►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Okay,
all
set
okay,
welcome
everyone
to
the
secure
and
defense
section
group
conversation,
I'm
dave
desanto,
director
of
product
for
the
secure
and
defense
section.
We
also
have
my
engineering
counterparts
wayne
haver
and
todd
sell
offer
here
as
well
as
our
teams
within
the
section
here.
To
answer
your
questions
and
with
that
we'll
hop
into
the
first
question
which
greg
has.
B
Okay,
I'll
just
vocalize
this
question-
I'm
gonna-
guess
maybe
he's
not
here
so
he
says
I'm
super
excited
about
fuzz
testing,
but
I
have
difficulty
explaining
what
it
is
and
why
it
is
an
exciting
gitlab
feature
to
others.
What
is
fuss
testing?
What
are
the
benefits,
toothbrush,
testing
and
salmon?
Do
you
want
to
take
that
answer.
C
Yeah
definitely
so
I
could
spend
a
lot
of
time
giving
you
a
lot
of
detailed
answers,
but
I
put
a
bunch
of
the
resources
that
we
have
for
fuzz
testing
in
the
dock.
C
C
That's
the
short
answer,
but
again
I'd
encourage
you
to
check
out
all
of
those
links
to
learn
more
and
reach
out.
If
you
have
other
questions.
B
Also
for
the
recording,
so
fern
also
added
a
comment
so
on
the
gitlab
youtube
channel,
he
actually
made
a
good
video,
showing
the
benefits
and
kind
of
defining
buzz
testing.
So
if
you've
not
seen
it,
it's
well
worth
watching
sam
and
I
both
think
you
did
a
really
great
job
hitting
the
goals
and
explaining
the
value
that
gitlab's
now
providing
with
that
christie.
You
have
the
next
question.
E
Yeah
thanks
I've
been
excited
about
what
we
were
calling
auto
remediation.
I
just
think
it's
a
really
neat
feature.
It
looks
like
it's
now
shifted
to
suggested
solutions.
So
can
you
just
talk
about
that
shift?
What's
the
difference
between
the
two
things,
what
drove
the
shift.
A
E
A
That
one,
if
you
see
anywhere
where
it's
called
suggested
solutions,
please
let
me
know
I've
been
working
to
remove
that.
That
was
a
temporary
name,
because
sid
was
concerned
that
it
was
not
automatic,
and
so
we
had
to
not
refer
to
it
as
automatic.
So
we're
now.
Returning
to
its
original
name,
auto
remediation
users
are
going
to
have
two
options.
If
they
don't
want
our
bot
or
they
don't
trust.
Our
bot.
A
After
that,
where
we
are
going
to
make
available
an
option
that
that
could
even
get
merged
in
automatically
by
the
bot.
If
you
would
like
that
option,
but
because
that's
potentially
breaking
things
we're
gonna
have
to
you
know,
make
sure
we
have
some
legal
disclaimers
of.
Please
only
turn
this
on.
If
you
have
really
good
testing.
B
And
the
the
thing
I'm
adding
to
to
build
up
nicole
and
I'll
finish
typing
after
I
speak
like
longer
term
is
nicole's
talking
about
like
we
envision
a
world
where
the
bot's
actually
not
just
pushing
it
back
down
to
default,
but
pushing
the
fix
out
to
production,
and
the
current
working
game
is
auto
healing,
which
sounds
awesome
as
a
name
chrissy's
nodding
her
head
up
and
down.
So
I
think
she
thinks
it's
an
awesome
name.
I
have
to
give
sid
credit
because
it
was
his
name.
He
said.
B
Can
we
call
this
if
we
do
this?
So
that's
the
long
term
plan,
but,
as
I
will
stress
what
nicole
said,
we're
gonna
have
to
talk
about
legalities
on
the
on
the
suggestion
on
that
I've
worked
with
other
products
that
do
something
semi
similar,
not
with
code
but
with
security
policies
and
people
like
to
make
sure
like
hey
if
you're,
enabling
this
it
may
or
may
not
impact
it
and
you're
consciously
making
this
decision
to
take
this
risk.
E
That's
really
cool,
all
of
that
makes
sense
and
it's
really
exciting.
Thank
you.
B
F
Sure,
thanks
david,
so
on
slide
21
I
see
we
mentioned
that
it's
hard
to
get
reliable,
metrics
from
self-hosted
instances,
especially
users
in
offline
or
air
gap
networks,
so
I've
I've
realized.
This
is
a
problem
myself.
F
I
created
a
proposal
to
add
an
air
gap
checkbox
in
salesforce
that
customer
facing
get
labs
roles
like
support
and
sales
can
use
to
indicate
when
we
do
have
customers
in
in
these
environments.
What
are
your
thoughts
on
that?
Or
do
you
have
any
other
ideas
on
how
support
and
sales
who
work
with
these
ultimate
customers
in
air
gaps
can
help
communicate
the
results
of
your
work
with
secure
stage
features.
B
Yeah,
it's
a
great
question.
Thank
you
for
the
call
out
on
the
the
problem
that
we're
trying
to
address
yeah
there's
a
trend
that
if
a
customer
is
using
secure,
there's
a
strong
chance,
they're
going
to
be
running
it
in
an
offline
or
a
gap
environment,
which
means
they
can't
auto
report
back
usage.
B
B
I,
like
your
proposal,
greg
and
I'll
share
it
with
the
data
team,
because,
while
we're
working
with
them
on
options,
the
current
proposal
that
everybody
seems
to
like
and
it
kind
of
builds
up
what
you're
talking
about,
as
we
were
looking
at
anything
like
a
secure
usage
dashboard
within
the
secure
area,
so
the
user
themselves
can
see
what
data
we're
collecting,
how
we're
using
it.
B
It
also
benefits
them
because
they
can
begin
to
see
things
like
how
many
of
my
users
are
actually
using
this
feature,
and
how
can
I
encourage
them
to
use
it
more
and
then
from
that
we're
hoping
to
add
an
export
off
of
that
view,
which
then
craig
like
on
a
support,
call
you'd,
be
like
hey.
Can
you
export
from
this
page?
So
we
can
take
that
data
and
help
analyze.
It
same
thing
with
sales,
if
they're
talking
to
the
customer,
and
so
it
won't
be
the
real-time
reporting
that
we
would
love
to
have.
F
Great
that's
exciting.
I
I
really
like
the
idea
of
having
like
making
it
available
and
useful
for
the
customer
themselves
to
encourage
adoption
of
the
secure
features
and
more
secure
code,
and
I
also
really
like
the
idea
that
we
we
provide
an
option
for
these
customers
where
they
can
provide
us
with
their
usage
data
that
we
use
to
prioritize
work
on
features
like
this
in
the
future.
B
Yeah
and
to
kind
of
build
off
your
comment
like
for
me,
I
think
once
people
understand
the
data,
it's
a
little
less
scary
to
them,
and
I
I
want
to
be
able
to
to
remove
the
question
sometimes
comes
up
where
a
customer
will
say
well.
Are
we
actually
using
that
feature
right?
So
it
kind
of
benefits
us
and
benefits
them,
and
I
think
I
think
it'll
be
a
good
solution.
B
Okay,
dennis
of
the
next
question.
G
Thanks
david
yeah,
so
a
competitor
I
mentioned
the
name
of
the
competitor
in
the
in
the
dock,
announced
the
fuzzing
platform
that
can
be
baked
into
cacd,
and
I
just
found
that
very
interesting,
and
I
just
thought
if
you
have
any
thoughts
on
that
announcement.
B
I'm
gonna
let
sam
give
your
his
thoughts
on
it
and
then
I'll
add
to
it
as
as
needed.
So
sam
do
you
wanna,
take
it
away.
C
Sure
yeah
so
was
definitely
super
interested
to
see
the
announcement.
Yesterday,
I'm
looking
forward
to
actually
downloading
and
trying
out
that
project
to
see
what
it
actually
has
inside
of
it,
but
I
I
think
a
couple
ways
to
look
at
it
is.
This
is
actually
really
good
validation
for
us
that
fuzz
testing
is
solving
an
important
problem
in
the
market
and
something
that
users
and
our
customers
really
care
about.
C
If
we're
ever
operating
in
a
space
where
we
have
no
competitors
that
either
means
we're
so
far
ahead
of
everyone
else
that
you
know
we're
just
really
far
out
front
or
that
we're
not
solving
an
important
problem.
I
think
this
is
great
validation
and
the
fact
that
we've
been
focusing
on
acquiring
some
great
fuzzing
companies.
We've
been
enhancing
our
fuzzing,
offering
this
means
that
we're
out
in
front
and
that
we
get
validation
to
know
that
you
know
we're
solving
something
worth
solving.
C
That
said
now
that
we
have
competition,
you
know
I'm
sure
we're
going
to
start
seeing
them
and
more
bake
offs
as
part
of
more
engagement
with
prospects,
and
so
we'll
just
need
to
keep
pushing
and
making
sure
that
we're
delivering
the
best
fuzz
testing
solution.
We
can
to
help
those
customers
solve
the
problem.
B
Yeah
and
my
my
only
adder
to
what
sam
just
said,
greg
typed
in
as
a
no
need
to
vocalize.
I
that
that's
my
take
on
it
yeah
and
it
is
a.
It
is
a
pattern
that
not
only
have
I
seen
but
scott
newport
scene,
I'm
pretty
sure,
should
have
seen
it
too,
where
there
seems
to
be
a
trend
that
we're
now
becoming
that
leader
that,
as
greg
said,
it
may
want
to
do
what
he's
putting
there
in
the
document.
B
Any
other
questions
on
this
before
we
go
on
to
chrissy's
next
question.
No
thanks
for
for
your
thoughts
on
that
me
and
christy
next
question.
E
Yeah
part
of
it's
just
a
comment,
and
then
I
have
a
question
so
my
comment
is,
I'm
so
excited
to
see
the
secure
and
defend
sections
focus
on
having
a
great
user
experience.
I'm
not
surprised
because
I
know
you've
been
doing
that
a
long,
but
it's
just
really
neat
to
see
it
in
the
deck
and
see
examples
of
it.
The
vulnerability,
dashboard
just
looks
better
and
better
all
the
time
I
was
looking
through.
E
Some
of
the
individual
features
that
you
called
out
like
identifying
the
line
of
code,
that
a
vulnerability
is
on
and
tying
it
to
industry
standards.
I
mean
that's
really
cool
stuff
on
slide
24.
You
say
that
the
software
composition
analysis
team
has
kept
our
p1
and
s1
bugs
down
near
zero
since
january,
except
for
one
month.
That
seems
exciting.
So
can
you
explain
more
about
what
that
means
both
from
a
dog
fooding
perspective
and
then
also
from
the
perspective
of
our
own
platform,
security.
B
Sure
yeah
I'll
comment
on
the
first
part
that
I'll
let
nicole
talk
about
the
second
part
of
your
question.
So
thank
you
for
identifying
the
our
focus
on
ux.
I
feel
like
the
screen.
Defend
team
are
very
passionate
about
what
we're
doing
and
how
we
can
make
usability
the
number
one
thing
we're
addressing,
and
I
agree
with
you
like
I
so
for
those
who
don't
know
like
I
worked
with
christy
on
her
slides
for
commit
back
in
january.
B
The
dashboard
looks
completely
different
than
it
did
nine
months
ago
and
in
a
good
way,
not
in
a
bad
way
just
be
clear,
and
so
I
really
see
that
future
becoming
one
of
the
key
staples
and
us
winning
security
deals
and
ultimately
in
gold
and
and
it
is
we've
gotten
good
feedback
from
customers
as
well.
So
do
your
second
part
of
the
question
about
dog
fooding.
I
I've
been
very
happy
with
the
feedback
from
both
the
internal
security
team
who's
now
using
secure
as
well
as
this
quarter.
B
We
have
the
secure
and
the
threat
management
engineering
teams,
dog
fooding,
secures
well
in
their
projects.
So
I
expect
that
we're
going
to
see
even
better
and
more
rapid
improvements
to
the
vulnerability
management
offering
both
not
just
on
the
project
level.
Dashboard,
that's
in
the
slides,
but
matt
has
some
exciting
things
going
on
at
the
instance
level
as
well,
and
then
that's
of
course,
also
going
to
be
carried
through
merge,
request,
improvements
and
pipeline
report
improvements
on
the
bugs
nicole,
would
you
like
to
comment
on
that
part
of
the
question.
A
I
mean,
I
think
you
basically
covered
it,
but
I
know
that
we're
striving
to
work
in
larger
customers,
and
I
know
that
we
all
get
frustrated
by
using
products
if
they're
not
reliable
or
you're
constantly
seeing
bugs,
and
so
I'm
really
happy
that
all
of
my
engineers
have
been
helping
me
to
jump
on
and
triage
and
eliminate
every
p1s1
that
comes
in
we're
obviously
trying
to
work
through
our
p2s2s,
but
we're
a
little
bit
slower
on
that
one
right
now,
just
because
there's
only
so
many
of
us,
but
we
do
not
let
the
p1s1
sit
around
and
I'm
hoping
customers
notice
that
and
our
internal
teams,
as
they
dog
food
notice,
that
because
we
want
them
to
trust
our
products
and
I'm
just
going
to
put
an
asterisk
on
here.
A
That
dependency
scanning
is
the
one
that
is
furthest
along
in
the
maturity
level.
We
know
that
license
scanning
and
container
scanning
are
minimal,
so
like
please
do
give
feedback,
but
just
remember
they're,
also
minimal
and
they're
gonna
stay
there.
While
we're
concentrating
on
dependency
scanning.
B
One
thing
I
want
to
add
to
nicole's
comment,
and
this
is
implied
in
the
slides,
though
I
make
sure
it's
clear.
B
We
consider
the
work
that
this,
the
software
composition,
analysis
team,
is
doing
to
reduce,
bugs
and
remind
you
it's
across
all
the
scan
teams,
as
well
as
a
key
point
to
our
objective,
to
be
an
application
security
testing
leader.
So
we
don't
feel
like
it's
just
about
features.
It's
also
about
stability,
reliability,
not
being
buggy.
B
So
a
big
call
out
to
nicole
and
olivier
on
their
efforts
to
do
that,
and
I
look
forward
to
the
other
teams
following
suit
as
well
and
with
that
we've
hit
the
end
of
the
written
in
questions
except.
B
Like
a
pirate
day,
I
was
going
to
say
that
for
the
end
wayne,
so
you
could
do
you
could
talk
like
a
pirate
for
a
minute
or
two.
But
yes,
if
you
made
it
through
the
12
and
a
half
minute
long,
video
wayne
todd
and
I
may
have
put
on
the
pirate
hat
and
eye
patch
to
add
a
little
humor
to
our
days.
B
But
with
that
said,
I'd
like
to
give
a
moment
to
see.
If
anybody
else
has
any
questions.
They've
not
had
the
chance
to
write
into
the
document.
B
Okay,
well
with
that
said,
ladies
we'll
give
you
the
rest
of
the
day,
the
rest
of
the
time
back
and
have
any
other
questions
about
this
feel
free
to
reach
out
take
care
everyone.
Thank
you.