Conference Venue: RAI Amsterdam, Europaplein 24, 1078 GZ Amsterdam, The Netherlands

Book Hotel click HERE
Back To Schedule
Thursday, September 26 • 2:35pm - 3:20pm
Secure Agile development according to SAMM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk presents the work that has been done to extend SAMM with agile guidance. SAMM is OWASP's flagship project on how to setup and grow a secure development process. It wants to be agnostic of the type of development approach, which is why agile was not covered. Nevertheless, there appears to be a strong need in the industry for guidance on how to make secure software development work in an agile environment. Together with the SAMM working group, industry colleagues and clients, I have been working on extending SAMM with such guidance. How do you squeeze all the necessary activities in a sprint, e.g. requirement selection, threat modeling, verification? What do you do with stories, with abuse stories and with the definition of done? How do you get security teams and developers to co-operate instead of just setting up quality gates? Based on studying many organizations on what works and what doesn't work, by doing interviews and by looking into the many publications on this topic, a straightforward set of 'Agile' notes were written and validated. The results will be published with an upcoming SAMM update.

avatar for Rob van der Veer

Rob van der Veer

Principal consultant, Software Improvement Group
Rob is founder and leader of the security and privacy practice at SIG, providing key insights to organizations worldwide to get software right. Rob has a long background in the software industry, from being a programmer to 9 years of holding CEO positions. Cybersecurity and privacy... Read More →

Thursday September 26, 2019 2:35pm - 3:20pm CEST