Isaac Evans
Simple Steps to Kill DevSec without Giving Up on Security
#1about 5 minutes
The corrosive effect of false positives in security tools
Traditional code scanners overwhelm developers with a high rate of false positives, eroding trust and causing important alerts to be ignored.
#2about 1 minute
Why the original "shift left" security movement failed
The shift left movement often failed because it simply redirected a high-noise firehose of security alerts from security teams to developers without improving signal quality.
#3about 1 minute
How Android and iOS successfully hardened their platforms
The significant increase in the market price for zero-day exploits for Android and iOS demonstrates their success in making software more expensive to hack.
#4about 6 minutes
Adopting a secure guardrails over security gates mindset
Effective security programs use secure guardrails, like providing secure defaults and actionable fixes, to guide developers without blocking their workflow.
#5about 3 minutes
Prioritize securing new code over fixing the backlog
Since vulnerabilities are exponentially more likely to be found in new code, focusing security efforts there provides a greater return than trying to fix the entire existing backlog.
#6about 3 minutes
The ROI of basic security training and securing LLMs
Elevating developers to a basic level of security awareness yields the largest reduction in vulnerabilities, a principle that now extends to securing code generated by LLMs.
#7about 3 minutes
A practical formula for an effective AppSec program
An application security program's effectiveness is a product of its components, where a poor signal-to-noise ratio can nullify all other efforts.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
04:46 MIN
Shifting security testing left in the development lifecycle
Vue3 practical development
24:17 MIN
Shifting security left with collaborative threat modeling
We adopted DevOps and are Cloud-native, Now What?
00:28 MIN
Why developers make basic cybersecurity mistakes
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
05:33 MIN
Integrating security earlier in the development lifecycle
Vulnerable VS Code extensions are now at your front door
02:11 MIN
Why traditional security engagement creates bottlenecks
Organizational Change Through The Power Of Why - DevSecOps Enablement
55:17 MIN
Avoiding common security mistakes and giving better feedback
The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks
02:55 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
03:58 MIN
Why security must be integrated from the start
DevSecOps: Security in DevOps
Featured Partners
Related Videos
22:18Why Security-First Development Helps You Ship Better Software Faster
Michael Wildpaner
29:50Real-World Security for Busy Developers
Kevin Lewis
23:34Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together
Stefania Chaplin
08:27Get security done: streamlining application security with Aikido
Mia Neethling
25:28How GitHub secures open source
Joseph Katsioloudes
28:30Empowering Developer Innovation - Balancing Speed, Security, and Scale
Amir Friedman, Martin Reynolds & Yair Etziony
24:47Supply Chain Security and the Real World: Lessons From Incidents
Adrian Mouat
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
From learning to earning
Jobs that call for the skills explored in this talk.
Senior Security Engineer - (Offensive)
SonarSource
Remote
Senior
Bash
Azure
Python
Amazon Web Services (AWS)
+1
Embedded Security Engineer - Schwachstellenanalyse | Car IT | Secure Coding
Prognum Automotive GmbH
Remote
C++