AdvisoryRetailClient Story

Developed a Framework to Address Global Secure SDLC Activities

A Fortune 100 retail, media and entertainment conglomerate turned to Security Compass to help build a new framework for addressing secure SDLC activities across hundreds of applications.
Read our other Retail Client Stories.

Retail, Entertainment

Practice Areas
  • Security Champion and Centre of Excellence (CoE) Program
  • Secure Development Standards
  • Security Program Management and Execution
  • Application Security Baseline and Framework Development

Our Client’s Challenge:

  • Our client had hundreds of in-house and vendor applications across their business without a scalable process to manage the intake, prioritization and standardization of software security across business teams.
  • They had a desire to educate and raise security awareness across development teams that operated independently across the world. They did not have a mature secure SDLC framework or the appropriate tools to consistently address developer security.
  • They turned to Security Compass in search of a centralized, scalable process that could help promote secure application development in a standardized manner that could be replicated across various business units.

Our Approach:

  • Given the small scale of our Client’s security team, Security Compass recommended developing an application security framework focused on nominating security champions. These “champions” would be developers who could help promote our Client’s security mandate and provide valuable assets to support the internal security team. Champions would gain security knowledge and assist corporate security with onboarding their applications into a secure SDLC framework.
  • A secure SDLC framework was developed to leverage existing tools in our Client’s environment that could help automate secure SDLC security activities across hundreds of applications.
  • Security Compass worked with each security champion to train, onboard, and execute security activities for their responsible application. This included identifying security requirements through SD Elements, performing static application security testing (SAST), dynamic application security testing (DAST), triaging results, and providing recommendations and action plans for remediation.

The Result:

  • The new security champion program helped our Client improve communication between business units and the security team. We increased awareness through training to security champions and strengthening our Client’s ability to consistently address security across a global organization through a secure SDLC framework.
  • Each security champion became a valuable partner in promoting the security message enterprise-wide and were responsible individuals who could assist the small corporate security team in performing regular, automated security activities (SD Elements, DAST, SAST).
  • This allowed the security team to focus on risk management and remediation activities with application teams.
Security Compass was able to help improve the Client’s overall security culture through security champions by delivering training, standardizing best practices for software security, and helping our Client develop a framework that scales secure SDLC activities across the enterprise.

Back to Client Stories

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.