Marco Mirko Morana

Marco Mirko Morana

My career in cyber-security spans more than 20 years working in different roles and industry sectors. As a author, besides co-authoring the book on risk centric threat modelling I wrote a book on application security risk management for CISOs and several white papers covering application and software security topics.

Software Security Initiatives

Date:

This presentation outlines how to initiate a software security program within an organization using a maturity-based, metrics-driven approach. It suggests evaluating the current maturity level, establishing security standards and processes, and integrating security practices across the software development lifecycle (SDLC). Key metrics to monitor include the percentage of issues identified and resolved at each phase of the lifecycle, the average time to remediate vulnerabilities, and vulnerability density.

You can download the presentation slides from here