People, Process, And Technology: Owasp Impact On The Swa Processes And Practices Working Group presented at OWASP Appsec 2010

by Michele Moss (Booz Allen HamiltonÕs Security Research Service),

Tags: Security Community

URL :,_Process,_and_Technology:_OWASP_Impact_on_the_SwA_Processes_and_Practices_Working_Group

Summary : Application security is an evolving field, and one that gets more complex each day as the threats and challenges increase. By integrating traditional process-improvement methods with application security considerations, rather than viewing application security as an afterthought, organizations establish the foundation to deliver security continuously throughout the lifecycle. This presentation will highlight the positive impact that OWASP efforts have had on the SwA Processes and Practices Working Group efforts to increase the adoption of application security practices through the use of people, process, and technology.

Michele Moss: Michele Moss is Lead Associate at Booz Allen Hamilton. She leads the development, integration, and benchmarking of security engineering and software assurance processes within Booz Allen’s Organizational Standard Processes. Michele assists government organizations with tailoring industry best practices and capability maturity models (CMMI, Assurance for CMMI, RMM, and SSE-CMM) to mature their systems/software development, operational, information assurance, project management, and support practices. Michele led the development and Booz Allen pilot of the Assurance Process Reference Model for CMMI. She provides expert support on ICT Supply Chain Risk Management and Software Assurance to DoD Trusted Mission Systems and Networks and is an active contributor to the evolution of International Cyber Security standards through the US Technical Advisory Group for ISO/IEC JTC1/SC7. She Co-Chairs the DHS Software Assurance Working Group on Processes & Practices and has spoken at multiple industry events on software assurance implementation, benchmarking and measurement. Michele holds a CISSP and CSSLP.