Wow, what a great panel this was! 👏 We will be sharing the recording shortly for those who were unable to join us this afternoon.
Tanya Janca, Heather Hinton, Laura Bell Main, Joe N. and Abhisek Datta, that you for such a great discussion during the panel on "Automating Secure Guardrails: Leveraging SAST and Other Tools for Effective Implementation" today! Tanya, thank you for your wonderful questions allowing us to brainstorm on what we can do better as an industry. Here are some key takeaways on how to better manager our attack surface and application security programs: 1. Combine tools to get holistic visibility across the entire software stack (e.g. both Cloud and application layers) 2. Use context to prioritize and focus the security findings on what matters the most 3. Use guardrails to attest to compliance requirements making the life of the developers easier 4. Consider implementing auto-corrections and modules allowing semi-automatic replacement of vulnerable code during the development phases (e.g. updating the code to use the correct non-vulnerable versions or to store and retrieve secrets from the vault). All of these points are doable and hopefully we will continue progressing with adopting them.