From Cockroaches to Marble Floors - What Happens When You Turn On the Lights?

Explore how eliminating the false distinction between security bugs and other software defects can significantly reduce security breach risks, enhance product quality, and align development teams. Learn practical tools and methodologies to transform your software security posture in this 28-minute conference talk from BSidesSF 2020. Discover insights on engineering IT security, engaging with QA, integrating security practices, bug hunting, and considering end-user perspectives. Gain a holistic understanding of company-wide security approaches, including infrastructure as code, metrics, alignment strategies, education initiatives, and best practices for code review. Delve into the BSidesSF philosophy and learn how to create a more robust and unified approach to software security that benefits the entire organization.

Intro
The Encore
Introductions
Engineering IT Security
Engagement with QA
Bringing in Security
Hunting Bugs
The End User
A Holistic Look
Focus on the Entire Company
Infrastructure as Code
BSidesSF Philosophy
Metrics
Alignment
Education
Best Practices
Code Review
Outro