Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
Back To Schedule
Friday, October 12 • 11:45am - 12:20pm
Security as a Service: Work where You Engineers Live

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Product Engineers and Managers live in git, JIRA, and wikis to develop and release software, so why do security engineers use a fully different set of tools and dashboards to try to drive security fixes onto product teams' roadmaps?  

Our team decided to use the 'live where they work' approach to see if we could increase the effectiveness and measurability of our engineering teams' participation in the SDLC.  

In this talk, we will show you how our roots on the product engineering team inspired us to live where our engineers live, and leverage existing software development processes to enable our engineers to get security work done when and where it needs to get done, without the overhead of constantly trying to reinforce security-specific processes.  

We will talk through the case study of setting up our 3rd Party Library vulnerability detection program. The case study will highlight how we were able to create a zero-overhead approach by leveraging automation and processes that we in had previously put in place. The new system ensures we have an accurate view of the 3rd Party Libraries in use by our products at all times. We integrated this with our project tracking software to automatically file tickets with the team at the discovery of a vulnerability or a vulnerable library. This approach enables us to respond as quickly as possible to disclosure of a vulnerability in a library used by one of our 15+ products with tons of moving pieces. We will also talk about our vulnerability management program and strategy, which heavily leverages our JIRA project tracking system as our source of data, so we’re working from the same dataset as our engineers.

By working where our engineers live, we are able to immediately cut down barriers to getting security work done where and when it needs to be done, and consolidate the source of truth about se. We empower our engineers to know

avatar for Julia Knecht

Julia Knecht

Manager, Security & Privacy Architecture, Adobe
avatar for Taylor Lobb

Taylor Lobb

Manager, Security and Privacy Architecture, Adobe

Friday October 12, 2018 11:45am - 12:20pm PDT
Regency 2
  Regency Ballroom 2, Beginner
  • NEW FIELD 1 Track 2