😅Results of GuardConf 2025

As a result, the conference was done, I digested my impressions earlier, but decided to share my thoughts only now. Let me remind you that I described the main thing that will happen here. I described my impressions during the conference here.

The content that we discussed with our colleagues remains with you, who managed to listen and receive technical cases with vulnerabilities for development, the processes themselves and the concept of perception of people from information security.

The discussion “Developing secure software: what are the benefits for vendors” brought together strong colleagues, such as Andrey Karpov PVS-Studio, Svetlana Gazizova Positive Technologies, Anton Volodchenko CodeScoring and Artem Khramykh AKTIV CONSULTING.

I led the discussion - and it was one of the most honest and practical conversations about secure development. As a result, we had a lively conversation - with questions from the audience and examples from real projects, pain points and their solutions.

They spoke honestly and to the point:

- Where does a business actually lose money due to vulnerabilities, and how to calculate it?

- How do risks affect projects and why is it beneficial to consider vulnerabilities from this angle?

- Why does a mature secure development process speed up the time to market for a product rather than slow it down?

- Which metrics truly reflect security and not just decorate reports?

- Why won’t any DevSecOps take off without training developers and testers?

- Why is information security in the Secure-by-Design, Shift-Left style perceived differently and how does this affect the product?

Bottom line: safety is impossible without people, contact and coordination of actions. Tools automate, but team maturity is built through training and a culture of accountability.

Safe development ceases to be “insurance against incidents” -

it becomes part of the strategy for scaling the product and developing expertise within the team.

#conf #pmcases #humanres #backstage