Third-party Code Analysis

Events

Views Navigation

Event Views Navigation

Today

    • Reducing Risk at Scale: A Modern Approach to Application Security

    Application vulnerabilities are rising—and attackers aren’t waiting. The challenge isn’t just detection; it’s knowing what to fix first, and how fast. Traditional AppSec approaches often flood teams with data but lack the context to prioritize effectively. Security leaders need clarity, speed, and precision to reduce risk at scale. Application security programs must evolve to distinguish real threats from noise, streamline remediation, and enable faster, smarter decisions under pressure. Topics include: • Trends reshaping the application threat landscape • Strategies for intelligent prioritization and faster remediation • Embedding context into workflows to drive faster, smarter remediation Learn how to modernize your AppSec program to reduce risk at scale—without slowing down development.
    Topics:
    , , , , , ,

    The New Attack Surface: Locking Down the Software Supply Chain with DevSecOps

    Your software supply chain is one of your biggest attack surfaces. It’s not the code you write that gets you breached—it’s the code you borrow. Attackers increasingly target third-party components, open-source packages, build tools, and plugins to quietly insert malicious code before software ever ships. To defend against modern threats, organizations must secure the full software supply chain from commit to deploy. Topics include: • How third-party code and open-source libraries expand your attack surface • Hardening the CI/CD toolchain against misuse or compromise • Detecting and blocking tampering before software ships Join us to reduce exposure and build resilience into every stage of your software supply chain.
    Topics:
    , , ,

    • AppSec vs. Developer Velocity: Ending the Cold War Between Security and Engineering

    More than half of development teams report that application security testing slows their release pipeline. On the other side, security teams point to the 81% of organizations that knowingly shipped vulnerable code in the past year. Both sides have legitimate concerns, and the friction between them is getting worse as release cadences accelerate and AI-generated code enters production. The result is a standoff where developers route around security controls and AppSec teams lose influence over the code that actually ships.

    The path forward is not about one side winning. It is about removing the friction that makes security feel like an obstacle. That means fewer low-value alerts landing on developer desks, clearer ownership of findings, risk-based prioritization that respects engineering time, and tooling that works inside the developer workflow rather than beside it.

    Resolving this tension requires alignment across testing, prioritization, and runtime protection approaches – from SAST, DAST, and SCA to API security, container security, and developer-native security tooling embedded directly into CI/CD pipelines.

    Topics include:

    • Why AppSec noise (not AppSec itself) is driving the friction with engineering
    • Embedding security into CI/CD pipelines without creating unplanned developer work
    • Shifting from “fix everything” to prioritizing the 2–5% of findings that carry real risk

    Learn how security and engineering teams are resolving friction and building AppSec programs that move at the speed of development.

    Topics:
    , , , , , , , ,