mreavey Profile picture
Cybers. InfoSec. Cloud Security. Currently VP of Enterprise Security at EA. Former Azure Security Director and head of MSRC for about a decade.
Aug 9, 2018 7 tweets 2 min read
I thought I’d know all the stuff in this talk and just went to see @Lipner. But nope...Dr Lipner is still dropping new knowledge. #bhusa @SAFECode If you’re not big enough to “do everything” this talk is for you. My key points:

1. Have a vuln response process, use it to learn, and fix more than just what’s reported.
2. Devs are accountable for writing secure code—don’t “test it in.”
3. Do RCAs