AppSec vs. Developer Velocity: Ending the Cold War Between Security and Engineering

July 15 @ 1:00 pm - 2:00 pm EDT

More than half of development teams report that application security testing slows their release pipeline. On the other side, security teams point to the 81% of organizations that knowingly shipped vulnerable code in the past year. Both sides have legitimate concerns, and the friction between them is getting worse as release cadences accelerate and AI-generated code enters production. The result is a standoff where developers route around security controls and AppSec teams lose influence over the code that actually ships.

The path forward is not about one side winning. It is about removing the friction that makes security feel like an obstacle. That means fewer low-value alerts landing on developer desks, clearer ownership of findings, risk-based prioritization that respects engineering time, and tooling that works inside the developer workflow rather than beside it.

Resolving this tension requires alignment across testing, prioritization, and runtime protection approaches – from SAST, DAST, and SCA to API security, container security, and developer-native security tooling embedded directly into CI/CD pipelines.

Topics include:

Why AppSec noise (not AppSec itself) is driving the friction with engineering
Embedding security into CI/CD pipelines without creating unplanned developer work
Shifting from “fix everything” to prioritizing the 2–5% of findings that carry real risk

Learn how security and engineering teams are resolving friction and building AppSec programs that move at the speed of development.

Details

Date: July 15
Time:
1:00 pm - 2:00 pm EDT
Event Categories: API Security, Application Security, Container / Kubernetes Security, DevSecOps, Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Static Application Security Testing (SAST), Third-party Code Analysis, Vulnerability Management (VM)