Upload
gerard
View
55
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Avoiding the Pitfalls of Secure SDLC. Succeeding with Automation. Introductions. Status Quo. Where we find flaws today. Highest ROI. Look familiar?. Relative cost to fix, based on time of detection. Source: NIST. February 2012 Report from Quocirca. Results of an Open SAMM Assessment. - PowerPoint PPT Presentation
Citation preview
Avoiding the Pitfalls of Secure SDLC
Succeeding with Automation
Introductions
Status Quo
Requir
emen
ts / A
rchite
cture
Coding
Integ
ration
/ Com
pone
nt Tes
ting
System
/ Acc
eptan
ce T
estin
g
Produc
tion /
Pos
t-Rele
ase
1x6x
11x16x21x26x31x36x
Rel
ativ
e co
st to
fix,
bas
ed o
n tim
e of
det
ectio
n
Source: NIST
Highest ROI
Where we find flaws today
Look familiar?
February 2012 Report from Quocirca
Results of an Open SAMM Assessment
Problems with Verification
Security Requirements
42%
58%
Not covered by scannersCan be caught by scanners
Scaling: Self-Serve
Solution: Automated, Criteria-based
Requirements Generation
Context
Matched Against Rules
Generates Threats
Matched Against Rules
Which Have Countermeasures
Apply the context for specific guidelines
And (Optionally) Import into ALM
Program Justification:$4k to find vuln in
production
[email protected]@sdelements.com