Governance includes those practices that help organize, manage, and measure a software security initiative. Staff development is also a central governance practice.
The Strategy & Metrics practice encompasses planning, assigning roles and responsibilities, identifying software security goals, determining budgets, and identifying metrics and software release conditions.
Learn moreThe Compliance & Policy practice is focused on identifying controls for compliance regimens such as PCI DSS and HIPAA, developing contractual controls such as SLAs to help control COTS software risk, setting organizational software security policy, and auditing against that policy.
Learn moreTraining has always played a critical role in software security because software developers and architects often start with little security knowledge.
Learn more