The discipline of application security has evolved tremendously since the founding of OWASP in 2001. As software development methodologies, languages and ecosystems have advanced, AppSec has often struggled to keep pace with innovation, leading to a persistent gap between the velocity of software and the ability to understand and mitigate the risk it introduces. Some foundational issues, like reliable software composition analysis (SCA), have now been largely solved by the industry. Others, such as runtime-based reachability detection, are on the cusp of providing a tremendous leap forward to AppSec practitioners. But certain thorny problems, like software attestation, risk-based prioritization, SAST accuracy, and DAST correlation, remain elusive.
Join Snyk, the leader in Developer Security, for a wide-ranging discussion of the current state of application risk management and the unsolved issues that still limit the full potential of developer-focused security, including:
- How the original principles of AppSec have evolved to keep pace with the changing landscape of software, and the persistent gaps that still limit the discipline’s potential
- The promise of near-term innovations, such as AI-based analysis of runtime signals, to solve some longstanding issues and open the door to a paradigm shift
- A realistic look at “what’s next” in the evolution of AppSec and how vendors and practitioners can work together toward a more honest conversation about capabilities and limitations