This is a list of papers and presentations I have written, or contributed to, on the subject of software security (~application security) in modern software development.

With "modern", I mean:


I am lecturing a basic course on software security, with emphasis on threat modelling and being able to build secure software in a commercially viable fashion.

Spring term 2016 at Aalto University, Spring term 2015 at Aalto University, Spring 2014 at the University of Helsinki.


These are evolving presentations, and the slides might not correspond exactly to any single specific delivery.

As a Product Owner, I don't want to get 0wned - managing software security through requirements management. Most recently presented at Scan-Agile 2015.

Discovering privacy requirements in software development. Most recently presented at OWASP Helsinki / IAPP KnowledgeNet in January 2015, Forum för Dataskydd in Stockholm in February 2015.

Software security in modern software development. Most recently presented at Korkeakoulujen IT-päivät 2014 and the BSIMM Community Conference 2013.


2014: Handbook of The Secure Agile Software Development Life Cycle has one article from me talking about the same thing as the 2012/2013 presentation, above; and another article describing prototype Generic Security User Stories that is also mentioned in the stuff below.

2011: Software security in agile product management (PDF). This is an older paper which I have still up for reference. I don't agree with everything I wrote back then any more. Please have a look at the more recent presentations and articles.


Feedback is always welcome. Contact info.

We use third party analytics on this page. These services may set cookies. You can disable cookies from your browser.