· How we define risk
· What is at risk, how we approach it and how we address it
· What are the costs of application security and software security?
· Data from a case study: build the business case with ROSI
· Secure Software Development Life Cycle: How do we get there?
· Secure Software Development Life Cycle: Is People, Process, Technology
· Security-Enhanced Lifecycle Process Models Compared: CLASP, MS SDL, McGraw TP, SEI TSPSM
· Security Frameworks: Mapping Activities and Software Security Best Practices
· Business Risks and Technical Risks: Review the business case and commit to it
· Summary: Take away lessons
· Resources: Foundstone Links
Thursday, July 13, 2006
BlackHat 2006 Presentation Outline