25 Years of Appsec - Appsec Global
Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future.
Adam is delivering the opening keynote for Global AppSec US 2021, 25 Years in AppSec: Looking Back, Looking Forward.
25 years ago, Adam was working at a bank doing source code security reviews, and got permission to release internal [source code review] guidelines. 15 years ago he joined the Microsoft SDL team ... hear some highlights and some lowlights from the journey, and more importantly, what can we expect over the next 25 years? Where is appsec going? What new frontiers will we get to secure? What problems will still be with us?
The slides are here. The most useful links are below:
- My 1996 source code review guidelines
- Loren Kohnfelder's new book: Designing Secure Software
- The Threat Modeling Manifesto
- The (Im)possibility of fairness: different value systems require different mechanisms for fair decision making.
- Threat modeling in machine learning (my perspective, including links to BIML & Microsoft resources
- Digital Technologies and Intimate Partner Violence: A Qualitative Analysis with Multiple Stakeholders
- Threat Modeling Intimate Partner Violence: Tech Abuse as a Cybersecurity Challenge in the Internet of Things
- https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-abuse.html
- Github.com/adamshostack/conflict/ — my work to bring the 4 Question Framework to internet conflict and user-generated content.
- Learning from Cyber Incidents at Harvard's Belfer Center. The report is now live, but not yet linked.