Developing a Software Security Assurance Program

For decades technology has been an obvious key to competitive advantage across nearly every industry. Whether organizations develop new technology in-house or leverage third-party solutions, software vulnerabilities provide another attack vector for cyber criminals. Organizations are reacting by developing a software security initiative to manage the risks related to software vulnerabilities.

This session will review some of the emerging industry practices in managing software security risks, including application penetration testing, static code analysis, software security testing, vendor assessments, security architecture reviews and developer training.


Kabir Mulchandani is a Managing Principal at Cigital. He has more than 17 years of experience in information security and management consulting. Kabir has expertise in developing and managing information security risk management, vendor management, software security assurance and Governance, Risk and Control (GRC) programs.  Kabir leads Cigital’s Mid-Atlantic practice and focuses on enhancing the efficiency and effectiveness of software security programs.

Click here to view the presentation slides.

Leave a Reply