This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

AppSecEU08 Software Security State of the Practice 2008

Jump to: navigation, search


Using the framework described in my book “Software Security: Building Security In”---built around the three pillars of software security: risk management, the touchpoints, and knowledge---I will discuss and describe the state of the practice. This talk is peppered with real data from the field, based on my work with several large financial services companies as a Cigital consultant. Really, the software security field is just getting started, but we are making important forward progress, and the future looks bright.

More information: