Building Secure Cultures

In a continuous delivery world, monolithic checkpoint-constrained secure development processes are impractical. In this talk, I will share my experience of going from such a monolithic process at Microsoft, to building out a secure development practice at Heroku that met the needs of developers who ship every day, while also holding us to the high bar our customers expect. I'll share the tools we've integrated into our process, the things we learned from responding to external vulnerability reports, and the ways we've built a culture where developers and security engineers have each others' backs.

Link to slides: http://flowcon.org/dl/flowcon-sanfran...