Skip to main content
ISC2 Security Congress 2025 Main banner
 
Icon Legend
Additional Fee Required
Additional Fee Required
Pre-Registration Required
Pre-Registration Required
Onsite & Virtual
Onsite & Virtual
Onsite Only
Onsite Only
Earn CPE Credits
Earn CPE Credits
Livestreamed Session
Livestreamed Session
Included in Guest Pass
Included in Guest Pass
Session Recorded
Session Recorded
Student Experience
Student Experience

Call for Papers Proposals

Software Security

Secure by Design: Are We Winning?

Wednesday, October 29, 2025
2:45 PM - 3:45 PM CT
Location: Davidson AE
CPE Credits 1
Onsite & Virtual Earn CPE Credits Livestreamed Session Session Recorded
April marks two years since CISA launched its Secure-By-Design (SbD) initiative and one year since 65 companies voluntarily pledged to make its products more secure from the start. At the time industry research found 70% of applications had an OWASP Top 10 security flaw.

This session presents new 2025 data showing the current prevalence of OWASP Top 10 flaws in applications, with a breakdown illustrating progress and challenges. The data serves as a leading indicator of the extent to which there have been changes in secure coding practices since the Secure by Design campaign began.

With over 250 companies now signed on, the session will provide key takeaways from the study to help organizations accelerate Secure-by-Design efforts and fulfill the pledge.

Learning Objectives:

  • Understand SbD, especially in the context of winning, shifting the advantage from attackers to defenders across the entire ecosystem. The first call for SbD dates back all the way to 1972.
  • Recognize the current state of Secure by Design adoption based on an examination of security flaws mapped to the OWASP Top 10.
  • Drive adoption of SbD principles and approaches to prevent these defects from the design stage, where it is possible to eliminate entire classes of vulnerabilities.