Introduction to Inner-Loop Security - Shifting Left, but Better

Explore the next evolution of "shift left" security in this 50-minute LASCON conference talk. Discover the concept of inner and outer loops as a more effective approach to application security. Learn how to empower developers to build secure-by-design products, reduce costs, and improve return on investment. Examine the limitations of traditional shift left methodologies and delve into inner-loop concepts, including static analysis, software composition analysis, and security as code. Compare inner-loop and outer-loop tools, discuss continuous security lenders, and gain insights on minimizing tax waste in the development process. Gain a fresh perspective on security responsibilities and how to integrate them effectively into the software development lifecycle.

Intro
Overview
Shifting left
Security responsibilities
Innerloop
Tax waste
Static analysis
Software composition analysis
Security as code
Innerloop vs outer loop
Tools in the outer loop
Continuous security lenders
Conclusion