Traditional code scanners overwhelm developers with a high rate of false positives, eroding trust and causing important alerts to be ignored.
The shift left movement often failed because it simply redirected a high-noise firehose of security alerts from security teams to developers without improving signal quality.
The significant increase in the market price for zero-day exploits for Android and iOS demonstrates their success in making software more expensive to hack.
Effective security programs use secure guardrails, like providing secure defaults and actionable fixes, to guide developers without blocking their workflow.
Since vulnerabilities are exponentially more likely to be found in new code, focusing security efforts there provides a greater return than trying to fix the entire existing backlog.
Elevating developers to a basic level of security awareness yields the largest reduction in vulnerabilities, a principle that now extends to securing code generated by LLMs.
An application security program's effectiveness is a product of its components, where a poor signal-to-noise ratio can nullify all other efforts.
Sensory-Minds GmbH
Offenbach am Main, Germany
29:50Kevin Lewis
22:18Michael Wildpaner
23:34Stefania Chaplin
08:27Mia Neethling
25:28Joseph Katsioloudes
16:00Ali Yazdani
24:47Adrian Mouat
23:26Martin Reynolds
Jobs that call for the skills explored in this talk.
Punk Security Ltd.
Remote World
