►
From YouTube: Secure Section Group Conversation (Public Livestream)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Yep,
thank
you
guys,
I'm,
you!
So
hey
everyone
thanks
for
joining
today.
Thank
you
for
letting
me
know.
I
was
muted
I'm,
Sam,
Kerr
I'm,
a
principal
product
manager
here
at
gate,
lab
focusing
on
defend
as
well
as
secure
I
have
the
rest
of
the
security
here.
So
we
can
answer
any
sorts
of
questions
or
topics
you
want
to
go
and
discuss.
The
slides
are
linked
in
the
agenda
document.
If
you
want
to
look
through
those,
and
we
will
jump
right
into
the
questions
on
the
document
Cindy
you
have
the
first
one.
A
Not
sure
if
Cyndi's
Laurita
so
Cindy
asked
making
vulnerabilities
first-class
citizens
is
a
big
deal.
Can
you
talk
about
what
it
will
enable,
and
so
this
is
a
great
question
because
vulnerabilities
as
Cindy
says,
or
something
that
we're
working
on
making
a
first-class
object
and
get
lab.
So
to
answer
this
today,
I
think
it'd
be
helpful
to
talk
about
where
we
currently
are
so
right.
A
This
is
how
I
interact
with
security
findings,
security
vulnerabilities
across
the
entire
platform
without
having
to
necessarily
learn
I.
Do
it
this
way
here
and
this
way
there,
and
so
this
is
something
we're
currently
working
on
pieces
of
and
you'll,
see
iterations
focusing
on
bringing
this
into
the
product.
B
While
we're
PI's
I'll
go
a
little
bit
more
to
it,
Sam
if
you're,
okay,
so
for
one
of
the
thing
is
when
I
call
out
is
that
insecure.
We
do
have
a
bit
of
name
collision
going
on
as
far
as
features,
because
there
is
something
that
also
exists
is
called
a
vulnerability.
Database
I
just
want
to
go
ahead
and
call
out
that
that
is
not
what
we're
talking
about
here
with
first
class
vulnerabilities.
B
The
vulnerability
database
is
really
a
reflection
of
of
things
that
we
can
detect
within
the
various
features
within
the
secure,
within
the
secure
space
and
oval
and
ultimately
with
defend
assuming
within
the
secure
space.
When
we
talk
about
first-class
vulnerabilities,
those
are
best
understood
its
findings
by
our
products
by
our
features
for
our
customers.
So
just
so,
if
you
happen
to
be
seeing
the
word
vulnerability
thrown
around
with
within
or
within
our
documentation
or
within
our
feature
set
I.
A
Well,
while
we
are
waiting
for
a
few
more
questions
to
be
out
to
the
document,
I
did
want
to
take
a
couple
minutes
to
introduce
David
DiSanto,
who
is
just
now
joining
us
today
on
his
first
day
to
get
lab
so
David
is
gonna,
be
our
new
product
director
on
the
secure
stage
David.
You
want
to
introduce
yourself
sure,
as.
C
I'm
said
I'm
David
de
Santo,
it
is
my
first
day,
I
think
I'm
a
tower
too,
but
I'm
very
much
glad
to
meet
all
of
you
there's
a
lot
of
you
on
the
call.
So,
obviously,
how
could
the
opportunity
meet
all
of
you
over
the
next
couple
of
weeks
on
the
last
Claudia
a
little
about
my
background,
so
I
guess
I'll,
just
kind
of
rehash
that
for
the
people
who
weren't
on
the
last
call
so
joining
a
lab
brings
13
years
of
test
and
measurement
to
a
close.
C
For
me,
we
started
by
a
time
and
test
and
measurement
with
working
out
ICS
a
labs
followed
by
NSS
Labs
and
then
the
last
five
years
I
was
at
a
comedy
called
spire
communications.
At
spire
we
focused
on
building
out
security
test
and
measurement
products
that
includes
everything
from
layer
forward
through
seven
load
testing
to
functional
performance
security,
cool
things
we
did
at
spire
an
overlap
with
what
you
are
all
talking
about
today
on
this
call
and
I'm
sure
we'll
talk
about
over
the
next
week's.
C
Couldn't
we
bill
about
a
protocol
fuzzer,
a
library
of
attacks
and
malware
and
so
forth
at
spire
and
I
led
product
management
for
the
security
team,
ran
UX
design
for
the
company
as
well
as
ran
our
threat.
Research
team
prior
to
testing
measurement
I
worked
in
healthcare
for
a
while.
You
want
to
hear
horror
stories
of
how
insecure
healthcare
is.
You
feel
free
to
ping
me
on
slack,
but
yeah
I'm
very
excited
to
be
here.
I
forgot
to
mention
last
fall.
A
A
So
I'm
sharing
slide
12
in
the
deck
if
you
want
to
follow
along
on
your
own
screen,
but
one
of
the
things
that
we
shipped
inside
of
the
12:2
iteration
recently
with
security
approvals
inside
of
merge
requests.
I
think
this
is
a
really
exciting
capability
for
our
product,
and
what
this
feature
is
all
about
is
saying
that
we
as
a
company,
want
to
make
sure
that
development
is
not
introducing
new
vulnerabilities,
that
haven't
been
reviewed
and
it
either
remediated
or
explicitly
approved.
A
So
when
the
various
shafts
tasks,
the
different
scanner
to
run,
find
vulnerabilities
if
they're
a
high
or
a
critical
severity
vulnerability,
our
customers
can
enable
this
merge,
request
approval
rule
where
someone
from
a
security
team
has
to
say.
Yes,
we
can
dismiss
this
vulnerability,
accept
this
into
our
product
and
our
project
going
forward.
A
This
is
a
really
powerful
capability,
because
a
lot
of
organizations,
especially
ones
that
are
you
know,
highly
regulated-
have
lots
of
specific
laws
they
have
to
comply
with.
This
is
going
to
make
their
job
a
lot
easier
in
terms
of
managing
the
risk
managing
the
vulnerability
position
of
their
own
products,
and
so
this
is
one
thing:
I
think
we're
going
to
start
seeing
a
lot
more
customers,
a
lot
more
users,
using
especially
in
those
more
regulated
industries.
A
Yeah
great
question,
so
at
a
high
level,
what
our
strategy
is
going
to
be
with
respect
to
a
lot
of
our
security
approaches
is
that
we
want
to
make
sure
that
security
doesn't
become
a
blocker
out
of
the
box.
You
can
read
more
about
it
in
our
security
policy
and
some
of
the
guiding
principles
with
what
we're
thinking
and
how
we're
going
to
be
building
those
products,
but
definitely
to
your
point
about
every
organization
potentially
having
different
requirements,
different
tolerance
for
risk.
A
So
if
you
as
a
business,
have
a
specific
risk
tolerance,
we
want
to
be
able
to
improve
and
drive
the
products
in
such
a
way
that
it
is
supporting
those
different
policies
that
you
want
to
be
implemented
in
your
company
without
requiring
you
to.
You
know,
essentially
build
something
on
top
of
get
lab
itself.
F
A
F
It
there
it
goes
with
they
they
we
built
the
enforced
inclusion
for
them,
but
it
sounds
like
the
you
know.
The
goal
around
enforced
inclusion
was
to
ensure
that
something
ran
in
every
pipeline,
but
this
is
kind
of
nice
that
in
the
financial
services
industry,
you
can
actually
have
something
where
it's
automatically
required
at
a
certain
level
to
go
and
get
a
requiring
approval.
Is
that
correct
in
this
particular
instance,
and
what
you
just
mentioned
in
their
security
approval
in
12.
G
F
G
I
can
answer
that
one
so
so
for
the
approval
or
the
inclusion
of
the
pipeline.
That's
for
including
a
like,
including
a
security
job
to
ensure
security,
Chavez
always
ran
so
security
scans
always
occurred
for
the
approvals.
We
actually
have.
This
set
up
with
a
specific
severity
threshold,
so
any
vulnerable
is
up
here
that
are
below
a
certain
threshold,
say
low,
so
very
vulnerable
--'tis
do
not
require
approval
by
default
and
then
anything
above
a
certain
threshold
do
require
it.
So.
G
A
Okay:
well,
if
there
are
no
other
questions,
we
can
go
ahead
and
end
early.
Give
everyone
some
time
back
in
their
day,
really
appreciate
you
all
coming.
We
will
have
the
recording
up
on
YouTube,
it's
being
live
streamed
now
and
feel
free
to
reach
out
to
any
of
us
on
various
slack
channels
for
on
it's
s,
underscore
secure
or
any
of
us
on.
The
team
directly
really
appreciate
your
time
and
the
discussion
have
a
good
week.
Everyone.