https://docs.google.com/presentation/d/1DpV4sVjJ__9z0k74aTIG5l8h2qM3nG-9caeSTv6Suig/edit?usp=sharing
Available until day 3 + 7 days. Contains contact and slides.
The only skipped slide is the one about rulesets, it also contains an OSS release for compliance work.
How do you manage security in small software engineering teams or startups (2-50 people)? What did you implement? Which changes did you implement or push for as a security person?
I previously worked at a small NGO and startup and want to create a space to share experiences.
Initially, I'll give some insights about what I implemented in the past year, however the goal is to have a discussion.
Topics might include:
- Fuzzing
- Responsible disclosure (both incoming and outgoing)
- DefectDojo, Dependabot and SecObserve
- GitHub's security features
- Static analyzers ranging from Semgrep to Zizmor
Put in notes here if you want to join! https://cryptpad.fr/pad/#/2/pad/edit/3iZ8MLCkX9I3xcTsh6uc2LwA/