Here is a slimmed down version of the presentation I delivered in Italy last March.
This version does not contain the part that talks about the problem (i.e. the attacks and why you need to do Application Security)
The key idea that I defend is that we can use Application Security to define and measure Software Quality
Let me know what you think
