Opening Keynote - Flipping the script: Fighting Advanced Threats at their Software Roots
by Eric Baize, Chairman of SAFECode

Abstract:
For almost two decades, software security practitioners have successfully defined advanced techniques and tools that can effectively be applied to develop secure software. Yet, all recent major security breaches can be linked to a software vulnerability - either left unpatched or a zero day – that made the attacker's job easier. Today, with tens of millions of developers creating code for all kinds of software-enabled devices, mobile apps and cloud services, it is time to expand the fight against advanced threats and focus on how to scale software security.
Scaling software security will require expanding the security conversation beyond developers. This talk will challenge the entire software ecosystem to play their part in building more secure software and deliver software security at scale. Learning from the collected real-world experience of SAFECode's members, we will review short term strategies for development organizations to adopt a secure software development process. For the longer term, we will discuss the drastic changes required in how we teach, develop, test, govern and purchase software-based products to permanently change the software culture and deliver software security at scale.

Eric Baize
SAFECode
Chairman
Eric Baize – Chairman of SAFECode and Vice President, Product Security, Dell EMC Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity throughout the supply chain. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager


Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...