Original Post: Reflections on AppSec Today. Key Themes and Lessons from last week’s… | by Jamie Dicken | Jul, 2024
The LocoMocoSec Conference, held in Kaua’i, Hawaii, gathered some of the top minds in application security from leading tech companies. Key themes discussed at the conference include:
-
Developer Experience and Enablement: Security teams are focusing on creating self-service and paved-road solutions to empower developers, as security teams grow slower than engineering teams.
-
Challenges with the Web Platform: Developers face longstanding security issues embedded in the internet’s core infrastructure, which was initially designed for information sharing, not security.
-
Internal Cloud Solutions: Companies are building secure internal cloud platforms with default security features to streamline secure development and reduce the need for intensive security reviews.
-
Common Security Issues: Organizations face similar challenges, such as identity management, integrated security tools, GenAI-assisted code reviews, and managing large vulnerability backlogs. Solutions vary based on organizational culture and resources.
-
Industry Fatigue: Many professionals are experiencing burnout and are planning early exits from the industry due to unsustainable work pressures.
- Optimism for the Future: Despite challenges, there’s a sense of optimism. Collaboration between security and engineering teams is seen as crucial for building secure, resilient products. The industry is focused on solving root causes, creating secure defaults, and enabling engineering productivity.
The conference emphasized the importance of collaboration, shared learning, and continual improvement in the field of application security. Talks from the event will be available on YouTube, and the next LocoMocoSec Conference is planned for January 2026.
Go here to read the Original Post