Normalizing AppSec Issues for Contextual Risk-Based Prioritization at Enterprise Scale
For 25 years, AppSec professionals have focused on vulnerabilities on all fronts with ever-evolving tools and processes. These disconnected efforts have led to wasted time and slow delivery. It's time to fundamentally change how we build and scale Application Security programs in order to focus on the most critical risks to applications and infrastructure by factoring in contextual intelligence.
On this talk we will go through the tactics that we learned and implemented towards contextual-based issue prioritization, starting with spotting material changes in code, normalizing the issues and data points and resulting with a prioritized risk-based issue list at enterprise scale.