Every era of technology innovation has brought along with it vulnerabilities that can be
difficult to predict. It’s often a race to see who can discover a vulnerability first—the good guys or the bad guys—and researchers have always tested new technology to discover potential attacks before they can be maliciously exploited.
The first wave of appsec started with boutique consultancies in the ’90s. The second wave brought automation and scale to the masses with security scanners. Rapid deployment and increasing complexity is driving the third wave, which features a liquid supply of globally sourced researchers. Jacob Hansen and Caroline Wong hold a forward-looking discussion on what’s coming next.
Caroline discusses her experiences as a security product manager and consultant during the first and second waves of application security before Jacob shares his perspective and approach to building Cobalt.io in response to the requirements driving the third wave. Caroline and Jacob then jointly examine the changing security landscape and explore how to address the current challenges and shortcomings of application scanners and traditional
human-powered testing, brainstorming ideas on how to effectively connect enterprises with skilled security talent and how the latest innovations in technology can help.