Secure software development frameworks and methodologies have been around for 20 years. Yet, despite many companies committing to them, we still have vulnerable software that enables devastating cyberattacks. Therefore, many organizations question the value of secure software development processes and do not know how to organize their software development to be secure-by-design.
In this talk, we will present the insights we gained from a series of qualitative and quantitative studies with software developers and software security experts. We will discuss what practices and assessment approaches work best for secure software and what does not deliver security according to the experts we talked to.
