FlagThis

Abstract

This talk addresses the common challenge of "noise" in Static Application Security Testing (SAST), where high volumes of false positives lead to developer frustration and ignored vulnerabilities. The speaker presents a practical framework for bridging the gap between security tools and engineering workflows by prioritizing business risk, embedding security into existing CI/CD processes, and leveraging AI to automate the remediation of findings.