Original Post: The future of AppSec and why I joined r2c
The author reflects on their career transition to Head of Security Research at r2c, the creators of the open-source static analysis tool Semgrep. They recount their journey from academia to industry, detailing their experiences with static analysis tools like Burp Suite, Emacs, Vim, and grep. They found that time constraints, source code availability, licensing issues, and customization challenges hindered broader adoption of advanced tools in real-world settings.
As a consultant, the author observed that many companies were dissatisfied with legacy static analysis security testing (SAST) tools due to false positives, setup complexity, and compliance-focused purchases. Forward-thinking companies like Google and Microsoft have shifted towards secure-by-default libraries and tools to prevent vulnerabilities rather than just identifying them.
The author joined r2c due to the company’s aligned vision for scalable, secure software development and the impressive technical and cultural strengths of its team. At r2c, they aim to advance Semgrep by adding features like constant propagation and taint tracking, partnering with OWASP, and eradicating specific vulnerability classes in organizations. The author expresses enthusiasm for the future of application security and the potential of r2c to lead significant improvements in the field.
Go here to read the Original Post