Living risk-based security at SAP, the solved challenges and the open ones
Keynote 1: Paul El-Khoury, Tue., Sep. 15, 11:00 - 12:00
SAP as the world 3rd largest software company offers solutions running in Mobile, Cloud and On Premise environments. As market leader for business applications, SAP shares the responsibility with customers and partners for securing its solutions. The SAP Secure Software Development Lifecycle is a risk-based process used to ensure a software is free of known vulnerabilities and guaranteeing the appropriate level of security for shipped products. The security risk assessment parts of this process, namely SECURIM and Threat Modeling, used per product to identify and manage product-specific security risks, define the targeted level of trust and build a security test plan. This talk will detail the materialization of these methods at SAP worldwide and highlight the next upcoming challenges with examples from Cloud and Internet of Things scenarios.
About Paul El-Khoury
Dr. Paul EL KHOURY joined SAP SE in 2006 and is currently co-owner of the SAP Product Standard Security. He leads the Product Security Risk Identification and Management as part of the SAP Secure Software Development Lifecycle and is an SAP security evangelist. Prior, Dr. EL KHOURY's major contributions were leading the SAP Threat Modeling methodology, co-defining the secure storage on device used by all SAP mobile applications and holding the position of governor of the SAP patch day from its pilot phase until it was rolled out to customers. He received his MSc and his Ph.D. in Computer Science from the Université of Claude Bernard Lyon 1. He has authored various scientific publications and patents in the field of software security.