The Book
Explore Membership
S3M2Journey to AppSec Maturity
Resources
Resource LibraryAppSecConPodcastBlogState of AppSec 2023
Events
Upcoming Events
PBC Virtual -Women In Security Panel
PBC Virtual - AI in AppSec Panel
JTAM AWS ReInvent conference
Past Events
PBC Virtual - JTAM with  Mayank Joshi
Mumbai Chapter
PBC Connect - OWASP Global AppSec
Atlanta ChapterBengaluru ChapterNew Delhi ChapterNYC Chapter LaunchCyber SoireeWomen In SecurityDavos DialogueFirst LookSBOM
Black Hat 2024
Cyber Future Dialogue 2024
Contact Us
The Book
Membership
S3M2
Journey to AppSec Maturity
Resources
Events
Join Us

The Purple Book Community presents its latest global initiative:

Journey to AppSec Maturity

Abstract

As the nature of software development and cyber threats evolve, software security faces mounting obstacles to success. Frameworks, tools, programming languages, and teams are ever-changing, and intensifying attacks present an increasing risk to organizations.

Mature application security programs are essential to protecting software in today's dynamic environment, but the Journey to AppSec Maturity is beset with challenges.

To help guide security professionals and their programs on the path to success, The Purple Book Community has embarked on a new global initiative:

  • Creating powerful educational resources
  • Engaging hands-on with software security and development teams
  • Developing a modern and practical model for assessing application security maturity that considers technical, cultural, and organizational factors

Join us on the Journey.

Get Involved

Purple Book Community is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:
View more
Thank you!
Your message has been received and we'll be in touch with you shortly. A confirmation receipt will be sent to the email address you listed.
Return Home
Oops! Something went wrong while submitting the form.

JTAM Resources

Blog

Why Maturity Models are Needed in the First Place

By 
Aruneesh Salhotra
,
Helen Umberger
and
Brook Schoenfield
May 10, 2023
Podcast Series
Episode 16
A New Software Security Maturity Model? What? Why? How?
Nitin and Brook tackle the big Q's surrounding our Journey to AppSec Maturity initiative.
Nitin Raina
Nitin Raina
May 9, 2023
Season 2

Journey to AppSec Maturity: Dialogue at RSA

On April 18th 2023 The Purple Book Community's security experts and guests led a special LinkedIn Live broadcast to discuss how to effectively measure the maturity of application security programs, and the pressing need for a new forward-looking and scalable maturity model.

Session Videos

Topic 1
Topic  2
Topic 3
Topic  4
Session 1: Dustin Lehr
11:00 AM - 11:15 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Dustin Lehr -Senior Director, Platform Security, Fivetran
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 2: Mithun Rajoor & Nitin Raina
11:15 AM - 11:30 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Mithun Rajoor - Head of Application & Infrastructure Security (AIS), S&P Global
Nitin Raina - CISO, Thoughtworks
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 3: Maria Schwenger
11:30 AM - 11:45 AM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Maria Schwenger - Partner, Cloud Native Build Practice Leader, IBM
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 4: Helen Umberger & Pratik Savla
11:45 AM - 12:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Helen Umberger - DevSecOps, The Standard
Pratik Savla - Principal Cybersecurity and Compliance Business Partner, Synaptics
Topic 1: The need for a new AppSec Maturity Model
Host:
Brook Schoenfield
Chief Technology Officer & Chief Security Architect, Resilient Software Security
Session 1: Rick Doten & Erica Anderson
12:00 PM - 12:15 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Rick Doten - VP, Information Security, Centene Corporation
Erica Anderson - Co-Founder & COO, SafeStack
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO, We Hack Purple Community
Session 2: Mohit Kalra & Pratik Savla
12:15 PM - 12:30 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Mohit Kalra - VP of Security, Typeface
Pratik Savla - Principal Cybersecurity and Compliance Business Partner, Synaptics
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO, We Hack Purple Community
Session 3: Lucas LaFrance & Swathi Joshi
12:30 PM - 12:45 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Lucas LaFrance - SVP Information Security, PlanetArt
Swathi Joshi - VP, SaaS Cloud Security, Oracle
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO at We Hack Purple Community
Session 4: Aruneesh Salhotra & Maria Schwenger
12:45 PM - 1:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Aruneesh Salhotra - Fractional CISO, SNM Consulting Inc
Maria Schwenger - Partner, Cloud Native Build Practice Leader, IBM
Topic 2: AppSec metrics that matter
Host:
Tanya Janca
Founder & CEO at We Hack Purple Community
Session 1: Aruneesh Salhotra & Russell Ragar
1:00 PM - 1:15 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Aruneesh Salhotra - Fractional CISO, SNM Consulting Inc
Russell Ragar - Head of Security, Snapdocs
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 2: Brook Schoenfield & Avi Douglem
1:15 PM - 1:30 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Brook Schoenfield - CTO & Chief Security Architect, Resilient Software Security
Avi Douglen - Founder and CEO, Bounce Security
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 3: Pratik Savla
1:30 PM - 1:45 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Pratik Savla - Principal Cybersecurity and Compliance Business Partner, Synaptics
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 4: Mark Markow & Robert Hurlbut
1:45 PM - 2:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Mark Merkow - Application Security Engineer, Freeport McMoRan
Robert Hurlbut - Principal Application Security Architect Threat Modeling Lead, Aquia Inc
Topic 3: Attributes of a modern AppSec Maturity Model
Host:
Mark Lambert
Chief Product Officer, ArmorCode Inc.
Session 1: Chitra Dharmarajan & Valmiki Mukherjee
2:00 PM - 2:15 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Chitra Dharmarajan - Senior Director, Security & Privacy Engineering, Okta
Valmiki Mukherjee - CEO & Founder, Cybrize; Chairman & Founder, Cyber Future Foundation
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
Session 2: Prabhat Karanth & Viraj Gandhi
2:15 PM - 2:30 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Prabhath Karanth - Global Head of Security & Trust, Navan
Viraj Gandhi - Product Security Manager, SailPoint
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
Session 3: Cassie Crossley
2:30 PM - 2:45 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Cassie Crossley - VP Supply Chain Security, Cybersecurity & Product Security Office, Schneider Electric
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
Session 4: Maria Schwenger
2:45 PM - 3:00 PM

We all need to work together to speed up adoption of application security practices and to encourage (if not mandate) such adoption. There are many challenges ahead for AppSec teams, building a community is the best way to prepare practitioners to face them.


The Purple Book of Software Security is the perfect example of a community coming together to create a critical resource. All organizations can use this as a launching pad for utilizing and developing new tools and frameworks - that not only improve security but also improve and sustain reliability and agility in the software production process. The book is just the beginning of a plan to create a series of go-to resources for software security leaders and practitioners.


This session is all about the power of a community, the Purple Book Community, and how it aims to further the adoption of software security practices and support practitioners in their goals of developing scalable application security programs.

In this session you will learn:

  • How working together as community furthers AppSec adoption
  • Examples of how the community worked together
  • The future of the Purple Book Community
Speakers
Maria Schwenger - Partner, Cloud Native Build Practice Leader, IBM
Topic 4: Right-sizing the maturity model for your organization
Host:
Aruneesh Salhotra
Fractional CISO, SNM Consulting Inc
The Book
Explore Membership
S3M2Journey to AppSec Maturity
Resources
Resource LibraryAppSecConPodcastBlogState of AppSec 2023
Events
Upcoming Events
PBC Virtual -Women In Security Panel
PBC Virtual - AI in AppSec Panel
JTAM AWS ReInvent conference
Past Events
PBC Virtual - JTAM with  Mayank Joshi
Mumbai Chapter
PBC Connect - OWASP Global AppSec
Atlanta ChapterBengaluru ChapterNew Delhi ChapterNYC Chapter LaunchCyber SoireeWomen In SecurityDavos DialogueFirst LookSBOM
Black Hat 2024
Cyber Future Dialogue 2024
Contact Us
Uniting security professionals on a mission to democratize software security and solve its ever-evolving challenges with the power of Community.
The Book
S3M2
Podcast
Blogs
Membership
Explore Membership
Resources
Contact Us
Powered By ArmorCode Inc.
Copyright © 2024. All rights reserved.
|
Privacy Policy
|
Terms & Conditions
The information contained in the Purple Book of Software Security and associated marketing material contains content expressed by Purple Book Community members. These opinions are their own, are not affiliated with the organizations that they belong to and have no commercial affiliation or any endorsement of any commercial products or services, including the community sponsors.