SecAppDev 2023 lecture details

Secure defaults: developer-friendly security

We will go over the vision for secure defaults, and then discuss how we can improve processes, training and tools to support this approach. The advice in this session is backed by my research.

Monday June 12th, 14:00 - 15:30
Room West Wing
Abstract

Automation of security tools has made it possible to identify software vulnerabilities faster and earlier during development. Unfortunately, this evolution hardly shows any reduction in the prevalence of vulnerabilities. On average, a company hires only one security expert to help 75-200 devs fix the detected problems, making it evident that security is not just the expert's responsibility.

In this session, we explore how to make an impactful change. We investigate the processes, people, and technology involved and propose an approach to guarantee better software security throughout the SDLC.

Key takeaway

Security is no longer just the responsibility of the expert. Security training and tools should be adapted to fit a developer audience

Content level

Deep-dive

Target audience

Managers, developers, and security professionals

Prerequisites

None

Join us for SecAppDev. You will not regret it!

Grab your seat now
Pieter De Cremer
Pieter De Cremer

Senior security researcher, Semgrep

Expertise: Application security, secure defaults, developer-focused security tools

More details

Claudio Merloni
Claudio Merloni

Security research manager, Semgrep

Expertise: Application security, secure development and static source code analysis

More details

Join us for SecAppDev. You will not regret it!

Grab your seat now

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting

Grab your seat now