Recently I had the great fortune to present at BSidesSF 2014 where I presented my thoughts on how despite huge technology advancements in application security we are still very much failing to make software secure right out of the gate. This has lead me to start thinking of AppSec as just as much a sociological problem as a technology one. In my talk I proposed we take ideas from Broken Window Theory and apply them to AppSec and in true BSides fashion I was treated to a great discussion with an even greater audience.
For those looking for the slides from my talk, i've published them here:
Many thanks to all who came to hear my talk and I look very much forward to continuing this conversation and researching this unexplored and uncharted area of application Security.