The discipline of application security has evolved tremendously since the founding of OWASP in 2001. As software development methodologies, languages and ecosystems have advanced, AppSec has often struggled to keep pace with innovation, leading to a persistent gap between the velocity of software and the ability to understand and mitigate the risk it introduces. Some foundational issues, like reliable software composition analysis (SCA), have now been largely solved by the industry. Others, such as runtime-based reachability detection, are on the cusp of providing a tremendous leap forward to AppSec practitioners. But certain thorny problems, like software attestation, risk-based prioritization, SAST accuracy, and DAST correlation, remain elusive.

Join Snyk, the leader in Developer Security, for a wide-ranging discussion of the current state of application risk management and the unsolved issues that still limit the full potential of developer-focused security, including: