Dates
Conferences
Tags
Sort by:
Most recent
Conference: Global AppSec Dublin 2023
Authors: Dr. Magda Chelly
2023-02-16
tldr - powered by Generative AI
The presentation discusses the potential risks and benefits of using AI-generated code in software development, with a focus on cybersecurity and DevOps. The speaker emphasizes the importance of balancing speed and efficiency with quality and security, and highlights the need for clear contracts and due diligence when working with third-party AI tools and data sets.
- AI-generated code can increase productivity and reduce errors, but may also pose significant risks to businesses and users if not properly regulated and tested.
- Clear contracts and due diligence are necessary when working with third-party AI tools and data sets to ensure quality and security.
- The use of AI in software development requires a balance between speed and efficiency and quality and security.
- The speaker suggests that AI-assisted coding may be a more effective approach than relying solely on AI-generated code.
- The presentation also touches on the broader issues of data privacy and intellectual property rights in the context of AI and big data.
Conference: SupplyChainSecurityCon 2022
Authors: Hritik Vijay, Philippe Ombredanne
2022-06-22
tldr - powered by Generative AI
The presentation discusses the challenges of package and dependency management in software development and proposes solutions such as using package URLs and a universal versioning system.
- The complexity of package and dependency management in software development makes it difficult to express boundaries between dependencies and automate the process.
- Solutions proposed include providing installation prerequisites, using a single package manager, and using general-purpose package managers such as Spack, Conda, Nix, and Guix.
- Package URLs can be used to name packages and a universal versioning system can be used to deal with version ranges.
- The universal versioning system can accommodate different versioning schemes and express version ranges in a universal way.
Tags:
Conference: OWASP 20th Anniversary Event
Authors: Stefan Streichsbier
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of smart automation, seamless feedback for developers, and auto-fixing and repairing of code in cybersecurity and DevOps. It also emphasizes the need for more people and talent to help secure the world and the importance of recognizing safe lists for open source software projects.
- Smart automation and work for integration are necessary to boost productivity and address cybersecurity issues
- Seamless feedback for developers and auto-fixing and repairing of code are important for efficient and effective cybersecurity and DevOps
- Recognizing safe lists for open source software projects is crucial for the community to work on and ensure the security of projects
- Embracing machine learning and AI can make jobs easier and help focus on high-impact issues
Conference: OWASP 20th Anniversary Event
Authors: John Dickson
2021-09-24
Abstract:AppSec champions program exist in virtually every organization that builds a ton of software and is security paranoid. These programs use informal influence and the art of persuasion to get software developers to write more secure applications. Many programs originate from the bottom up and lack strong organizational mandates – that’s where the Jedi Mind tricks come in. AppSec champions may be widely implemented, but in general there is a lack of data on what organizations are actually doing in the field. The results of a nine-month research survey attempt change that, with first-ever data of common denominators of leading-edge AppSec champions programs published. The structured research project involved 26 of the most innovative AppSec programs. Many, if not most, were operating in isolation with no benchmarking data or widely understood best practices.This session will identify the common denominators that we observed in the survey respondents including emerging best practices around identification and recruiting of champions, how security organizations trained champions, and how they communicated with champions in the field. Finally, return on investment responses are included to provide insight into how organization are measuring success around their programs.This data provides certain recommendations about how security leaders should further build these programs to get upstream of the “vulnerability production engine” that creates additional attack surface. An emphasis will be placed on how attendees can take the survey results and use them for further justification for their own programs.We’re not remotely close to solving the secure development problem. AppSec champions helps win the hearts and minds of developers who are ultimately the one who solve this issue. The hope is that, armed with AppSec champions numbers and best practices, attendees will be better equipped to help their development colleagues via AppSec champions programs.
Conference: OWASP 20th Anniversary Event
Authors: Chris Wysopal
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of team collaboration and continuous improvement in achieving secure code and reducing remediation time. It also highlights the impact of using multiple testing techniques and APIs in reducing remediation time. The future of application security is also discussed, with a focus on managing supply chain risk.
- Team collaboration and continuous improvement are crucial in achieving secure code and reducing remediation time
- Using multiple testing techniques and APIs can significantly reduce remediation time
- Managing supply chain risk is the future of application security