[OWASP-Bangalore] Who is responsible for Application Security inthe SDLC?

McGovern, James F. (P+C Technology) James.McGovern at thehartford.com
Wed Jun 2 09:55:51 EDT 2010

Hopefully this presentation will discuss the following:
- Responsibility for Application Security as described in SAMM vs what
this speaker may state as a different answer
- Industry analyst research that he thinks does a particularly good job
of answering this question
- How much training is enough? Are cheaper forms of training such as
couple hour webinars sufficient


From: owasp-bangalore-bounces at lists.owasp.org
[mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Don
Sent: Tuesday, June 01, 2010 12:10 PM
To: owasp-bangalore at lists.owasp.org
Subject: [OWASP-Bangalore] Who is responsible for Application Security
inthe SDLC?

As members of OWASP, this webinar might not be for you - as you already
know about the importance of security in web-applications - but what
about getting others involved? Ever wanted to get your Program Managers
a little more familiar with the principals of secure coding? How about
QA or the Architects?  And what about the Team Leads and certainly the
new Developers who you'll be working beside.


Why not suggest that they attend a webinar specifically tailored for


Software Development Lifecycle?

Sponsored by: SCIPP International


WHEN: Live, June 3rd, 2:00 EST, or anytime after via Webcast


SPEAKER: Dow Williamson, CISSP, CSSLP, Executive Director of SCIPP


REGISTER: For Webinar version click here
<http://www.brighttalk.com/webcast/20658> , for recorded Webcast
version, click here <http://www.brighttalk.com/webcast/20658> 


About This 45-Minute Webinar

You will hear that application security is a "finger-pointing" blame
game.  Traditional Security staff claim that it's the responsibility of
the Developers.  Developers say security is not mandated in the design
specs.  And, Program Managers think security has to do with patches and
virus scanners. No one seems to know who is responsible - and typically,
no one steps up and takes responsibility. 

This webinar will explore how to change all of this through a
three-tiered approach - Awareness, Training, and Education. Depending on
your role within the SDLC, you have some responsibilities for security -
but to what extent is determined by various factors. Some may just need
to be familiar with the fundamentals of secure coding, while others may
need in-depth training - while even others may want a formalized
education and possibly receive certification of their skills and

About the Speaker:
Dow Williamson, CISSP, CSSLP, Executive Director of SCIPP International

Dow Williamson has 20+ years of experience in the information security
and secure enterprise software industry. His career includes several
years with (ISC)2, RSA Security, Sun Microsystems, and as the head of
cyber security for the U.S. nuclear war plan at the Air Force's
Strategic Air Command and later at the United States Strategic Command
(USSTRATCOM). In his current role at SCIPP International, one of his
focuses is ensuring that all SCIPP certificate of training programs are
ANSI-accredited in accordance with the latest American National


Sponsored by: SCIPP International

SCIPP International is an ANSI-accredited, global non-profit
organization dedicated to solving information security problems where
they need to be solved - at the human level.  Based in Vienna, VA, with
offices in London and Hong Kong, SCIPP International delivers
information security awareness, training, and certification programs
throughout the world. 


SCIPP International was formed to develop, define and promote best
business practices for security awareness training with a singular focus
on increasing understanding and instilling positive behavioral changes
as they relate to protecting information assets.


To unsubscribe from SCIPP Alerts, click here
ocVROycYxqKGN5TotVqYrBzgbA> .


Don Cochran                                   

SCIPP International

1964 Gallows Road, Suite 320

Vienna, Virginia 22182

United States of America


+1 703.637.4422 (Direct)



            SCIPP International

"The Security Awareness Certification Company"



This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100602/f48b73b2/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2320 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100602/f48b73b2/attachment.jpe 

More information about the OWASP-Bangalore mailing list