Overview
Explore a conference talk from AppSecUSA 2018 that delves into the concept of "Security as a Service" and how to integrate security practices seamlessly into the software development lifecycle. Learn how Adobe's security team improved their effectiveness by adopting a 'live where they work' approach, aligning security processes with existing software development tools and workflows. Discover strategies for implementing a zero-overhead 3rd Party Library vulnerability detection program, automating security ticket creation, and managing vulnerabilities using project tracking software. Gain insights into how this approach enables rapid response to library vulnerabilities across multiple products and enhances collaboration between security and product engineering teams.
Syllabus
Intro
Adobe Digital Experience
Delivering Software
Discovery
PR Problem
Process Problem
Mordor
Service Lifecycle
Program Management
Security Champions
KPIs
Reporting
Case Study
Workflow
Response Process
Software Composition Analysis
Results
Taught by
OWASP Foundation