Cutting Through AppSec Noise in the Age of GenAI
应用安全领域正在快速变革。传统“扫描、列出、移交开发”的方法已无法应对漏洞激增和资源紧张的挑战。OX Security提出聚焦关键5%漏洞并提供修复建议的解决方案,以提升开发效率和安全性。
2025-8-29 17:52:51
Author: securityboulevard.com(查看原文)
阅读量:14
收藏
The way organizations think about application security is shifting—fast. OX Security Co-Founder and CEO Neatsun Ziv talks about why the old playbook of “scan, list, and hand over to developers” has run its course.
Ziv explains how the flood of vulnerabilities—now averaging close to 100 new disclosures daily—collides with today’s resource-strapped security teams. Add to that the surge of GenAI-generated code, much of it riddled with flaws, and the burden on developers and AppSec engineers is heavier than ever. A static list of issues is no longer enough; developers need evidence, prioritization, and guidance they can act on without stalling innovation.
He highlights a sobering truth: Not all vulnerabilities matter equally. Research shows that a relatively small subset of flaws drives the majority of breaches. The challenge is separating the noise from the real risks and then proving those decisions to auditors and boards. Ziv outlines how OX Security is trying to reframe the conversation—helping teams zero in on the critical 5% of issues and even providing suggested fixes through agentic remediation.
It’s a model built around trust and practicality: Give developers context and confidence, give auditors evidence, and give security leaders a way to stay ahead of an accelerating threat curve. With AI changing how code is written, reviewed, and exploited, the industry needs tools and approaches that match that pace.
For practitioners, the takeaway is clear: AppSec can’t just be about detection. It has to be about focus, collaboration, and enabling secure software delivery—even as the ground shifts beneath us.
Alan Shimel
Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.
Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.
Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.
Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.
Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience.
His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.
alan has 108 posts and counting.See all posts by alan
文章来源: https://securityboulevard.com/2025/08/cutting-through-appsec-noise-in-the-age-of-genai/?utm_source=rss&utm_medium=rss&utm_campaign=cutting-through-appsec-noise-in-the-age-of-genai
如有侵权请联系:admin#unsafe.sh
