Everybody agrees that code review, architecture analysis and penetration testing are good things to do when building secure software, but how do you scale activities like these in a global enterprise? This session will focus on real world lessons in scale and efficiency from 70+ software security initiatives in the BSIMM. We will discuss tools, technology and processes in light of real results.