Explore the myths and misconceptions prevalent in the software security industry in this keynote address from the Hack In The Box Security Conference. Delve into the origins of popular beliefs, such as the "shift left" movement, and discover how they may be based on questionable studies. Examine the claims of a software security crisis and evaluate the credibility of supporting evidence. Analyze the limitations and potential circumventions of Software Bills of Materials (SBOMs) in accurately representing open-source components in applications. Learn to critically assess industry surveys and statistics, understanding how data can be manipulated to support marketing messages. Investigate the validity and rigor behind various "Top Ten" lists in the security field, including the famous OWASP Top Ten. Gain insights into other potential myths, such as the concept of the "10x security researcher," independent communities, and community benchmarks, time permitting.
Overview
Syllabus
#HITB2023AMS KEYNOTE: The Myths Of Software Security - Mark Curphey
Taught by
Hack In The Box Security Conference
Related Courses
-
Evolution of Learning - What Cyber Security Training Looks Like in 2023
-
Automated Black-box Security Testing of Smart Embedded Devices
-
Why Building Your Ship with Raw Materials is a Bad Idea
-
Scaling Software Supply Chain Source Security in Large Enterprises
-
Data Driven Software Security
-
Software Security Era - Past, Present, and Future
