As a developer, you are obligated to deliver secure code. Your customers are probably placing requirements on you that you adopt OWASP Top 10 and SANS Top 25 best practices. What are they and why do they matter to you? How do you address them? How do you handle them across multiple teams? Do they apply to open source or 3rd party components you consume? At OSIsoft, we’ve adopted the Microsoft Security Development Lifecycle (SDL) and use an internally developed scorecard system to measure teams on best practices for writing secure code. We’ll share what’s behind our scorecard system and how it’s helps us to continue to evolve.

Technologies and Components Included in this Presentation: Microsoft Security Development Lifecycle (SDL), Static Analysis Security Tool (SAST), Dynamic Analysis Security Tool (DAST), Software Component Analysis (SCA), Fuzzing, OWASP Top 10, CWE/SANS Top 25