In this edition of the BORNSECURE Security Influencers podcast, we talk to Larry Maccherone, one of the most respected forces pushing for the adoption of agile methodologies and security automation.

During the conversation, we discuss topics such as:

-> How Larry’s background as a developer influenced his thinking on application security, including the equivalence of a security vulnerability to a software defect, and the importance of trusting your developers to write secure code

-> The emergence of more advanced vulnerability assessment tools to validate the security of  “the code you write” (IAST) and “the code you import” (SCA) and how the data flow analysis is superior to static analysis (SAST) legacy approaches

-> The importance of not just finding security vulnerabilities, but also providing actual remediation advice to developers so they can fix the problem in no time

-> Why Larry believes that the pull request is the ideal place to run security tests, and how that drives developer adoption of beneficial security practices prior to launching the CI/CD pipeline