AppSec USA
This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the event this Thursday. If you will be at the event, please come by the session or the Sonatype booth (G10) and say hello.
So what’s the panel discussion about?
The Panel and The Survey
In April 2014, we released our 4th annual Open Source Development and Application Security survey. Over 11,000 people have now participated in the survey, discussing their latest development practices, open source governance strategies, and security priorities. The cool thing is because so many people have participated over the years, we have great year-over-year trends that we’ve shared with you.
The Heartbleed Surprise
But the most interesting thing about this year’s survey was it happened to land right in the middle of the Heartbleed vulnerability being announced. About 1,800 people participated in the survey and 1,500 participated after the Heartbleed announcement. If you read the survey, you will find some really interesting results between the pre- and post-Heartbleed results -- revealing distinct changes in mindset.
The Experts
I am very exited that this week’s panel discussion will include application security experts like Josh Corman (@joshcorman), Matt Johanssen (@MattJay), and Jeff Williams (@PlanetLevel) as well as DevOps expert, Damon Edwards (@DamonEdwards). Next week, I will be sharing insights from the panel. If you aren't able to attend, follow me and the others here on Twitter, and I am sure you will see some of the comments streaming live during our panel discussion (Thursday, 1pm Mountain Time).
In addition to the panel discussion, Sonatype has a few additional sessions you won't want to miss:
Josh Corman, CTO: Not Go Quietly: Adaptive Strategies and Unlikely Teammates - This session will provide new approaches to finding financial and operational support for information security across the organization.
Ryan Berg, CSO: OWASP A9: A Year Later - Are you still using components with known vulnerabilities?
Making It Count
As a final note, while the stats of the survey are interesting, it is not the stats that count. It’s the conversations about the survey results that make the difference. I invite and encourage you to share the survey results with your peers and friends across development or in application security. Compare how your organization stands against your peers, discuss what findings you might prioritize for action within your organization or team, or find inspiration to add comments to this blog or create your own blog article about the results. Again, it is not the stats that count, it’s the action that you decide to take after seeing them.
