Welcome to app-security.org, the home of SALSA (Scalable & Agile Lifecycle Security for Applications). 

We're just getting started.  Working with Intrinsic Security, Inc., and SANS, we have produced an initial overview of the SALSA approach.  We'll be including many pointers to helpful and practical resources here in the near future.  Meanwhile, please check out the SANS whitepaper and webcast. 

SANS Webcast:   Building Brick Houses

"Help!  Our development team is trapped in an endless cycle of death march application development.  Our security team is trapped in an endless mode of  crisis management.  How can we break out of these traps, and start building secure applications in a sustaiable way?"

SALSA is designed to be compatible with your existing development methodology, so that you don't have to fight the "methodology fight" to make a difference for your team.  You don't need to be in charge, you don't need to change everything at once.  If you're a developer on a team, you can begin to make a difference.  Learn about the SALSA approach to building secure applications, and help spread the word.  SALSA is free, and can be implemented with a variety of tools, including open source free tools as well as some very fine commercial tools.  The SALSA approach isn't a crucade, it is a set of practical recommendations that will help your team.