OWASP SAMM vs BSIMM: Which Maturity Model Reigns Supreme? скачать в хорошем качестве

OWASP SAMM vs BSIMM: Which Maturity Model Reigns Supreme?

Today, I'm joined by Nariman Aga-Tagiyev, a seasoned cybersecurity architect and threat modeling coach, bringing over two decades of experience in the software development industry. As the founder of SecureHabits, he’s on a mission to help software manufacturers mature their secure software development lifecycle. Nariman is a familiar face at OWASP Netherlands Chapter events and an active contributor to projects like OWASP SAMM and the Security Champions Maturity Model. His work bridges the gap between theory and practice, empowering teams to build security into their culture - not just their code. In this episode, we dive into a memorable "battle" Nariman had at the RSA conference, where he argued both sides of the SAMM vs. BSIMM debate—mostly with himself, after BSIMM expert Caroline Wong couldn’t attend. We also explore why organizations often skip the foundational steps before rushing to buy security tools, why true maturity is so rare, and what the new regulatory frameworks like the Cyber Resilience Act mean for businesses in the EU. Dive right in! Connect with Nariman:   / aganariman   Connect with Alexandra:   / alexandra-charikova   This podcast is brought to you by Escape: https://escape.tech — Modern DAST built to test for business logic instead of missing headers Mentioned Nariman’s AppSec services: https://securehabits.nl/ Nariman’s RSA presentation: https://www.rsaconference.com/Library... OWASP SAMM: https://owasp.org/www-project-samm/ BSIMM: https://www.blackduck.com/services/se... Cyber Resilience Act: https://digital-strategy.ec.europa.eu... OWASP AI Exchange: https://owaspai.org/ Book Atomic habits by James Clear: https://www.amazon.com/Atomic-Habits-... Chapters 00:00 Introduction 01:09 Nariman's Background 02:22 Introduction to Software Assurance Frameworks 04:34 Understanding Application Security Maturity 07:15 Comparing OWASP SAMM and BSIMM 09:57 The Importance of Secure Software Development Lifecycle 12:27 Navigating European Legislation and Compliance, Impact of CRA 14:49 Community Involvement in Software Security 17:53 Integrating Maturity Models in Organizations 23:42 Strategic Planning and Implementation 25:53 Tailoring Frameworks for Organizational Maturity 26:56 Industry-Specific Adaptations and Compliance 28:39 The Role of AI in Security Practices 29:59 Maturity Models and AI Development 32:45 Assessing Organizational Maturity in Security 36:08 Common Pitfalls in Security Practices 39:32 The Most Overrated Buzzword 42:12 Building Habits for Security Success