AppSec Israel 2016

There are many different security development lifecycles (SDLC) frameworks in the modern world. However, a fully implemented SDLC program is often represented as heavy, time-consuming and not suitable to Agile development methodology. We’d like to break the myth and show how a very comprehensive security program, managed by a dedicated security office, can be successfully integrated in agile development project on a real case example.

We’ll shortly describe the main challenges, and the techniques and procedures helping to overcome the challenges. We’ll present the Security Lifecycle Management (SLM) Framework developed and used in HPE SW in the last three years, and describe how it integrated into development of new SaaS based fully agile developed product, with emphasis on main activities and roles. As a part of the presentation we would like to highlight the importance of the proper program management and role of the PMO and how it became a key success factor in the effective security program implementation.