Software security has come a long way in the last decade, moving from the original bug parade approach to integrated SDLC touchpoints. We've learned many essential lessons the hard way (which can be called software security "zombies"). This session will discuss all that software security has accomplished, up to and including the BSIMM , a study of over 50 software security initiatives.