DevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. Driving an appsec program at scale is often an art that only few can master and the majority of organizations remain uncovered from an appsec perspective. Measuring DevSecOps and evolving risk-based vulnerability management is a must. Bringing along risk people and GRC has traditionally been challenging.

Segment Resources:

- AppSec Cali 19 Talk: https://www.youtube.com/watch?v=cegMUjo25Zc

- ADDO19: https://www.youtube.com/watch?v=x1p3exzkTIY

- Open Security Summit 20 - https://www.youtube.com/watch?v=8myMG36gq4o,

https://www.youtube.com/watch?v=mh_P1C1a-CM

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw177