Today I attended the OWASP (Open Web Application Security Project) conference held at Auckland University.
One of my favourite photos with dual projection screens in the main auditorium. 111 Billion lines of code written yearly according to CSO Online. The next slide, not photographed, stated that equated to some gigantic number of bugs and subsequent security vulnerabilities.
This slide showed how reality often differs from theory and reported compliance to process. Pull requests are not necessarily reviewed but given the green light by a friend that approved it. Likewise dependencies are not always updated frequently.
Setting up good development processes that include security early on can save costly rework and code released with vulnerabilities.
There was much in common with the 2015 event although some new things, like DevSecOps and containers, have become mainstream since then. Most notably for me was the realisation of how far I have grown in that time. I was definitely surprised that my last attendance way back in 2015 and I had to search my Twitter history to figure that out.
Thinking about it now this was just after graduating from the post graduate course “Advanced Information Security”. It is interesting to reminisce on how I was then and how much more confident I’ve become in that time.