Secure Code, Safe Future: Mastering Security in Critical Software Development

Learn essential secure coding practices and techniques for developing high-quality, secure software in this 23-minute conference talk from the Linux Foundation. Explore practical strategies for addressing code security issues across tech stacks and development teams, with special focus on operational technology (OT) software for critical infrastructure. Discover how to effectively handle challenges like false positive alerts, identifying vulnerable C++ libraries in static compilations, and bridging security knowledge gaps that lead to insecure code. Through practical real-world examples, vulnerable code demonstrations, and hands-on hacking demos, gain insights into implementing secure dependency upgrade policies and leveraging Software Bill of Materials (SBOM) for vulnerability detection. Master actionable approaches that go beyond basic OWASP Top 10 knowledge to help safeguard critical software projects and scale security practices across development teams.