Back in 2018, I presented at CodeBlue the first edition of my talk "The Decalogue of Contractual Security Sins", dealing with the most common pitfalls of integrating (or failing to integrate) the right security clauses in our commercial IT contracts.

Since then, things have improved in our industry, but we still have some ways to go. In this new talk, I focus specifically on the Application Security domain, and how to use familiar techniques - such as Threat Modelling - into designing AppSec relevant security clauses.

Furthermore, the plan is to launch a new OWASP project which will provide tooling and content templates for creating AppSec contractual clauses tailored for specific needs and for specific types of applications and contracts. CodeBlue would then be the "public launch" of this new OWASP project.