Artwork

Contenuto fornito da Tromzo. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Tromzo o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Player FM - App Podcast
Vai offline con l'app Player FM !

EP 49 — Semgrep’s Colleen Dai on Building Security Strategies and Relationships with Other Teams

20:14
 
Condividi
 

Manage episode 381721298 series 3330694
Contenuto fornito da Tromzo. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Tromzo o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Colleen Dai, Senior Security Researcher at Semgrep, an open source static analysis tool. They discuss strategies security teams can take to reduce false positives, use secure defaults to eliminate bug classes, and reduce complexity in security decision-making. They also talk about ways to build the relationships between security, developers, and engineers, which includes aligning on goals, communication, and recognition.

Topics discussed:

  • Colleen's background and what her security research role at Semgrep entails.
  • How to use secure defaults to eliminate bug classes and reduce the complexity in security decisions.
  • How to reduce false positives by writing rules and checks, especially ones that are customized to your organization.
  • How to better align the goals of security and developers by focusing on creating good software — and good software is secure software.
  • How to build relationships with engineers through communication and recognition, not just talking through Jira tickets.
  • Why security and developers still struggle with cross-site scripting and how it can be fixed.
  continue reading

60 episodi

Artwork
iconCondividi
 
Manage episode 381721298 series 3330694
Contenuto fornito da Tromzo. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Tromzo o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

In this special episode of the Future of Application Security, recorded at the Developers & Security are Friends Day, Eric speaks with Colleen Dai, Senior Security Researcher at Semgrep, an open source static analysis tool. They discuss strategies security teams can take to reduce false positives, use secure defaults to eliminate bug classes, and reduce complexity in security decision-making. They also talk about ways to build the relationships between security, developers, and engineers, which includes aligning on goals, communication, and recognition.

Topics discussed:

  • Colleen's background and what her security research role at Semgrep entails.
  • How to use secure defaults to eliminate bug classes and reduce the complexity in security decisions.
  • How to reduce false positives by writing rules and checks, especially ones that are customized to your organization.
  • How to better align the goals of security and developers by focusing on creating good software — and good software is secure software.
  • How to build relationships with engineers through communication and recognition, not just talking through Jira tickets.
  • Why security and developers still struggle with cross-site scripting and how it can be fixed.
  continue reading

60 episodi

Tutti gli episodi

×
 
Loading …

Benvenuto su Player FM!

Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.

 

Guida rapida