Panel Discussion — Revolutionizing AppSec: Strategies for Managing Open Source Risks Effectively

I had the privilege of participating in a panel organized by OX Security to explore the challenges of managing open source risks in today’s fast-paced and dynamic development environments.

I shared my perspective from an engineering leadership point of view — how to handle priorities, engage engineers, evolve your culture, and much more.

My key points:

1. Integrate security tooling early as possible into your SDLC — it varies depending on companies stage and size but usually your development lifecycle evolve as you grow. Aim to integrate security measures wherever possible across the stages of your lifecycle — IDE to deployment.
2. Automate as much as possible — it is like any other tech debt, you will never have time to deal with it, to get it into perfection and there is always a tradeoff. However, implementing the right guardrails reduces the risks associated with manual mistakes.
3. Engage your team — understanding the risks is critical. Discuss what could happen if something goes wrong, such as exposing customer data, to ensure your team understands the importance of security.

Its always great to share knowledge with the community, here if the full discussion: