Today, every company is a software company.
Tesla, Coca Cola, Goldman Sachs, and John Deere are run by software applications. Software is a source of competitive advantage and a central pillar of an organizational strategy, and so delivering it quickly usually gets priority over delivering it securely.
As software development and cyber threats evolve, software security faces increased challenges. Agile DevOps, cloud, microservices, and open source have all dramatically accelerated application delivery and complexity. Application security, infrastructure security, and cloud security are getting more intertwined, creating a complex security posture that needs to be managed and protected. On their Journey to AppSec Maturity (JTAM), organizations are looking for a map to chart a course for a success.
Earlier this year, several Purple Book Community members organized community meetups to discuss current AppSec and Software Security maturity models. After much research and dialogue, a team assembled to build upon these existing models, creating a new Scalable Software Security Maturity Model (S3M2). The existing models are great at what they are designed for. This model seeks to fill some of the additional needs the community members felt that they need a new model for.
This is a 100% Community-driven model, developed by a team of AppSec experts from diverse industries for the benefit of the broader security community.
Read this blog to learn how S3M2 is designed.
The 0.5 version of this model was launched at AppSecCon 2023, and we are now seeking community input to make it more comprehensive and robust. We are also seeking participation from more security experts to join the core team to mature this model further.
We will also be organizing virtual and in-person workshops at regular intervals (once or twice a month) between now and December. We seek your participation in these 3 hour workshops as well. Dates are yet to be determined and will be decided based on interest level from each city.
Please fill out the form on this page to express your interest.