Product security specialists have a constant challenge in meeting their goal of "building in" rather than "bolting on" security. Rocks abound in the development stream - some are easy to spot and navigate around, while others lurk just below the surface. How does an organization (successfully) navigate through these troubled waters? In this session you will learn some navigational techniques to help you avoid crashing your boat upon the rocks in the software development lifecycle, with case studies of the application of upstream (development) and downstream (response) activities and the impact those actions had on the journey of the product.