Spotlight on BSIMM Annual Conference: What You Need to Know

Secure Product

Publish Date

Oct 22, 2019

Written by

ZN Logo for Blog


Tagged with

  • BSIMM10

This year’s three-day BSIMM Annual Conference, from October 21-23, brings a wide range of software security experts together in what is expected to be a powerhouse of workshops, presentations and guest speakers. From developing strategies to managing change, professionals from a variety of leading organizations will pool their understanding and experience to shed light on software security initiatives, including how to evolve these digital transformation efforts over time.

On the final day of the conference, Wednesday October 23rd, ZeroNorth’s own Chief Technology Officer, John Steven, will share his extensive knowledge on “What New BSIMM Activities Mean for Your Digital Transformation.” He will cite examples and data from the new BSIMM10 study he co-authored, the most recent version of the Building Security in Maturity Model announced in September of 2019. In this morning session, John will discuss the impact of DevOps on software security, including:

  • How do engineering-led security cultures work in practice?
  • Has DevOps culture changed what security does, how it’s done—or both?
  • As an industry, are we getting any better at this?

Using concrete data pulled from over 120 highly visible organizations, including Home Depot, Wells Fargo and Aetna, John will provide a framework for companies looking to mature their security programs using best-in-class firms as a point of reference, while also offering actionable recommendations to follow.

For John, one of the most important themes to emerge from the study, as well as research by Gartner, is more interest in engineering-led efforts to create a security culture that collaborates across separate teams. In this way, engineering and development can drive security forward in the products they develop. Organizations are experiencing significant changes to the way they execute many existing activities via cloud-native technologies and with DevOps culture as well, and John plans to build on last year’s DevOps study by illustrating how engineering-led security initiatives differ from plain governance.

Together with other important findings, John will develop a clear picture of how organizations are conducting “software-defined security governance” in today’s landscape—and more specifically, how fresh actions and changes can alter the way digital transformation initiatives are implemented. Where to start, what tools to use and/or build and how to achieve greater impact by thinking beyond traditional engineering efforts.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


Meet Your New CPSO: The Next Generation of Product Security

By ZeroNorth Feb 24, 2021

Over the past ten years, rising security breaches within leading companies have continually reinforced the need for a chief information security officer, or CISO, to protect ...

Read More

Continuous Security

It’s Time to Understand Risk in The Software Supply Chain

By ZeroNorth Feb 2, 2021

By now, everyone has heard about the malicious December 2020 attack on SolarWinds’ Orion software platform, which affected the US Treasury, US Department of Commerce and ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.