Original Post: Slack on scaling static analysis with Semgrep
In this DEF CON 29 AppSec Village presentation, Erin Browning and Tim Faraci from Slack cover essential aspects of application security. Key points include strategies for delivering fast scan results to keep developers satisfied, moving beyond mere compliance to enhance security, effectively managing false positives, and incorporating scanning processes into both developer and security workflows. They also discuss the importance of calibrating metrics and performance targets to ensure optimal security measures.
Go here to read the Original Post