Podgo

Let's Talk AppSecOps

Agile DevOps, Cloud Deployment, Microservices, and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams, outnumbered by as much as 100:1 by developers, depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface.   This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches...

Auteur

Podgo

Catégorie

Technology

Site du podcast

www.spreaker.com

Dernier épisode

24 sept. 2025

Où écouter ?

Les podcasts dans l'appli Replaio Radio Bientôt disponible

Les podcasts arrivent très bientôt dans l'appli. Installe-la dès maintenant et découvre en avant-première une toute nouvelle façon de vivre les podcasts

Télécharger sur Google Play Installe-la gratuitement Android 5 M+ de téléchargements · note de 4,8 iOS bientôt

Épisodes

Gates to Guardrails 24.09.2025

Developers don't want to be slowed down, but security teams don't want development speed driving AppSec posture off a cliff. The compromise: security guardrails instead of release gates. With a basis of mutual trust that only critical findings will be sent for remediation and all critical findings will be remediated, friction between teams can be mitigated. Avoiding alert fatigue is one thing both...

Factors in Prioritization 17.09.2025

Prioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors, for starters. A major concept is the context around the app/sub-app/module associated wit...

Vulnerability Management – What? When? How? 10.09.2025

Vulnerability Management looks different from business to business. What qualifies a risk as acceptable or not? When should confirmed vulns be fixed by? Perhaps most distressingly, how do we know when vulnerability has actually been remediated? Luis Guzmán talks about the different aspects of vulnerability and its most common musts: a workflow framework that security & dev agree on live critic...

Getting Started With AppSec 03.09.2025

It's a common misconception that the first step to building an application security program is sorting out the tooling. In reality, security tools translate well, and most early-game head-scratching will center on process. It helps to start small: SCA (source composition analysis) being an un-intensive and non-invasive first measure is a great launch point. This is not only due to the great availa...

Short Release Cycles: Pros & Cons 27.08.2025

A short release cycle has myriad benefits: faster delivery to market for new functionalities, and swiftly-improving accuracy toward goals (what we call Agile) chief among them. And from a security perspective, a quick reaction time to zero-day threats thanks to a well-oiled assembly line is invaluable. But, of course, there are drawbacks: like a lack of cohesion and communication between security...

The SBOM Movement 20.08.2025

The SBOM Movement has gained huge attention in just half a year. Whether as an external dependency of a developing product or a mission-critical tech stack component, inbound software has provenance (and often, vulnerabilities) that need to be reported for security downstream. US and foreign government support, as well as executive action , have done so much to stir awareness of these supporting d...

Dev Vs Sec – Who's Responsible For The Ops? 13.08.2025

The State of AppSecOps Report found "reducing developer friction" was a top 3 priority for security leaders. A common contributor is the volleying of security responsibilities, especially with infrastructure-as-code—a gray area that often has security and dev teams pointing fingers. To get willing collaboration, security teams need to practice carrot tactics and better understand the expectations...

Concrete to Cloud: Securing Assets across the Enterprise 06.08.2025

The transition from all-hardware to mostly-digital assets has complicated and decentralized the job of security. Cloud and container apps and infrastructure-as-code are examples of innovations whose security requirements will span multiple desks, as the role of the cybersecurity do-it-all becomes a relic of the past—even for smaller organizations. About ArmorCode We develop, sell, and deliver the...

Écoute le podcast Let's Talk AppSecOps sur Replaio

La radio et les podcasts dans une seule appli - gratuite, sans inscription. Installe-la dès aujourd'hui et ne rate pas le lancement

Télécharger sur Google Play

Replaio n'est pas éditeur de podcasts ; les noms des émissions, les visuels et l'audio appartiennent à leurs auteurs et sont diffusés via des flux RSS publics