Hdiv Security - BORNSECURE Hdiv Security

In this edition of the BORNSECURE Security Influencers podcast, we talk to Nicolas Chaillan, the first US Department of Defense CSO, and the architect behind one of the most complex DevSecOps engagements in the world.

During the conversation, we discuss topics such as:


The reasons why Zero Trust and high permission granularity are the key technologies to manage authentication and authorization at a scale of hundreds of thousands of developers and applications
How Nic led the way for the DoD to open-source Platform One, an 80 million investment that became the largest contribution of the DoD to humanity.
Why GitOps is the future of software development so that everything in the SDLC including configuration, infrastructure, and application security becomes code that lives in a repo.

In this edition of the BORNSECURE Security Influencers podcast, we talk to Larry Maccherone, one of the most respected forces pushing for the adoption of agile methodologies and security automation.

During the conversation, we discuss topics such as:

-> How Larry’s background as a developer influenced his thinking on application security, including the equivalence of a security vulnerability to a software defect, and the importance of trusting your developers to write secure code


-> The emergence of more advanced vulnerability assessment tools to validate the security of  “the code you write” (IAST) and “the code you import” (SCA) and how the data flow analysis is superior to static analysis (SAST) legacy approaches


-> The importance of not just finding security vulnerabilities, but also providing actual remediation advice to developers so they can fix the problem in no time


-> Why Larry believes that the pull request is the ideal place to run security tests, and how that drives developer adoption of beneficial security practices prior to launching the CI/CD pipeline