Moving Fast and Securing Things

Explore a conference talk from AppSecUSA 2017 that delves into balancing security processes with rapid development in startups. Learn how Slack implemented a Secure Development Lifecycle (SDL) process that accelerated development while scaling security coverage for a growing engineering team. Discover their flexible framework for security reviews, including a self-service assessment tool, checklist generator, and chat-based process. Gain insights on encouraging a security mindset among developers without creating adversarial relationships. Examine quantified success metrics and learn how to apply similar approaches in other organizations. The speakers share their experiences in product security, bug bounty programs, and security automation, offering valuable perspectives for security professionals and developers alike.

Intro
Slack
Transparency
SelfService STL
Checklists
Process
Security Product Channel
Feature Channel
Checklist
Checklist Feedback
Security Background
Positive Feedback
User Feedback
Real Bugs
High Grade
SPL Graph
Open Source Tools
QA Process