Abstract
These days, most organizations have identified a need for a Software Security Assurance (SSA) program, but many are stymied in their infancy by challenges such as lack of resources, difficulty to sell it upward/across the organization, questions about where to start first, and inability to show benefit to the business. This talk will present a step-by-step plan to build an SSA program that addresses all these challenges. Not only is the plan easy to understand and follow, it has been successfully used with organizations across industry verticals including financial services, retail, high-tech, and government. This plan combines resources from OWASP and other sources (with examples) to set any organization on the path to SSA success.