There’s a significant shift ongoing in how security teams operate and prioritize their limited budget and person-time. Rather than investing in finding more bugs, some teams are instead building frameworks and services with secure defaults so that developers can build features quickly and securely. Using secure defaults and lightweight checks that enforce invariants (properties that must always hold), organizations can solve classes of vulnerabilities.
In this talk, we present a practical methodology for how to:
We’ll also share open source rules we created that found a number of CVEs in popular open source repositories.