Changing the Vuln Conversation from Volume to Remediation – Francesco Cipollone – ASW #350
Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs into this process without losing your focus or losing your budget.
In the news, supply chain security in Ruby and Rust, protecting package repositories, refining CodeQL queries for security, refactoring and Rust, an OWASP survey, and more!
Francesco Cipollone is a multi start-upper and cybersecurity professional. Francesco was the former AppSec and Cloud Security lead for HSBC, lead Cloud Security for AWS Professional Services, and previously consulted with the United Nations. He is also Chair of the Cloud Security Alliance, a published author, podcaster, and public speaker.
Don't miss InfoSec World 2025 — October 27 to 29 at Disney’s Coronado Springs Resort! Cybersecurity pros, workshops before and after, and endless networking. Save 25% with code ISW25-SW at securityweekly.com/ISW2025!
Mike Shema
- crates.io: Malicious crates faster_log and async_println | Rust Blog
- Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study
- Cloudflare just got faster and more secure, powered by Rust
- Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
- Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship
- Our plan for a more secure npm supply chain – The GitHub Blog
- Help Shape the Future of Web Application Security: OWASP Top 10 – 2025
