Product security specialists have a constant challenge in meeting their goal of "building in" rather than "bolting on" security. Rocks abound in the development stream - some are easy to spot and navigate around, while others lurk just below the surface. How does an organization (successfully) navigate through these troubled waters? In this session you will learn some navigational techniques to help you avoid crashing your boat upon the rocks in the software development lifecycle, with case studies of the application of upstream (development) and downstream (response) activities and the impact those actions had on the journey of the product.
Matthew Coles has over 20 years in system development with 10 years focused on product security at EMC. He likes to focus on practical ("applied") security solutions that can be used to proactively avoid and mitigate security risks. Matt has been involved in industry initiatives such as SANS Top25, SAFECode and has also taught software security at Northeastern University.
Tania Ward works as a Program Manager within EMC Product Security Response Center. With over 18 years in Software Program Management working for Microsoft, Milliman Care Guidelines to EMC. She has found her home in Vulnerability Response where she likes to leverage the power of data to drive for upstream improvements.