Aram Hovsepyan
1031
page-template,page-template-full_width,page-template-full_width-php,page,page-id-1031,bridge-core-3.0.2,qode-page-transition-enabled,ajax_fade,page_not_loaded,,vertical_menu_enabled, vertical_menu_hidden,vertical_menu_hidden_with_logo, vertical_menu_width_260,qode-title-hidden,side_menu_slide_with_content,width_470,qode-theme-ver-28.8,qode-theme-bridge,disabled_footer_top,qode_header_in_grid,wpb-js-composer js-comp-ver-6.9.0,vc_responsive

Aram Hovsepyan

Scaling the Application Security Program of a Fortune 500 Company with OWASP SAMM

Application security is the number one concern at any organization that develops software. While recognizing the problem is the first step, dealing with application security across all products, solutions and teams is extremely challenging. More importantly, there are no role models to learn from. Furthermore, despite being part of the solution, security tools might end up making the problems worse.

In this talk I will share Zebra Technologies’ journey in adopting the OWASP Software Assurance Maturity Model (SAMM) as their guiding framework for measuring and improving application security practices. While it was not a smooth ride, in the past three years we have seen remarkable improvements throughout all product and solutions teams. First of all, SAMM provided an objective framework to compare the different business units to each other. We have seen an immensely positive impact on awareness. Finally, SAMM scores across different business units correlated with the risk scores produced by the Nucleus Application Security Posture Management (ASPM) tool. Hence, we strongly believe that SAMM scores can be leveraged as predictors of general maturity in the SDLC.

Zebra Technologies is a Fortune 500 company with 40 different business units and IT teams developing and maintaining secure software applications and systems. Though you may not always see them, Zebra is everywhere. Whether it’s on that recently delivered package, or the water bottle you just scanned at the supermarket – even in the shoulder pads of NFL players, Zebra is there.

Aram is the founder and CEO of Codific – a Flemish cybersecurity product firm. With over 15 years of experience, he has a proven track record in building complex software systems by explicitly focusing on software security.
Aram has a PhD in Computer Sciences from DistriNet KU Leuven. His contributions to the refinement and streamlining of the LINDDUN privacy engineering methodology have been incorporated into ISO and NIST standards.
Aram is one of the core team members behind the OWASP SAMM project, which is an industry-standard AppSec management program.