PDUG Meetup. SSDL for leaders: how to transfer a team to safe development and not shoot yourself in the foot

Software security is becoming an essential component of its quality. However, the traditional development process does not always allow you to create secure applications from scratch, and eliminating vulnerabilities in ready-made software requires serious time and material costs. Embedding Secure Software Development Lifecycle in the overall software development cycle comes to the rescue. Already there are a number of techniques, real cases have accumulated, but an exhaustive guide that would guarantee the successful transition to SSDL does not exist.

So how do you implement SSDL practices and not lose control of the situation? What to do yourself and what to teach your specialists?

These and other issues can be discussed on November 25 at the Microsoft Technology Center, where PDUG Meetup will take place: SSDL for Management - a meeting for heads of R&D and information security departments managing large projects and development teams.

The event will be devoted to the exchange of real experience in implementing SSDL practices. During the reports and open discussion, many hot topics will be discussed: resource planning, organizational measures before, during and after implementation, problems of monitoring changes and evaluating the effectiveness of SSDL projects, communication and motivational difficulties.

The program of the meeting includes speeches by Valery Boronin, head of the decision-making department for building the safe development process of Positive Technologies, and Stas Pavlov, Microsoft technical evangelist.

In addition, the meeting will present cases on building a secure development process using Microsoft TFS tools and PT Application Inspector SSDL Edition for analyzing the security of web applications.

The event is free, but the number of seats is limited. To participate, submit an application .