The Purple Book Community presents its latest global initiative:

Journey to AppSec Maturity

Abstract

As the nature of software development and cyber threats evolve, software security faces mounting obstacles to success. Frameworks, tools, programming languages, and teams are ever-changing, and intensifying attacks present an increasing risk to organizations.

Mature application security programs are essential to protecting software in today's dynamic environment, but the Journey to AppSec Maturity is beset with challenges.


To help guide security professionals and their programs on the path to success, The Purple Book Community has embarked on a new global initiative:

  • Creating powerful educational resources
  • Engaging hands-on with software security and development teams
  • Developing a modern and practical model for assessing application security maturity that considers technical, cultural, and organizational factors

Join us on the Journey.

Get Involved

Oops, I feel you need to check the number
Oops, I feel you need to check the number
Oops, I feel you need to check the number
Oops, I feel you need to check the number
Purple Book Community is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:
View more
Thank you!
Your message has been received and we'll be in touch with you shortly. A confirmation receipt will be sent to the email address you listed.
Return Home
Oops! Something went wrong while submitting the form.

Journey to AppSec Maturity: Dialogue at RSA

On April 18th 2023 The Purple Book Community's security experts and guests led a special LinkedIn Live broadcast to discuss how to effectively measure the maturity of application security programs, and the pressing need for a new forward-looking and scalable maturity model.

Session Videos

Session 1: Dustin Lehr
11:00 AM - 11:15 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Dustin Lehr -Senior Director, Platform Security, Fivetran
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 2: Mithun Rajoor & Nitin Raina
11:15 AM - 11:30 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Mithun Rajoor - Head of Application & Infrastructure Security (AIS), S&P Global
Nitin Raina - CISO, Thoughtworks
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 3: Maria Schwenger
11:30 AM - 11:45 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Maria Schwenger - Partner, Cloud Native Build Practice Leader, IBM
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 4: Helen Umberger & Pratik Savla
11:45 AM - 12:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Helen Umberger - DevSecOps, The Standard
Pratik Savla - Principal Cybersecurity and Compliance Business Partner, Synaptics
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 1: Rick Doten & Erica Anderson
12:00 PM - 12:15 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Rick Doten - VP, Information Security, Centene Corporation
Erica Anderson - Co-Founder & COO, SafeStack
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO, We Hack Purple Community
Session 2: Mohit Kalra & Pratik Savla
12:15 PM - 12:30 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Mohit Kalra - VP of Security, Typeface
Pratik Savla - Principal Cybersecurity and Compliance Business Partner, Synaptics
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO, We Hack Purple Community
Session 3: Lucas LaFrance & Swathi Joshi
12:30 PM - 12:45 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Lucas LaFrance - SVP Information Security, PlanetArt
Swathi Joshi - VP, SaaS Cloud Security, Oracle
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO at We Hack Purple Community
Session 4: Aruneesh Salhotra & Maria Schwenger
12:45 PM - 1:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Aruneesh Salhotra - Fractional CISO, SNM Consulting Inc
Maria Schwenger - Partner, Cloud Native Build Practice Leader, IBM
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO at We Hack Purple Community
Session 1: Aruneesh Salhotra & Russell Ragar
1:00 PM - 1:15 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Aruneesh Salhotra - Fractional CISO, SNM Consulting Inc
Russell Ragar - Head of Security, Snapdocs
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 2: Brook Schoenfield & Avi Douglem
1:15 PM - 1:30 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Brook Schoenfield - CTO & Chief Security Architect, Resilient Software Security
Avi Douglen - Founder and CEO, Bounce Security
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 3: Pratik Savla
1:30 PM - 1:45 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Pratik Savla - Principal Cybersecurity and Compliance Business Partner, Synaptics
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 4: Mark Markow & Robert Hurlbut
1:45 PM - 2:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Mark Merkow - Application Security Engineer, Freeport McMoRan
Robert Hurlbut - Principal Application Security Architect Threat Modeling Lead, Aquia Inc
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 1: Chitra Dharmarajan & Valmiki Mukherjee
2:00 PM - 2:15 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Chitra Dharmarajan - Senior Director, Security & Privacy Engineering, Okta
Valmiki Mukherjee - CEO & Founder, Cybrize; Chairman & Founder, Cyber Future Foundation
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
Session 2: Prabhat Karanth & Viraj Gandhi
2:15 PM - 2:30 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Prabhath Karanth - Global Head of Security & Trust, Navan
Viraj Gandhi - Product Security Manager, SailPoint
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
Session 3: Cassie Crossley
2:30 PM - 2:45 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Cassie Crossley - VP Supply Chain Security, Cybersecurity & Product Security Office, Schneider Electric
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
Session 4: Maria Schwenger
2:45 PM - 3:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Maria Schwenger - Partner, Cloud Native Build Practice Leader, IBM
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc