trusted Software Alliance sponsored a study to determine who is responsible when it comes to security within the development lifecycle. We will present the results of our findings. The presentation will include open discussion with sponsors of the survey, highlighting some of the disturbing findings and how we can begin to build security assurance into the SDLC.

Each attendee will receive a copy of the survey along with analysis notes.

Over the past year, I have become more concerned about software vulnerabilities we unknowingly allow into our homes and lives. What are the implications of networking our kitchen appliances, embedding open source components into everything that we touch? Why are we allowing unmoderated access to our personal information just to play simple games on our mobile devices? What does it mean to have unmonitored computer components running your car? Who is managing and validating the components that now make up 90% of most major software applications?

I am building a community of DevOps and AppSec practitioners that acknowledge these issues through the use of multiple platforms (video, podcasts, surveys, advocacy programs) to promote the active monitoring of open source, component based projects.