Grab the white paper for this presentation - http://bit.ly/1JJLO12 Stakeholders involved in the creation of the software within an organization have a vested interest in understanding and contributing to the process of building more secure software. Although roles can differ between company “headquarters” managers responsible for policy and software development teams in the field, a common set of fundamental practices can provide a starting point for process improvement. Those responsible for setting policy and held accountable for corporate IT governance are critical to successful software security initiatives. Those who are building software for internal consumers are driven by two major constraints – features and timelines. As a result, security is typically a secondary concern during software requirements development. To change the way large organizations build software, an enterprise-wide initiative is required. This is at its heart a reengineering of existing development processes. A set of common best practices that large organizations have used exists to make software security initiatives successful. At the most basic, these include taking a disciplined approach by characterizing the landscape, securing champions, defining standards and strategy, executing, and then sustaining the effort. These steps, tailored to your organization, will help ensure that your corporate-wide efforts to secure applications are as productive as possible. Nearly every successful software security initiative has included most of these common strategies.