Explore the implementation of SCORE Bot, a tool designed to shift security left at scale, in this 30-minute conference talk from AppSecUSA 2018. Learn how PayPal developed and deployed an automated security code review system that integrates with GitHub Pull Requests to provide real-time, context-specific feedback on organization-specific security issues. Discover the challenges and successes of rolling out SCORE Bot across diverse programming languages, frameworks, and CI/CD pipelines. Gain insights into behavioral science-driven approaches and A/B testing that made SCORE Bot a trusted security peer reviewer for developers. Hear from PayPal's Security Architect Vidhu Jayabalan and Head of AppSec & Innovation Laksh Raghavan as they share metrics, lessons learned, and practical advice for implementing similar solutions in your organization's DevSecOps practices.
Overview
Syllabus
Introduction
Secure Product Life Cycle
Secure Product Landscape
Developer Friendly
Enforcement with Empathy
Disclaimer
Demo
Questions
Taught by
OWASP Foundation