We are thrilled to announce that Max Feldman from the product security team at Slack will be chatting with us about tackling their Secure Development Lifecycle within a fast-paced, agile development environment.
Food and drinks will be provided. Please RSVP only if you can make it as we have limited numbers for this event.
• Food - 6:00pm - 6:30pm
• Presentation - 6:30pm - 7:30pm
• Socialising - 7:30pm till 9pm
“Security process” is often seen as the anti-pattern to the fast-moving nature of startups and can be regarded as a direct impediment to shipping cool features! Striking a balance between security and nimble development is a vital aspect of a security team at Slack.
We have implemented a secure development process which has both accelerated development and allowed us to scale our small team to cover the feature releases of a rapidly growing engineering organization.
In this presentation I’ll discuss how Slack approaches both the Secure Development Lifecycle (SDL) process and the tooling that makes it all possible, including:
• A lightweight self-service assessment tool
• A checklist generator
• A chat-based process that meets people where they are already working.
I’ll also demonstrate how it’s possible to encourage a security mindset among developers, while avoiding adversarial relationships with other stakeholders.
By tracking data from multiple sources, I’ll show how we have measured the success of this approach and how it can be applied in other organizations.
Max Feldman (https://www.linkedin.com/in/maxfeldman14/) works on the Product Security team at Slack, where he works on the bug bounty and security assessments of Slack features, as well as the development of security tools and automation. He was previously a member of the Product Security team at Salesforce.
If you are locked out or having issues finding the place, email, Slack or Tweet us and we will guide you :)
- Serge (serg [at] owasp [dot] org)
- Julian (julian [dot] berton [at] owasp [dot]] org)
- OWASP Slack - https://owasp.herokuapp.com/ (@jberton or @sergicles)
- Twitter - https://twitter.com/OWASPMelbourne