The discipline of AppSec has evolved tremendously since the founding of OWASP in 2001. As software development methodologies have advanced, AppSec has struggled to keep pace with innovation.

Some foundational issues, like reliable SCA, have now been solved by the industry. But certain thorny problems, like software attestation, risk-based prioritization, SAST accuracy, and DAST correlation, remain elusive.

Join our session for a discussion of the current state of application risk management and the unsolved issues that still limit the full potential of developer-focused security.