Building a Robust AppSec Program With the OODA Loop Framework

Episode 46 November 16, 2023
YouTube video

Observe, Orient, Decide, Act. Johnson Controls Product Security Director Brian Pitts walks us through how a framework developed for military applications can help us secure the software kind. OODA puts into letters a process that should be familiar to most security practitioners: 1. collecting data from the environment; 2. contextually assessing findings; 3. prioritizing based on risk context, scores, and/or severity; and 4. taking remedial action. Brian thoughtfully shares a bit of how ArmorCode enables his team at Johnson Controls to painlessly OODA at scale.