We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have some fun. Our coordinates? This year’s AppSecUSA 2014 event in Denver, Colorado.
If you were there, you couldn’t miss us. If you weren't there, don’t fret...they caught the entire thing on video. First up, I know you all wanted to see the Phantom FC40 Quad Copter...we didn’t just give this away as a door prize...we flew it into the room and landed it on stage for the winner to pick up. That’s the way we roll at Sonatype -- geeky and fun.
Sonatype experts lead four sessions during this year’s two day event:
VOICES: I (@weekstweets) led a highly interactive panel discussion entitled “11,000 Voices: Experts Shed Light on 4-Year Open Source & AppSec Survey. This panel of application security experts and OWASP veterans included Jeff Williams (@planetlevel), Matt Johansen (@MattJay) , Damon Edward (@DamonEdwards), and Josh Corman (@JoshCorman). Here’s the video.
AVENGERS: Josh Corman, our CTO, advised attendees to not be a hero, but assemble their team of avengers from unlikely allies. Nearly every aspect of our job as defenders has gotten more difficult and more complex—escalating threat, massive IT change, burdensome compliance reporting -- all with stagnant security budgets and headcount. Rather than surrender, Josh let us know it’s time to fight back. Here’s the video.
PROGRESS: One year after OWASP updated it’s top 10 list to include A9: Don’t Use Components with Known Vulnerabilities, our own Ryan Berg, Sonatype’s CSO, shared an update on the progress we've made across industries while highlighting challenges for the road ahead of us. Here’s the video.
ASSURANCE: Mark Miller (@TSWAlliance), our Nexus Community Advocate led a panel discussion highlighting the Software Assurance Marketplace (SWAMP) and its new partners. Here’s the video.
Attendees also heard really great, informative, and entertaining keynotes from Bruce Schneier on the future of incident response and from Gary McGraw who covered a decade of perspectives since BSIMM was introduced. If you have not seen these two speak, you should. They are brilliant and do not mince words when addressing our important AppSec community and leadership role. These were my favorite sessions of the event.
Finally, to ensure everyone was properly equipped for the battle ahead, Sonatype armed attendees with the latest in application security technologies, as well as a few hundred lightsabers. You could see them glowing all over the event. We even armed the OWASP Board of Directors with their own lightsabers. May the open source force be with you all.