Source: www.securityweek.com – Author: SecurityWeek News
Software is moving faster than ever…and so are the threats chasing it. From AI-powered attacks to hidden risks in the software supply chain, security and development teams are being forced to solve problems they’ve never faced before.
CodeSecCon 2025, taking place August 12-13, is where those problems get pulled into the light. Over two days, the free, virtual conference will unite security leaders, engineers, and DevOps pros to tackle today’s most urgent challenges and to explore the breakthroughs that could redefine how we build and protect modern applications.
From Unsolved Problems to Emerging Risks
Even with decades of progress, application security still has unfinished business. Clinton Herget of Snyk will open the conversation on persistent gaps — from inaccurate static testing to the elusive dream of risk-based prioritization — asking whether AppSec is keeping pace with innovation or falling behind.
And while open source fuels innovation, Adam La Morre of Chainguard will expose a lesser-known risk: the mismatch between published packages and their upstream source, a silent supply chain vulnerability that could affect millions of applications.
Rethinking Compliance, Training, and Trust
SBOMs have been hyped, criticized, and regulated. Michael Lieberman of Kusari will move beyond the debate to show how to make them actionable, turning a compliance requirement into a security asset.
Shifting left is one thing, but Boomie Odumade argues that lasting security comes from teaching right. Her session will unpack how relevant, behavior-shaping training can embed security into the developer mindset.
And with non-human identities already outnumbering humans in enterprise systems, Dwayne McDaniel of GitGuardian will explore how to secure this fast-growing, easily exploited attack surface.
AI: The Opportunity and the Threat
AI runs through much of this year’s agenda — both as a defensive tool and a new frontier for attackers.
Advertisement. Scroll to continue reading.
- Anupam Chansarkar of Amazon will show how LLM hallucinations can create exploitable vulnerabilities, and how cross-verification can help.
- Nikhil Kassetty will outline a DevSecOps blueprint for embedding AI into applications without exposing new risks.
- David Burns of BrowserStack will explore the Model Context Protocol (MCP) and the security challenges of AI agents that can act, browse, and automate.
Building Security for Scale
Other sessions dive into scaling security for modern architectures:
- Hitesh Subnani of Amazon on code-to-cloud visibility for tighter feedback loops.
- Manas Sharma of Google on ML-driven database defenses that adapt in milliseconds.
- Vaishnavi Gudur of Microsoft on AI-powered web security that detects and stops threats in real time.
CodeSecCon is a live conversation about where software security is headed, and how we can get there safely. If you’re building, defending, or governing modern applications, this is where you’ll find the strategies, tools, and peers to help you keep up.
📅 August 12–13, 2025
🌐 See the full agenda at codeseccon.com
Original Post URL: https://www.securityweek.com/codeseccon-2025-where-software-securitys-next-chapter-unfolds/
Category & Tags: Application Security,Vulnerabilities,Featured,vulnerability – Application Security,Vulnerabilities,Featured,vulnerability
Views: 2
