Managing Vulnerabilities through SSDLC
CVE/FIRST VulnCon 2025 · Main Stage
In this insightful talk at VulnCon, Luchi Stanescu, Security Engineering Manager at Canonical, delves into the critical lessons learned from implementing a robust **Security Software Development Life Cycle (SSDLC)** within Canonical's diverse product ecosystem. The presentation articulates Canonical's structured approach to managing vulnerabilities, emphasizing that security is not a one-time fix but a continuous, iterative process. Stanescu challenges the notion of a world without cyber threats, asserting that such threats are often subtle and nuanced, necessitating a proactive and integrated security strategy.
AI review
A competent case study / practitioner war story from Canonical's Security Engineering Manager on how they built out an SSDLC program. The content is honest, reasonably specific, and well-structured. It won't make anyone's 'must-watch' list, but it's a legitimate account of real program-building work with transferable lessons. Sits comfortably in the 'fills a slot, won't be memorable' tier — solid conference filler for a practitioner audience at VulnCon, not a headliner.