FOR ALL
Updated 255 days ago
It aims to pull together learnings from several years of creating and managing an Application Security Program at Ribbon Communications (and Sonus Networks before that). I hope to bring in insights from others, but to start it is a one-person show...
The web site does reference different vendors by way of example. This is not intended as an endorsement of one vendor over another; the specific examples sited are largely a reflection of my experience...
Does the world need yet another high-level statement of how to do application security? A number of other such frameworks are presented for reference: Other Frameworks. Of course the desired final state is much the same.