How do you evaluate the risk of running 250+ home-grown software assets developed over 30+ years and implemented using 20+ technologies when you have no overview and limited access to vulnerability data? How do you facilitate cultural change in 20+ teams so they align and take ownership of their software security? This case study answers these questions and more. We’ll look at a major public company, DSB, running critical infrastructure where increased compliance requirements and changes in the threat landscape called for better software security.
Learning Objectives:
Evaluate strategies for organizing a DevSecOps initiative in a decentralized organization with limited resources and a diverse system landscape.
Implement and support a data-driven and transparent process for identifying and managing risk of building and running home-grown software in a critical infrastructure context.
Develop strategies to facilitate and grow cultural change that enables and motivates software teams to take ownership over security and risk management.
