SecAppDev 2025 lecture details
Value Driven Security - A Roadmap to Business Alignment
Much of security today is generic best practices and checkbox olympics. Shame to waste resources on stuff noone really cares about! Better to map out the business' value streams, and invest efforts in protecting what is actually important.
Wednesday June 4th, 14:00 - 15:30
Room West Wing
Abstract
Before starting a journey, it’s wise to plan ahead. You want to understand where you’re going, how long it will take, and what you'll need. For a product security program, “lack of successful attacks” is often not the complete end goal nor a sufficient measure of success.
This talk will show how to turn an organization's security team from technicians going through a script, into proactive strategy-driven experts focused on generating business value. Based on high-level business context and constraints, we’ll see how to take a value-driven approach to optimize investment in security efforts.
Key takeaway
Strategic planning requires understanding your environment, your goals, and your challenges. Value-driven mapping techniques help you get there.
Content level
Introductory
Target audience
Security engineers, security and development managers, product managers
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat now
Avi Douglen
CEO and Application Security Specialist, OWASP Board of Directors, Bounce Security & OWASP
Expertise: Product security, Threat modeling, value driven strategy, and tigger-themed Dad jokes
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk..Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.
The Bug Bounty Effect: From DevSecOops to Success!
Deep-dive lecture by Emil Vaagland in room Lemaire
Tuesday June 3th, 09:00 - 10:30
Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.
Key takeaway: Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.
Reviewing 3rd party libraries security using Scorecards
Introductory lecture by Niels Tanis in room West Wing
Tuesday June 3th, 14:00 - 15:30
We rely on 3rd party libraries which results in security risks. OpenSSF’s Scorecard helps assess package security. This session explores its checks and additional insights to strengthen supply-chain security.
Key takeaway: Understanding how to leverage the OpenSSF Scorecard to review used 3rd party libraries more easily.