The ASW August 2024 Recap
August added one more appsec calculus intro. I had to carry the one over from July.
What a fun start to have Marisa Fagan talk about the [OWASP Security Champions Guide]! She’s been building security cultures and security champions programs for a while. There are some familiar angles like aligning incentives, but also important items that orgs often overlook, such as what a security champion is in the first place and the skills important to curating a program.
Next up, Kalyani Pawar talked about appsec at start-ups and what it looks like to go from no security to some security – and how to make that “some security” effective. Some of her insights hearkened back to the previous week, particularly on setting up security so it scales.
In week three, we turned from scaling security to a security-related outage of significant scale. Allie Mellen and Jeff Pollard shared insights and lessons learned from the CrowdStrike outage. It was a chance to talk about secure design, security requirements, and software quality.
Finally, Paddy Harrington wrapped up the month with a discussion about IoT security, which also touched on secure design (and, unsurprisingly, the lack thereof). But we also talked about security labeling, what burdens the consumer should bear, and just how old is too old for a device?
Subscribe to ASW to find these episodes and more! Also check out the July 2024 recap.
-480x320.png)