There are a lot of terms being thrown around in application security: from AST tools to ASPM, shift left, right, everywhere, and even the terms appsec vs. prodsec are nebulous. Is all this useful or just marketing fluff? Would we benefit from simpler and more descriptive language or do these terms help us in some way? And, most importantly, can we sync as a group on what these terms mean and what terms are preferred?
During this discussion, we'll cover the following:
What are the different terms we use in software security? Let's list them out for a more structured conversation
What is the meaning of the terms we listed? What do they mean to you? To others?
Decide on ideal terms and language to move toward going forward (IE is "shift left" still a relevant term?)
This is not a presentation, but rather a topic-focused open discussion. Let's see if we can come to an agreement as a group and push our industry toward better terminology!
We do not record our sessions and follow Chatham House Rules in order to protect the privacy, identities, and reputations of our participants while encouraging open and honest conversation.