State of AppSec (Panel)
Seth Law, Ariel Shin, Lakshmi Sudheer, Ken Johnson
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
At BSidesSF 2025, an experienced AppSec panel examined where application security has genuinely improved, where it remains stubbornly broken, and how AI-driven development is reshaping both the threat landscape and the practice of securing it. The consensus: secure-by-default approaches have moved the needle, developer-security relationships remain the hardest unsolved problem, and "vibe coding" may accelerate breaches before it accelerates fixes. ---
AI review
A competent AppSec panel with enough experienced voices — Netflix, GitHub, Absolute AppSec — to keep the conversation honest. The vibe coding discussion is more nuanced than the hype cycle deserves, and Johnson's GitHub XSS reduction via CSP is a real data point. But this is a recorded podcast episode, not a talk with new material, and panels are structurally resistant to depth.