Explore the key capabilities for initiating a Software Security Initiative (SSI) in this 40-minute conference talk from AppSec Ca 2016. Delve into the benefits and drawbacks of three common starting points: penetration testing, code review, and secure design review (including threat modeling). Gain insights from Jim DelGrosso, Senior Principal Consultant at Cigital, Inc., as he discusses how these capabilities fit into a mature SSI. Learn about debunking threat modeling myths and discover practical steps to begin implementing secure design activities in your organization. Understand the importance of architecture analysis, threat modeling, and secure design in building a robust software security program.