The Myths of Software Security

Explore the myths and misconceptions prevalent in the software security industry in this keynote address from the Hack In The Box Security Conference. Delve into the origins of popular beliefs, such as the "shift left" movement, and discover how they may be based on questionable studies. Examine the claims of a software security crisis and evaluate the credibility of supporting evidence. Analyze the limitations and potential circumventions of Software Bills of Materials (SBOMs) in accurately representing open-source components in applications. Learn to critically assess industry surveys and statistics, understanding how data can be manipulated to support marketing messages. Investigate the validity and rigor behind various "Top Ten" lists in the security field, including the famous OWASP Top Ten. Gain insights into other potential myths, such as the concept of the "10x security researcher," independent communities, and community benchmarks, time permitting.

#HITB2023AMS KEYNOTE: The Myths Of Software Security - Mark Curphey