A New Software Security Maturity Model? What? Why? How?


An exciting first episode for our 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝘁𝗼 𝗔𝗽𝗽𝗦𝗲𝗰 𝗠𝗮𝘁𝘂𝗿𝗶𝘁𝘆 series: Thoughtworks CISO Nitin Raina rejoins us with co-host and prolific Purple Booker, The AppSec Elder Statesman himself, Brook Schoenfield. Exploring the state of today's application security programs we gain answers to the major questions our Journey to AppSec Maturity initiative prompts: what is a software security maturity model, why do we need a new one for the modern day, and how specifically would it be built? Enter operation codename 𝗦𝟯𝗠𝟮, The Purple Book Community's latest passion project

Nitin Raina
CISO, Thoughtworks
Nitin has close to 24 years of experience in performing IT, Security and Risk leadership roles for various organisations and serves as a global advisor tasked with prioritising and evaluating trade-offs and conflicts among various security initiatives within the realm of ThoughtWorks businesses. Proven leadership with key skills like security governance, compliance, budgeting, hiring, risk management, project management, mentoring, negotiation, and problem-solving skills demonstrated throughout his career.
Read Bio
Hide Bio
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Brook S.E. Schoenfield is the author/co-author of 6 books on software security and has contributed to numerous industry efforts including The Threat Modeling Manifesto. He originated “developer-centric security” and Just Good Enough Risk Rating. Over the last 20+ years, he has built and led multiple AppSec programs. He is currently CTO at Resilient Software Security and is also on the faculty of the University Of Montana.
Read Bio
Hide Bio

Watch the episode here

Available on:

Interesting Reads