When it all comes down to it, pretty much every CyberSecurity or InfoSec [or insert your own favorite term] breach or issue has a common component ... code! And despite plenty of cautionary examples and lessons learned, we see the same or similar issues over and over. These play out to the tune of millions with credit monitoring, stolen IDs and worse (think non-update-able, vulnerable pacemaker firmware) on the horizon.
The problem is akin to a stagnant pond that needs to be drained. There is an ancient Chinese proverb which is intended to assess an individual's sanity by giving them a bucket to address the issue of a stream flowing into a stagnant pond.
In this presentation, we will discuss the importance of AppSec in the world of InfoSec/Cybersecurity. We will look at it from the perspective of a security-minded developer who has seen how the water flows and stagnates in the pond. How do we create or shift incentives? How do we find common ground for the security community and the development community to sanely drain the pond?