Presentation: Tweet"Security vulnerabilities for grown ups"
If you create software and have a reasonable sized customer base, in the next 6 to 12 months you will learn about a security vulnerability in your software. This information will come from outside your company. It would take a form of a customer telling you of a vulnerability they found, a "security researcher"'s report, or (horrors!) a customer having been compromised because of a vulnerability in your software.
The good side here is that your software is popular enough to attract attackers' interest. Congratulations, you are a grown up software vendor! The bad side is everything else.
This talk is about why vulnerabilities occur no matter how hard you try to prevent them, how they occur, and how to deal with them when this happens (the last part is often called product security insident response). There will be examples from a number of sources, including the history of Atlassian.
Download slides