OWASP NZ Conference

OWASP SLOC Count

Today I attended the OWASP (Open Web Application Security Project) conference held at Auckland University.

OWASP beginsThe Eight-Thirty cafe had a pleasant coffee I enjoyed while the registration people got all set up.  I got in quick before the masses arrived.

OWASP registrationAttendance was high this year with the available 900 seats selling out before the day.  Actual attendance was slightly lower at 625 according to organisers.

One of my favourite photos with dual projection screens in the main auditorium.  111 Billion lines of code written yearly according to CSO Online.  The next slide, not photographed, stated that equated to some gigantic number of bugs and subsequent security vulnerabilities.

OWASP Reality v TheoryThis slide showed how reality often differs from theory and reported compliance to process.  Pull requests are not necessarily reviewed but given the green light by a friend that approved it.  Likewise dependencies are not always updated frequently.

Setting up good development processes that include security early on can save costly rework and code released with vulnerabilities.

There was much in common with the 2015 event although some new things, like DevSecOps and containers, have become mainstream since then.  Most notably for me was the realisation of how far I have grown in that time.  I was definitely surprised that my last attendance way back in 2015 and I had to search my Twitter history to figure that out.

Thinking about it now this was just after graduating from the post graduate course “Advanced Information Security”.  It is interesting to reminisce on how I was then and how much more confident I’ve become in that time.

0 comments… add one

Leave a Comment