Abstract
Join us for a comprehensive exploration of the challenges faced during the ambitious journey of implementing the OWASP Software Assurance Maturity Model (SAMM) within a Fortune 500 company. This session will offer an honest and detailed account of the significant pitfalls encountered throughout this complex process. Despite thorough planning, the organization encountered unexpected obstacles, such as organizational resistance, difficulties integrating with existing processes, and strategic misalignments.
Initially, securing buy-in from key stakeholders proved challenging, highlighting the crucial need for early engagement and effective communication. Furthermore, integrating SAMM into existing workflows exposed unforeseen compatibility issues, disrupting productivity, and impacting team morale. These difficulties were exacerbated by unclear initial project scope and objectives, leading to misallocated resources and project delays.
By examining these setbacks, we aim to extract valuable lessons that can inform other organizations in their software assurance endeavors. Attendees will gain insights into the corrective actions necessary to realign the implementation strategy, including refining communication channels, establishing effective metrics and KPIs, adopting more adaptable integration methods, and developing a comprehensive change management plan. We will also address the cultural barriers encountered and the strategic initiatives implemented to promote a security-first mindset across diverse teams.
Ultimately, this presentation will provide attendees with a deeper understanding of the complexities involved in scaling SAMM. We will offer practical insights and strategies to help other organizations avoid similar pitfalls and navigate their own SAMM implementation journeys, ensuring a smoother transition towards enhanced software assurance and security practices.