Building Secure Software Takes a Champion

Wednesday, October 30

3:00 PM - 4:00 PM

Location: Southern 5

Speaker(s)

Altaz Valani

Director of Insights Research
Security Compass

There may not be one single recipe for a successful product security program, but SAFECode members find that the most tried and true recipes do share many common ingredients. One of those ingredients is the use of security champions (SCs). A SC is a member of the development team uniquely empowered to support SDL execution and security activities on a daily basis. This session will provide guidance on how to build and sustain a successful SC program—based on the real-world experiences of SAFECode members. These insights will be of interest to anyone working to build a more security-supportive culture within their development organizations, whether they've already established, are considering one, or are hearing about it for the first time.

Learning Objectives:

Recognize what it means to be a software security champion (SC) and develop an SC job description, prioritize the right qualifications in hiring or identifying SCs, and define the SC’s relationship within both the security team and development teams.
Design a sustainable and effective security champions program that supports existing software security efforts. All recommendations are based on real-world experiences of SAFECode members and have been tested in the field. I’ll even cover some pitfalls to avoid so you can learn from our mistakes.
Avoid a splashy security champions program launch that quickly fizzles and instead execute a thoughtful program rollout designed for long-term success. Attendees will also walk away with key metrics for measuring SC program effectiveness over time.