7 Building a roadmap

This chapter covers

  • Determining an organization’s current application security posture
  • Identifying the gaps and the immediate needs of the organization
  • Developing a roadmap that addresses the short- and long-term goals

Congratulations! You’ve been put in charge of the application security program at an organization. Your mission, should you choose to accept it, is to bring secure software development to the organization with minimal budget and a small team. Where do you begin? A lot of this depends on whether you are starting from scratch or whether there’s a program that already exists. For the remainder of this chapter, I will assume that you are starting from scratch. Many of the concepts hold regardless.

Often, if you ...

Get Application Security Program Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.