<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">
|

The state of app sec with Chris Romeo: The year of the application is near

ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.

Carolynn van Arsdale
Blog Author

Carolynn van Arsdale, Cyber Content Creator at ReversingLabs. Read More...

ConversingLabs-Chris-Romeo
The discipline of application security has been around for decades, but major advancements in how software is built and distributed are shifting the ground underneath application security teams — increasing opportunities for attackers to take advantage of security lapses in application development and deployment.

That has led to attacks on software supply chains like the recent 3CX compromise, and a dawning realization that traditional tooling, such as static and dynamic application security testing (SAST/DAST), while vital, do not cover the various risks that threaten the security of software supply chains.

What is needed is a rethink of how we approach application security and the place it occupies in enterprise security programs, according to the guest of our latest ConversingLabs podcast: Chris Romeo, the CEO at Kerr Ventures, who presented The Application Security State of the Union at RSA Conference 2023.

Listen and learn: The year of the application?

ConversingLabs host Paul Roberts met up at RSA Conference with Romeo,  who spent years leading Cisco's efforts to remake its application security program. He led Cisco's Common Criteria and FIPS 140 certifications before joining the company's Secure Development Lifecycle (CSDL) group, where he introduced concepts like threat modeling to the Cisco's legions of software engineers. Romeo went on to hold the title of Cisco "Security Ninja" and Chief Security Advocate, helping to promote application security concepts and ideas within the company and outside it. 

In this RSA Café edition of ConversingLab, Romeo gives Roberts an overview of the state of  app sec, and shares his opinions on how security leaders can tackle the threats posed to software applications and their supply chains.

Romeo talks a bit of history with app sec, predicts that  "the year of the application" is coming, and explains why organizations should invest in developer security training.

Other topics covered in this ConversingLabs interview with Chris Romeo:

Watch below, or listen wherever you get your podcasts:

 

Get up to speed on key trends and understand the landscape with The State of Software Supply Chain Security 2024. Plus: Learn about ReversingLabs Spectra Assure for software supply chain security.

More Blog Posts

    Special Reports

    Latest Blog Posts

    The State of Software Supply Chain Security 2024 The State of Software Supply Chain Security 2024

    Conversations About Threat Hunting and Software Supply Chain Security

    Reproducible Builds: Graduate Your Software Supply Chain Security Reproducible Builds: Graduate Your Software Supply Chain Security

    Glassboard conversations with ReversingLabs Field CISO Matt Rose

    Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software

    Analyzing Risks To Your Software Supply Chain