FOR ALL

It aims to pull together learnings from several years of creating and managing an Application Security Program at Ribbon Communications (and Sonus Networks before that). I hope to bring in insights from others, but to start it is a one-person show... The web site does reference different vendors by way of example. This is not intended as an endorsement of one vendor over another; the specific examples sited are largely a reflection of my experience... Does the world need yet another high-level statement of how to do application security? A number of other such frameworks are presented for reference: Other Frameworks. Of course the desired final state is much the same.